The email, which was originally written in Portuguese and is circulating internationally, urges readers to wipe a Microsoft Windows utility called sulfnbk.exe off their hard disks.
The harmless file is on every PC that comes with Windows, and it helps computers recognise shorter versions of longer file names. Computer experts recommend that people who fell for the prank restore the file with a few simple steps, but sulfnbk.exe is not required for normal system operation.
Antivirus researchers at Symantec have published information on a special sulfnbk.exe site with details about how to retrieve the file. They have also listed the hoax on a site that updates computer users on new hoax viruses.
Bobbi Cassibo is one of many email users who, paranoid about infecting her computer with a truly destructive virus, believed the hoax. She received the sham email from her well-intentioned sister, who in turn received it from an Australian woman she befriended on an online cross-stitch site.
"I took it off for one reason, that being because it was there," Cassibo said of the sulfnbk.exe file. "But after I took it off, I was talking with a co-worker, and I decided to try and recover the file."
Although neither Microsoft nor antivirus researchers at Symantec would speculate as to how many people received the email and trashed the file, dozens of people sent email to CNET News.com complaining that they got suckered. It's unclear if the email was started as an ill-intentioned trick or was simply the result of confusion.
"Well, I believed the message because I have been bit by a virus before that came through email," Jay Pastor wrote in an email. Pastor received the warning from several of his good friends, who also deleted the file from their machines.
Antivirus experts said the phenomenon is testimony to the international community's increasing consciousness and fear of computer viruses. News reports of the particularly pernicious AnnaKournikova virus--which took the form of a worm attachment--spread around the world in a matter of hours, and computer users were on heightened alert for emails with a suspicious air.
It also exemplifies how quickly a single email--be it harmless junk mail or an inconvenient prank--can spread.
"This is social engineering on a grand scale," said Symantec spokeswoman Lucy Bunker. "Whereas email worms mass-mail themselves and cause destruction, this hoax message simply asks you to mass-mail it yourself and then delete the information on your computer. In essence, you're doing the work of a destructive virus yourself."
Vmyths.com, a Web site that debunks spurious virus warnings, said the confusion was heightened by the fact that emails were surfacing that contained a copy of the sulfnbk.exe file that was infected with a virus. But this virus, called W32.Magistr.24876@mm, is well known and easily removed with any good antivirus software.
Vmyths.com believes the new email was begun by somebody who was forwarded a message by a colleague whose PC did actually have the Magistr worm. This person, suggests the site, searched for the sulfnbk.exe file, found it and deleted it (after discovering that antivirus software failed to recognise the file), and sent a warning to other users. The site calls this the "False Authority Syndrome."
Bunker said there are several easy clues to detect bogus virus warnings. "Anything that has lots of capital letters saying things like 'VIRUS WARNING' should be treated with scepticism," Bunker said. In addition, phrases warning that a supposed virus will absolutely destroy everything on a hard disk should be taken with a pinch of salt, as should those suggesting there is no known fix.
"Hoax emails also often attribute information to MSN, AOL, Microsoft, CNN to give them credibility," Bunker added, "but these companies don't usually issue virus warnings."
Staff writer Matt Loney contributed from London.
I got the email about jdbgmgr.exe and since it came from someone I trust and she had deleted hers, I promptly deleted mine. I thought by the title of this article it would help me to reinstall the file, but I was wrong. Can anyone help?