Hoax Alert Speech Bubble
Home Archive Sulfnbk.exe Virus Hoax

Sulfnbk.exe Virus Hoax

by Brett M. Christensen

This story was first published on February 3, 2004

This email forward warns that a file on your computer called sulfnbk.exe is a virus and provides instructions on how to delete it. However, the message is a hoax.

This hoax is similar to the Teddy Bear virus hoax in that it attempts to trick recipients into deleting a legitimate windows file. In fact, Sulfnbk.exe is an MS Windows 95, 98 and Me utility program that is used to restore long file names, and should not be deleted. 

However, Sulfnbk.exe is not an important system file, and the computer should run normally even if the file is deleted. If replacement is deemed necessary, information on how to replace the file is provided in this Microsoft Knowledge Base article.

Examples of the hoax message:

Hello! I just got this letter from my friend and yes I had the virus as well please follow the directions to see if you have the virus and then follow the directions to get rid of it. Like my friend I am sorry that I passed it along as well.

Dear All: We received a virus on a message. I followed the instructions below and found that it had been spread to our computer. I followed the instructions and located the virus and was able to delete it. The bad news is that you probably have it, as you are in My Address book! More bad news is that my anti virus program did not detect this virus. The virus lies dormant for 14 days and then “kills” your hard drive.

Here is what to do. If you follow the instructions and then see that you have the virus, you need to send a similar e-mail to everyone in your address book.

Remove the virus by following these steps:
1. Go to “Start.” Then to “Find” or “Search”.
2. In the “Search for files or folders” type sulfnbk.exe — this is the name of the virus.
3. In the “Look in” section, make sure you are searching Drive C.
4. Hit “Search” or “Find”.
5. If your search finds this file, it will be an ugly blackish icon that will have the name sulfnbk.exe. DO NOT OPEN IT! If it does not show up on your first “Search”, try a “New Search.”
6. Right click on the file — go down to “Delete” and left click.
7. You will be asked if you want to send the file to the Recycling Bin — say “Yes”.
8. Go to your Desktop (where all your icons are) and right click on the Recycle Bin and either manually delete the sulfnbk.exe program or empty the entire bin.
9. If you found the virus on your system, send this or a similar e-mail to all in your address book because this is how it is transferred.

Sorry for the trouble and my apologies for having unwittingly “infected” you. You’ll want to check for this virus again for the next couple days until everyone in your address book has seen it and deleted it, otherwise, being in their address book, your PC will get infected all over again so don’t forget to check!


A VIRUS could be in your computer files now, dormant but will become active on June 1. Try not to USE your Computer on June 1st. FOLLOW DIRECTIONS BELOW TO CHECK IF YOU HAVE IT AND TO REMOVE IT NOW. No Virus software can detect it. It will become active on June 1, 2001. It might be too late by then. It wipes out all files and folders on the hard drive. This virus travels thru E-mail and migrates to the ‘C:\windows\command’ folder. To find it and get rid of it off of your computer, do the following.
Go to the “START” button.
Go to “FIND” or “SEARCH”
Make sure the find box is searching the “C:” drive.
Begin search. If it finds it, highlight it. Do not double click or file will automatically open.
Go to ‘File’ and delete it.
Close the find Dialog box
Open the Recycle Bin
Find the file and delete it from the Recycle bin
You should be safe.
The bad part is: You need to contact everyone you have sent ANY E-mail to in the past few months. Many major companies have found this virus on their computers. Please help your colleagues and friends !



Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,