June 1 virus hoax damage can be repaired

If you fell for the June 1 virus hoax and dutifully deleted the SULFNBK.EXE file from your Windows 98 operating system, don’t panic. Chances are good that you won’t notice that the file has been removed, its loss won’t harm Windows 98, and the file can be easily replaced.

Several sites are already offering advice on how to restore the SULFNBK.EXE file, including McAfee.com Corp. in Sunnyvale, Calif., and Securityportal.com, an online service provided by AtomicTangerine Inc. in San Francisco.

Computer users recently received e-mail warnings that the SULFNBK.EXE file was infected with a virus and should be deleted if found [see story – E-mail virus hoax makes users do the dirty work]. Although experts quickly dismissed the warnings as a hoax, many people quickly deleted the file, which is a standard part of Windows 98 and makes backups of all the Long File Names (LFN) on a computer. With the proper switch, it is used to restore those file names, said Burrell, who is also a member of the Anti-Virus Information Exchange Network (AVIEN.)

Losing the file won’t have much of an impact on your system, said Robert Vibert, a researcher of malicious software and solution architect for Segura Solutions Inc. in Braeside, Ontario, and AVIEN’s moderator. “Few people use it, and it does not harm the operating system,” he said.

The only users who would notice SULFNBK.EXE missing would be those who use an archaic system that doesn’t recognize LFNs.

AVIEN said the public began calling its center after stories in the media appeared about the SULFNBK.EXE hoax. Worried that they might have damaged their operating systems by removing the file, readers flooded AVIEN and media outlets with calls and e-mails seeking help, said Paul Schmehl, an AVIEN founding member and supervisor for support services at the University of Texas at Dallas.

One woman who contacted Computerworld said she had seen that the e-mail about SULFNBK.EXE was a hoax, but when she got home, her husband “insisted” that the couple delete the file from their home PC. She worried that her husband might have ruined their machine.

Hoaxes of this type can usually be identified by the “authority” used to prove their authenticity, said Joe Hartmann, director of North American virus research for Trend Micro Inc., a security vendor in Cupertino, Cal.

He and other experts suggest that if users doubt the authenticity of a warning, they can check any number of Web sites that track viruses and hoaxes, such as AVIEN, or the CERT Coordination Center at Carnegie Mellon University in Pittsburgh.

Detailed information about this particular virus is also available online. Bruce P. Burrell, anti-virus team leader at the University of Michigan, set up an information page on the hoax for those wanting more information.