Home The Book Dr Articles Products Message Boards Journal Articles Search Our Surveys Surgery ESWT Dr Messages Find Good Drs video

Possible virus and what to do!!!!READ!

Posted by marie on 2/01/04 at 11:05 (143369)

This was forwarded to me and I found this virus on my C drive. >I found a Virus- jdbgm-----that someone sent to me and it is supposed to attach to everyone on my address book. I thought this was a joke but I found it sitting on my C Drive. > >Since you are on my address book, you will probably find it in your computer. The Virus is called [ jdbg.exe] and it is not detected by Norton or McAfee Anti-virus Systems. The virus sits quietly for 14 days before damaging the system. It is sent automatically by 'messenger' and by address book, whether or not you've sent email to your contacts. > >Here is how you check for the virus and how to get rid of it. >PLEASE DO ASAP--- it only takes a minute. >1] Go to start, then click your 'find' or search' option >2] in the folder option, type the name....jdbgm >3] besure to search your C Drive and all the s up folders and any other drives you may have >4] Click 'Find Now' >5] the Virus has a ---teddy bear icon--- with the name - jdbgmgr.exe >DO NOT OPEN IT !!!! >6] go to edit {on your menu } and choose 'Select All' to highlight the file without opening it. >7] Now go to File {on menu bar} and select - delete. It will then to the recycle bin. >If you find the virus, you must contact all the people in your Address Book so that they may eradicate the virus from their own books. > >To do this >1] open a new email message >2] Click the icon Address Book next to 'TO' >3] Highlight every name and add to 'BCC' >4] Copy this message and paste.

Re: Possible virus and what to do!!!!READ!

Suzanne D. on 2/01/04 at 11:23 (143372)

Marie, our media specialist at school told us Thursday about this virus (sounds the same, anyway) but said that the directions being given (to delete the teddy bear) was actually what installed the virus. She said it was a hoax and the trick was in deleting, you installed the virus.

Perhaps she was misinformed, or perhaps it is a different virus, but my daughter received an e-mail on her school computer and opened it, and it told her those instructions. Before following the directions, she asked the media specialist who said, 'NO!, don't do anything!'. Then she e-mailed all of us to tell us that.

Not trying to confuse the issue here, but the teddy bear icon part caught my eye, and I thought I had better write what I had been told.

Suzanne :)

Re: Possible virus and what to do!!!!READ!

Dr. Z on 2/01/04 at 12:01 (143375)

I believe that you are correct. I received this same type of message over a year agon and it was following the directions that caused all of the problems.
So don't do anything

Re: Not a virus

wendyn on 2/01/04 at 12:11 (143376)

I will try to say this patiently:

This is a hoax.

If you are going to take the time to post something like this, at least take the time (30 seconds) to do a quick search on google under the name of the virus.

This is not a virus, it is an important file you are telling everyone to delete off their computer.

http://groups.msn.com/PresbyWebServantExchange/general.msnw?action=get_message&mview=1&ID_Message=141

Re: Not a virus

wendyn on 2/01/04 at 12:15 (143377)

Emergency Security Alert

Security Hoax 12/29/2003
There is a virus hoax being email throughout the Health Sciences Center. The email has the subject line of 'Virus Check' and encourages you to delete the file 'jdbgm' or 'jdbgmgr.exe.' This is a legitimate file and you should not delete it. There are a number of variations of this hoax, but they all ask you to delete the file jdbgmgr.exe.

The file 'jdbgmgr.exe' is used by the 'Microsoft Debugger for Java' and in most cases is only needed by software developers. If you have already deleted the file it is unlikely that you need it and no further action is necessary. If you need to reinstall the file detailed instructions are available at: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993 .

For more information please visit: http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

Problems?
If you are unable to complete the process or encounter problems call the help desk at 587-6000 or submit a Trouble Ticket.

--------------------------------------------------------------------------------
University of Utah Health Sciences Center
50 North Medical Drive, Salt Lake City, Utah 84132
HSC Webmaster
Disclaimer (PIPE) Privacy Statement

Re: Can someone help an innocent?

Julie on 2/01/04 at 12:48 (143381)

I have had buckets of unwanted emails in the last few days. I always do, but it has trebled since last Wednesday, and there have been very strange ones that I haven't had before (I'm used to the Viagra ones, and the various other unsavoury ones). Even though I work on a Mac, and have antivirus software (Norton) that is regularly updated, I am terrified of viruses.

