Related Resources • Glossary of Terms • About.com article • Hoax Encyclopedia • The Hoax That Cried Virus

Elsewhere on the Web • Urban Legends site   • Infoguerra Article    (in Portuguese)

First reported in Brazil, the SULFNBK.EXE hoax has created quite a stir in the U.S., prompting thousands of users to delete the legitimate operating system file in the belief that it was infected with a virus. The events that likely led up to the hoax, and its aftermath, are confusing to say the least.

The Magistr virus, discovered in March 2001, infects certain Windows .EXE files, then attaches them to emails and sends them out from the infected user’s machine. Assumedly, someone (probably in Brazil) once received the SULFNBK.EXE file, via email, that had been infected and sent by the Magistr virus. The person likely believed that any file by that name was the virus (an incorrect assumption), and composed a message urging users to “search and destroy” the SULFNBK.EXE file on their system.

As noted in a previous article, SULFNBK.EXE is a legitimate system file and should not be deleted from the operating system. However, any executable received via email, including SULFNBK.EXE, should be considered infected until proven otherwise. Compounding even this simple rule is that many well-intentioned folks who forwarded the hoax attempted to rectify the problem by sending out a new copy of SULFNBK.EXE via email to help users easily restore the file. Noble as this gesture is/was, the scenario simply opens the door for someone to be fooled by the Magistr packing SULFNBK.EXE that is also circulating by email.

• If you receive an email carrying the SULFNBK.EXE attachment, do not open the attachment. Delete the email.
• If you receive an email warning you to search your drive for the SULFNBK.EXE file and delete it, do not follow the instructions. Delete the email instead.
• If you've already fallen victim to the hoax and need to restore the file, click here for instructions on restoring the file.