Threat Alert Service (KTP)

Virus Name:	Jdbgmgr.exe Hoax
Variants/Aliases:	Jdbg.exe hoax
Virus Type:	Hoax
Risk Assessment:	N/A
Minimum DAT required: (NAI/NAV)	N/A
Virus Characteristics:	AVERT HOAX Notice!! McAfee AVERT Labs would like to inform you of a new email HOAX. This email message is just a HOAX. Although, the JDBGMGR.EXE file may become infected by a number of valid viruses (most commonly W32/Magistr@MM), the details of this HOAX message are not based on actual events. We are advising users who receive the email to delete the message and DO NOT pass it on as this is how an email HOAX propagates. JDBGMGR.EXE is the Microsoft Debugger Registrar for Java. This application is only useful for Java developers and does not need to be restored on other user's systems. In the event that this file has already been deleted and you need to restore it, see the Removal Instructions for instructions. It uses this icon: Below is the actual text from the message that may be received via email. There are numerous variations on these messages. (English version) I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple: The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name jdbgmgr.exe 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE. (Spanish version) encontré el osito en mi máquina por lo que cumplo con remitir el mensaje para que lo busquen en su máquina. el procedimiento es sencillo: El motivo de este e-mail es advertir a todos los usuarios de hotmail sobre un nuevo virus que circula por medio del MSN Messenger. El virus se llama jdbgmgr.exe y se transmite automáticamente por medio del Messenger y tambien por la libreta de direcciones. . El virus no es detectado por McAfee o Norton y permanence en letargo durante 14 días antes de dañar el sistema entero. Puede ser borrado antes de que elimine los archivos de tu computadora. Para eliminarlo, solo hay que hacer los pasos siguientes: 1. Ir a Inicio, pulsar "buscar" 2.- En búsqueda "archivos o carpetas" escribir el nombre jdbgmgr.exe 3.- Asegurarse de que este buscando en disco "C" 4.- Pulsar en "buscar ahora" 5.- Si aparece el virus (el icono es un osito que tendrá el nombre de jdbgmgr.exe NO ABRIR POR NINGUN MOTIVO 6.- Pulsar en el botón derecho del ratón y eliminarlo (ira a la papelera de reciclaje). 7.- Ir a la papelera de reciclaje y borrarlo definitivamente o bien vaciar la papelera entera. SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE ALGUN DAÑO (German version) Hallo, gerade habe ich den Virus detectiert und vernichtet, schaut lieber nach, ob ihr nicht auch betroffen seit! Der Virus ist mit ueblichen Programmen nicht abzuwehren und wird durch Outlook Express verbreitet: - Die infizierte Datei namens: jdbgmgr.exe, befindet sich im Laufwerk C:, besser ueberall nachschauen. - Wenn gefunden, nicht oeffnen sondern gleich loeschen - Auch aus dem Muelleimer loeschen. - Solltet Ihr auch infiziert sein, sendet doch bitte diese Nachricht an Euer komplettes Adressbuch! Vielen Dank (Dutch version) Ik had een virus, dus check even of jullie het ook hebben. Het is een virus dat eerst 2 weken niks doet en daarna pas toeslaat. Het gaat ongemerkt naar iedereen in je adresboek. Het is heel makkelijk om het te traceren en te verwijderen. Hoe dat moet lees je hieronder. Het virus wat is ontvangen heet: jdbgmgr.exe Het wordt niet opgespoord door Norton of VET. Het slaapt ca 14 dagen en dan infecteert het de computer en beschadigt het systeem. Met alle ellende vandien. Het wordt automatich doorgestuurd naar iedereen in je adresboek, of je nu e-mail verstuurt of niet. Ik heb direct mijn systeem gecheckt en ja hoor. Ik heb het meteen verwijderd. De instructies om het te verwijderen zijn: Ga naar het Start menu en dan naar de optie zoeken en dan bestanden of mappen. In bestand optie, tik in de naam jdbgmgr.exe. Zoek op de hele harde schijf, dus C: .Klik dan op “zoek nu”. Het virus heeft een beer-icoontje wat wordt gevolgd door de naam jdbgmgr.exe. NIET OPENEN!!!!! Druk 1 keer zodat het blauw wordt en druk dan op delete Ga dan naar de prullenbak en haal hem daar ook weg. Dus helemaal van je harde schijf afhalen.
Symptoms:	N/A
Method of Infection:	N/A
Removal Instructions:	In the event that JDBGMGR.EXE was deleted erroneously, the following method may be used to restore the file from backup (see additional information from Microsoft: -- Windows 95 Instructions -- 1) Click START - RUN 2) Type: EXTRACT /A C:\WINDOWS\OPTIONS\CABS\WIN95_09.CAB JDBGMGR.EXE /L C:\WINDOWS\SYSTEM and hit ENTER NOTE: The location of the CAB files may vary. If this does not work for you, try using your Windows CD-ROM path (ie. D:\Win95). -- End Windows 95 Instructions -- -- Windows 98 Instructions -- Information on using the System File Checker to restore files 1) Click START - RUN, type SFC and hit ENTER 2) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\JDBGMGR.EXE and hit ENTER 3) In the RESTORE FROM field, type in the path to your WINDOWS CAB files (ie. C:\WINDOWS\OPTIONS\CABS) (ie. D:\WIN98 where D is the drive letter assigned to your CD-ROM) 4) Click OK and continue with the restore function -- End Windows 98 Instructions -- -- Windows NT 4 Instructions -- See Microsoft Knowledge Base Article - Q322993 -- End Windows NT 4 Instructions -- -- Windows ME Instructions -- Information on using the System File Checker to restore files 1) Click START - RUN, type MSCONFIG and hit ENTER 2) Click the Extract Files button 3) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\JDBGMGR.EXE and hit ENTER 4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files (ie. C:\WINDOWS\OPTIONS\INSTALL) 5) Click OK and continue with the restore function -- End Windows ME Instructions -- -- Windows 2000 Instructions -- 1) Click START - RUN, type expand d:\i386\jdbgmgr.ex_ %windir%\system32 and hit ENTER Note: this assumes that D: is your CD-ROM drive, and that you have the Windows2000 CD-ROM in the drive. If this is not the case, d:\i386 should be replaced with the path to your i386 directory. -- End Windows 2000 Instructions -- -- Windows XP Instructions -- Information on using the System File Checker to restore files 1) Click START - RUN, type MSCONFIG and hit ENTER 2) Click the Expand File... button 3) In the "File to restore" field, type %WinDir%\SYSTEM32\JDBGMGR.EXE and hit ENTER 4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files. This may vary from machine to machine. It may be on a local drive, network drive, or CD-ROM (ie. C:\WINDOWS\OPTIONS\INSTALL) 5) In the Save File in field, type in %WinDir%\SYSTEM32. 6) Click OK and continue with the restore function -- End Windows XP Instructions --