Most of the 'new' ones come with a message like this:

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

The attachments say something like 'Readme.zip'or 'Message.zip'. I have not opened any of them, of course, but some of them seem to have opened themselves: I've just looked in my 'trash' file and some of them have turned into reams of gobbledygook. Does this suggest anything?

I have also had a couple of 'Mail delivery failure' messages, returning messages which I have not sent, to addresses that I do not know. Does this suggest anything? And if so, can someone who knows tell me what to do about it?

Many thanks. I await reassurance - or if that isn't possible, information and instructions!
.

Re: Can someone help an innocent?

Suzanne D. on 2/01/04 at 12:56 (143382)

Julie, in the past two weeks I have had scads of those mail deliery failure messages from addresses I have never seen before. I delete them all without opening them. I also have had at least 20 or 30 messages from people I have never heard of with the subject line 'hi' or 'hello'. I never open any of them, either, of course.

I don't know what else to do but delete them. That is what our school technology person advised. We get so many at school that I don't even keep an address book on my computer there. I just type in the addresses when I e-mail someone. I'm too afraid that I'll unwittingly send a virus.

I surely do hate computer viruses and the trouble they cause!
Suzanne :)

Re: Can someone help an innocent?

Julie on 2/01/04 at 13:11 (143383)

Thanks, Suzanne - do you mean that you delete the mails themselves without opening them, and should I be doing that? Or do you look at them and just not open the attachments and then delete them.

And does deleting really work? Aren't the mails still on one's hard drive? I have dozens sitting in my trash.

I told you I was an innocent. Any thoughts from anyone else?
.

Re: Those are emails containing a virus

SuzanneK on 2/01/04 at 13:11 (143384)

************ Virus Alert **************

W32.Novarg.A@mm

W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources. In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to stop spreading on February 12, 2004.

The email will have the following characteristics:

From: May be a spoofed from address

Subject:
test , hi, hello, Mail Delivery System , Mail Transaction Failed, Server Report, Status, Error

Message: (one of the following)

Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Attachment: (one of the following)
document , readme , doc , text , file , data , test, message, body

DO NOT OPEN THE ATTACHMENT! MAKE SURE YOUR ANTIVIRUS PROGRAM IS UPDATED!

Re: Not a virus

marie on 2/01/04 at 13:16 (143385)

Thanks Wendy, I have had the same kind of weird problems the others mention below and we were just told our computers are forwarding a virus to other sources by our Intenet provider, who we have spoken to several times on the phone. So we do have a virus....that is the truth and not a hoax. So when I got this it seemed that it may be true. I am sooooo glad you shared the hoax! Thanks. I am running another virus scan now. Some of the weird things that are being reported over the last few weeks is the exact same thing that we are dealing with now. We have a disk that we are using to clean it up. I suggest that everyone who is having the same problem check with their provider.

Re: Those are emails containing a virus

Suzanne D. on 2/01/04 at 13:18 (143386)

Thanks, Suzanne K. And to answer your question, Julie, I just delete without opening and then go to 'deleted items' and delete from there. That is what we've been told to do at school. I don't know anything further to do. Anyone else?

Suzanne :)

Re: Can someone help an innocent?

marie on 2/01/04 at 13:19 (143387)

Julie, We are deleting them and we have had to call our provider to get software to repair the problem and it's a virus.

Re: Please read

marie on 2/01/04 at 13:26 (143388)

http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

Check this link to locate hoax information.

Also we were informed that our computers are forwarding a virus. This has been confirmed by our Internet provider, Locl-net. You will get delivery failures because you have the virus. I never open any emails unless I know who they are. If you are having problems I suggest you contact your provider. We were given a disk to clean it up. All is fine now.

Re: Please read

marie on 2/01/04 at 13:31 (143389)

PS: Sorry about the first post. I am in the midst of cleaning my machine up because we have a virus and over reacted. Wendy please delete it if you wish. Thanks.

Re: Can someone help an innocent?

Julie on 2/01/04 at 15:34 (143413)

Thanks very much Suzanne, Suzanne and Marie. I will contact my provider.
.

Re: Can someone help an innocent?

wendyn on 2/01/04 at 18:00 (143427)

Julie, there is a very bad virus out there (just not the teddy bear one)- don't open anything with a zip file or an attachment from a name you don't recognize. The names and subject lines are randon - so they can look pretty weird.

Re: Can someone help an innocent?

wendyn on 2/01/04 at 18:00 (143428)

Julie, I understood that it's okay as long as you delete them, and then empty your deleted email. Just don't open the attachment.

Re: Please read

wendyn on 2/01/04 at 18:02 (143429)

Sorry Marie - I can't delete posts - but Scott may want to delete it just to avoid confusion.

