Wordsmith.org
Posted By: WhitmanO'Neill New Virus Alert! - 10/07/02 03:10 AM
I just received this e-mail from a friend. I checked and ahve the virus and sent the alert out to everyone in my address book. If you receive this notice from me please act immediately and do like wise. DON'T PANIC. The virus is easily deleted and won't affect your system, or those in your address book, for 14 days. Here's the alert:

>Subject: I passed a virus on unknowingly...

Hi everyone,

Just got this message from a friend for the virus and checked for the virus. I had it. You have it because you are in my address book. The virus has been passed on to me by a contact. My address book has been infected. There is a chance you will find it in your computer. I followed the directions and eradicated the virus easily. I'm sorry for the inconvenience.

The virus (called jdbgmgr.exe) is not detected by Norton of Macaffee virus systems. The virus sits quitly for 14 days before damaging the system. It is sent automatically by messenger and by address book whether or not you sent e-mails to your contacts. Here is how to get rid of the virus:

1) Go to start, find or search options

2) In the file/folders option, type the name: jdbgmgr.exe

3) Be sure you search your C: drive and all sub-folders and other drives you have

4) Click "find or search"

5) The virus has a teddybear icon with the name jdbgmgr. exe.

DO NOT OPEN IT!!!!!!!!!!

6) Go to edit (on the menu bar),
choose select all to highlight the file without opening it

7) Now go to File (on the menu bar) and select delete.
It will then go to the recycle bin and delete it there as well

IF YOU FIND THE VIRUS YOU MUST CONTACT ALL THE PEOPLE IN YOUR AFFRESS BOOK, SO THEY CAN ERADICATE IT IN THEIR ADDRESS BOOKS.

TO DO THIS:

a) open a new e-mail message

b) click the icon of the address book next to the "TO"

c) highlight every name and add to "Bcc"

d) copy this message...enter subject...paste to e-mail..send

Thanks and sorry for the inconvenience.<



Posted By: WhitmanO'Neill Re: New Virus Alert! - 10/07/02 03:29 AM
I just got a follow-up e-mailfrom PekeBoo @aol.com, subject: DO NOT DELETE!! HOAX! I just sent an Virus on unknowingly...:

>DO NOT DELETE!!!!
THIS IS a NECESSARY WINDOWS FILE ~ SEE BELOW:
Ask Jeeves Answer: Symantec Security Response - Hoax Page
http://askjeeves.com/main/metaAn...Efcg?url<

I clicked the url and it is indeed an AskJeeves Virus Hoax page with the mentioned e-mail listed.

Wha the hell is this all about!



Posted By: WhitmanO'Neill Re: Yes! Hoax!--DON'T DELETE! - 10/07/02 03:50 AM
but if you have, read this:

If you have deleted this file, restoration is optional. However, without it, some Java applets may not run correctly. This is not a critical system file.

To restore the file, follow the instructions in the Microsoft Knowledge Base article Virus Hoax: Microsoft Debugger Registrar for Java (Jdbgmgr.exe) Is Not a Virus (Q322993).


Posted By: jmh I've had several of these - 10/07/02 06:46 AM
The "teddy bear one" seems to keep doing the rounds.

The current virus seems to be BUGBEAR - it works a bit like Kleeze but seems to be caught by my virus software, at least.

If you get any messages like the one that you received. ALWAYS double check the information with a reputable site such as http://www.symantec.com - I see that Bugbear has made it onto their front page.

If you search their security response centre, you generally get what you are looking for, eg entering "teddy bear" gives you this:
http://securityresponse.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

Posted By: Rubrick Re: I've had several of these - 10/07/02 03:47 PM
The email circulated to all staff via my IS Department last Friday:

Network Associates has classified the W32/Bugbear@MM Virus as High Risk and
we have had a number of reports from people receiving the W32/Bugbear@MM
virus on their systems.

W32/Bugbear@MM is a worm virus that primarily spreads via e-mail using
addresses found on infected systems. It uses random subject lines and
message body text from the infected system. The attachment commonly has a
double extension e.g. .doc.pif but not always.

It has the ability to disable Anti-Virus Software if an infection occurs. It
also can spawn print jobs on network printers i.e. it tries to print the
virus file contents to all network printers .

It can also replicate by copying itself to the start-up folder of remote pcs
on the network.

What to do:
-----------

1. Do NOT open suspicious e-mails with odd subject lines even if they are
from people you know. Check with the person who sent the mail by phone first
and if they didn't send it delete the mail.
2. If you suspect you are infected disconnect yourself from the network by
disconnecting the network cable from the back of your pc or the network
point on the wall.

Detection and removal for users of VirusScan is in the 4226 DAT files. If
you think you may be infected, please run a manual VirusScan on all files
once you are sure your version of VirusScan is up to date. (For instructions
on how to perform a scan go to
http://isservices.tcd.ie/help/virus/wincoll.html#runscan (For
instructions on how to check if your virus definitions are up to date go to
http://isservices.tcd.ie/help/virus/scandate.html#pc

There is also a specific W32/Bugbear removal utility available. Please
contact the helpdesk for details on how to obtain.

Please contact the I.S.Services helpdesk if you have any queries related to
this warning.

(For a full description of the virus see NAI's Website:
http://vil.nai.com/vil/content/v_99728.htm)

Posted By: wwh Re: microsoft knowledge base - 10/07/02 07:39 PM
Dear WO'N: I deleted the file before you posted hoax notice. But I am not unhappy
Here is Microsoft Knowledge Base statement about effects of deleting it:
"If you follow the e-mail message instructions and delete this file, you do not
have to recover it unless you use Microsoft Visual J++ 1.1 to develop Java
programs on Windows XP, Windows NT 4.0, Windows 98 Second Edition,
Windows 98, or Windows 95."

Since I don't use Microsoft Visual, and don't know enough to develop a Java program, I can forget it.
I think you can too.

Posted By: jmh Re: Bugbear - 10/07/02 09:04 PM
There is a link to the Microsoft Software patch that should be applied in this article. For those who tend not to update their software, this one is probably worth doing.

http://www.businessweek.com/technology/cnet/stories/960365.htm

Posted By: consuelo Juan, try this free virus scan - 10/07/02 09:30 PM
You can also scan your
computer for virus infections by visiting our anti-virus website located at
http://antivirus.ecybermind.net or http://antivirus.cybermind-usa.net. Both
locations have a free online scan available.

It's a little time consuming, but.

Posted By: AnnaStrophic ... or get a Mac. - 10/07/02 10:58 PM


Posted By: sjm Re: ... or get a Mac. - 10/07/02 11:24 PM
Or, even easier, don't use Outlook or its bastard spawn, Outlook Express. I've had one copy of bugbear sent to me, and have had to spend more time trying to explain the jbdgmgr hoax to someone who got sucked in like W'ON did. A virus encyclopedia site (my favourite is symantec's) should be on every one's bookmarks/favourites - and I do mean everyone's, since there are well over 400 documented viruses aimed at the Mac OSes.

Posted By: AnnaStrophic Re: ... or get a Mac. - 10/08/02 12:17 AM




© Wordsmith.org