I have had a couple bad viruses (about a year ago) so I know what the over reaction feeling is like!!!

Re: Can someone help an innocent?

marie on 2/01/04 at 18:17 (143430)

http://dp.information.com/?a_id=35&domainname=bitfender.com

Julie I used an anti-virus program called MyDoom. It detected several viruses and killed them. The link above offers a download. This is what my Provider gave me. If you are getting mail delivery failure notices like I have then this should help.

marie

Re: Please read

marie on 2/01/04 at 18:19 (143431)

Thanks for understanding Wendy. I'm a mac user so this virus thing is still new to me.

Re: Please read

wendyn on 2/01/04 at 19:49 (143441)

Marie, I had a friend last year who used to forward hoaxes at least once a month. He drove me nuts. Actually, I think he drove everyone in his address book nuts.

The safest thing to do is just copy the name of the 'virus' and put it into a google search engine. If it's a virus, you'll find information on the virus - and if it's a hoax - it will bring you to sites that explain the hoax and how it works. It's always worth checking, and at least you're not sifting through complicated technical sites to find what you're looking for.

Re: Can someone help an innocent?

Julie on 2/02/04 at 02:38 (143452)

Thanks, Wendy. I haven't opened any of the files, just some of the emails themselves. But some of the suspect mails have been sitting on my computer for several days I hadn't noticed that the trash hadn't automatically been emptied each day, as I'd asked when I got the computer. They are all gone now. Is there likely to be any effect from their having sat for a few days?

Marie, I did have a message saying that Mydoom had located and quarantined a virus. Does that mean that Mydoom is somehow there and active and protecting me?
.

Re: Can someone help an innocent? Another question...

Julie on 2/02/04 at 04:25 (143453)

I've just had a huge 4.9mb automatic update from Norton, following which I was asked to restart. When I did, and accessed my email, a message said 'the email infile was infected and has been successfully repaired'.

Does that mean I am now virus-free?

Thanks everyone! :) I know you're all asleep in your beds over there, so I don't expect an immediate response!
.

Re: Can someone help an innocent? Another question...

Kathy G on 2/02/04 at 10:25 (143461)

Julie,

Yes, that means you're virus free! It's so strange to think that computer people, some of them geniuses, are out there concocting viruses that infect innocent people's computers. They could be putting all that knowledge to a good use.

I run both Norton Internet Security and Norton antivirus on a regular basis. They run in the background at all times. The antivirus program automatically updates itelf. Every Sunday morning, I do a complete virus scan of my computer.

The Internet Security provides a firewall for my computer and lets me know when I have been 'attacked.' That happens pretty regularly. That doesn't always mean it's a Trojan Horse or some other type of attack, the program doesn't always recognize communication between two computers.

I make it a practice to never open any emails if I don't recognize the sender. I just automatically delete them. If they are spam, AOL has an automatic feature where you highlight the email and click, 'Report Spam,' and it goes to a central area where AOL does something (?) with it. I do know that I get very little spam compared to the old days.

Computers are wonderful but they sure are complicated!

Re: Can someone help an innocent? More questions...

Julie on 2/02/04 at 10:35 (143463)

Kathy

Many thanks. I'm not sure I am all right, though. Since this morning I have had trouble with my email - a couple of mails from a good friend came through minus any message from her, but with a message that said 'This message has not been downloaded from the server. You have to take it online to access it.' The subject and sender are still in my inbox, but I can't delete them. I think something is wrong, but I don't know what. Have you any ideas?

Do you work on a Mac? I have the same virus protection/Firewall screen as you, but how do you do a Sunday-morning 'complete virus scan'? And why is it necessary if we have all this protection? And what do you do if you find a virus?

I'm sure you're all laughing, but I really do not know what to do - this is the first time this has happened to me. :(
.

Re: Can someone help an innocent? More questions...

Kathy G on 2/02/04 at 12:04 (143468)

Oh, believe me, I'm not laughing, Julie! I don't have a Mac so I may be the wrong person to help you. On my computer, there are icons down at the lower right-hand side of my computer that show the different programs I have installed. If I want to run my virus-scan, I just click on it and it comes up with options. One of them is to do a complete virus scan.

You're right. If we are running it all the time, I'm not sure why we are encouraged to run it once a week but that's what a very nice technician at HP told me to do way back when we got our first computer, so I always do it.

It sounds to me, and I'm no expert, like you're having a problem with your server so I would contact their technical service. Maybe John will see these messages and being a fellow Mac user, will be able to help you.

Good luck. It is so infuriating, isn't it?

Re: Two excellent websites, for those in doubt

BrianG on 2/02/04 at 16:36 (143491)

It's not just the computer virus e-mails that are a problem. It seems at least once a week I'll get an e-mail asking me to forward it to 10 friends, because Microsoft is performing an e-mail test, and everyone who replies, will recieve huge checks. Don't forget about the little kid with 3 months to live who is trying to set a Guiness book of records, for the most e-mails sent, before he / she dies. It's never ending, and about 99% of them are just plain crap, that tie up the Net at best, and cause damage to PC's, computers, etc, at worst Anytime you get a suspicious e-mail, just take a minute to check it out at one of these two web sites.

http://www.snopes.com
http://www.urbanlegends.com/

Or, you can do as Wendy mentioned, and type the 'name' directly into a search engine. I haven't used that method, but I have checked many emails at the above two web sites. I usually just send a quick note back to the person who sent me the junk, to let them know they have been had!

Regards,
BrianG

Re: Two excellent websites, for those in doubt

Julie on 2/02/04 at 16:53 (143492)

Brian, when I return a junk email to the sender, it always bounces back to me. I've given up on that! Maybe it's different in the States? Do you have luck with it?
,

Re: contadictory information but one "official" repsonse

Ed Davis,DPM on 2/02/04 at 20:48 (143507)

Lots of contradictory information on this but here is an 'official' repsonse from Symantec, makers of Norton Antivirus:
http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html
Ed

Re: Can someone help an innocent?

marie on 2/02/04 at 21:35 (143517)

Did you download MyDoom? When I ran it on my PC it did verify and eliminated at least 3 virus files. They all had these words in the file name: taskmon.exe

marie

Re: Can someone help an innocent?

Julie on 2/03/04 at 02:59 (143525)

Marie, I am confused! I thought Mydoom was the name of the virus.

Now I have a new oddity - emails that cannot be deleted. Does anyone know what this means?
/

Re: Can someone help an innocent?

JudyS on 2/03/04 at 16:40 (143571)

I'm a little bit tardy to this conversation but thought I'd throw in a thought or two.
First, Marie, I did indeed receive the suspect email from you but by then already knew to be wary of the subject matter - I deleted it w/o opening.
Second, my Norton anti-virus automatically updates itself regularly and has caught at least a dozen of those nasty virus emails so far.
Third, Julie I have a little method that may or may not be helpful to you-
I have filters set on my email software (Outlook Express) that automatically trash any email that is from someone NOT in my address book.
Now clearly a problem could occur if someone I know but not in my address book was emailing me - I try to stay on top of that.
Last, my 'trash' is set to automatically empty when I close my email program so I don't have to worry about anything just sitting there - my email software will also remove those trashed emails from the server for me if I set it to.
Hope those little tidbits might help!

Re: Can someone help an innocent? More questions...

JudyS on 2/03/04 at 16:53 (143575)

Right, Kathy, a good rule of thumb is to scan once a week. I also do a defrag once a week.
Julie, the options choice in your Norton window will show you how to set it to automatically scan when you want it to and how often you want it to. some folks set it to scan on a particular evening after they know they're finished with the computer for the day.

Re: Can someone help an innocent?

Suzanne D. on 2/03/04 at 17:43 (143577)

In today's Louisville newspaper there is an article about the 'Mydoom virus'. In it the 'Mydoom worm' is called 'one of the fastest-spreading worms of all time'.

If that is the name of the virus, why is that also the name of something to download which will protect your computer?

Still confused, but just deleting everything suspicious that comes my way...
Suzanne :)

Re: Two excellent websites, for those in doubt

BrianG on 2/03/04 at 22:16 (143590)

I've read you should not try to return spam to the sender. It lets the sender's computer know that you have a valid e-mail address, and it just gets worse from there, as they'll then resell it to another spam artist. It can also happen when they have a link for you to click on, to be removed from a distribution list. Same thing, more spam.

It'll only work if the sender is legit. You can send the spam back to to 'abuse@*****.com, if the computers host is available. That may work sometimes, otherwise just hit delete quick!

Brian

Re: Can someone help an innocent?

Julie on 2/04/04 at 01:45 (143598)

Suzanne, I think I've been terminally infected. I thought my virus software was doing its stuff, but I now cannot delete the infected mails it picks up and 'treats successfully'. Also, this morning, I've had mails that appeared to be from friends, but which were obviously infected because since I opened them my mail programme keeps quitting. The messages themselves have disappeared but the headings are still visible in the 'in' box, and when I try to open them the programme quits.

I don't know what to do. Has anyone else experienced this?
.

Re: Can someone help an innocent?

wendyn on 2/04/04 at 06:51 (143602)

Nope. At this point I would recommend calling someone in to fix your computer. We have a 'Geek-Patrol' that we use...I'm sure there's something similar in your area.

Having someone in his sometimes better than taking the PC in; whoever comes out will probably teach you about what they are doing, and why.

Good luck!!!!

Re: Can someone help an innocent?

Kathy G on 2/04/04 at 09:04 (143604)

Julie,

If you're reading this, sorry to hear that your computer is infected. Here in the states, it's best if you check around and get recommendations on where you bring your computer to have it fixed. We have a couple of places in town who are notorious for not appropriately fixing computers and are very high priced besides. Too bad you're not here because we have a friend who will come to your house and fix your computer. I don't think it would be cost effective for you to pay for him to fly to London but I bet he'd come!!

Good luck!

Re: Can someone help an innocent?

Julie on 2/04/04 at 09:23 (143608)

Thanks, Kathy and Wendy. The word 'terminal' was an exaggeration (I hope) - I don't think I'm terminal, just that strange things are happening. I'm going to get in touch with my computer guy and ask him to come - he seems to know everything. I wish your friend COULD come, though, Kathy - thanks for the thought. :)
.

Re: Can someone help an innocent?

JudyS on 2/05/04 at 11:00 (143680)

Well Julie - I'll bet it's frustrating enough to feel terminal!
A couple more ideas until your computer guy comes -
Uninstall then reinstall your email application. That may or may not do a thing because the virus may still be able to lurk in your - eewwe - Mac - ;) operating system. Be sure to copy down your email settings first from it's properties section so you can re-enter them.
Or, if those - eewwe - Mac - ;) computers have a 'GoBack' or 'Restore' capability, you can use it to restore your computer to pre-virus days. Then update your Norton before downloading any email.
Am I clear as mud - yet again? :)

Re: Can someone help an innocent?

Kathy G on 2/05/04 at 11:21 (143683)

I thought of the Restore point, too, Judy, but I didn't know if Macs had them. Actually, I'm amazed at how many Windows users don't know about them. Whenever I want to load a new program or software, I always set a restore point in case something goes wrong.

It's funny about Macs. When I worked at the Library, we had a couple of them for public use and there were people who would wait their turn for the Mac rather than use the Windows computers of which we had an abundance. It's all in what your used to, I guess!

Re: Can someone help an innocent?

Kathy G on 2/05/04 at 11:22 (143684)

I thought of the Restore point, too, Judy, but I didn't know if Macs had them. Actually, I'm amazed at how many Windows users don't know about them. Whenever I want to load a new program or software, I always set a restore point first in case something goes wrong.

It's funny about Macs. When I worked at the Library, we had a couple of them for public use and there were people who would wait their turn for the Mac rather than use the Windows computers of which we had an abundance. It's all in what your used to, I guess!

Re: Sorry about double post! NM

Kathy G on 2/05/04 at 11:22 (143685)



Re: Can someone help an innocent?

john h on 2/05/04 at 13:29 (143692)

Kathy I am a longtime Mac user and do not know what a 'restore point' is. It could be something that we have another name for. What does it do?

Re: Can someone help an innocent?

john h on 2/05/04 at 13:36 (143693)

We have a restore disc that comes with Mac computers. This simply restores the original software on the computer. I think any virus can be removed if you have the proper software to do it with. I have my entire hard drive backed up and can easily reformat my drive and reinstall everything. I am getting around 4-5 virus emails a day. Most are picked up my Yahoo my mail server but the ones that do get through either cannot work on a Mac or my ant virus stops them. Some of the new type virus do not even require you to open an attachment. Julie I know you have Norton Anti Viurs to intercept viruses but have you run the program to scan your hard drive? In my office we have a couple of infected PC's on my network but it does not effect me.

Re: Can someone help an innocent?

Julie on 2/05/04 at 16:05 (143702)

John, can you tell me how to do that? I honestly don't know what any of you are talking about - but thank you, and Judy and Kathy too. I guess I'm just fearful of doing anything at all on my computer except typing on it.
:(
.

Re: Can someone help an innocent?

Julie on 2/05/04 at 16:07 (143703)

Judy, I am sure you are crystal clear. It's just that the bit of my brain that is devoted to computing is - well, mud.
.

Re: Possible virus and what to do!!!!READ!

MARK L on 2/09/04 at 19:53 (144010)

The file with the teddy bear icon is a part of the Window operating system. This was an attempt to get the unaware person to self damage thier op sys.