jdbgmgr.exe - Teddy Bear Virus
Symantec Security Response encourages you to
ignore any messages regarding this hoax.
It is harmless and is intended only to cause unwarranted concern.
This virus (jdbgmgr.exe) is not detected
by Norton or McAfee Anti-virus systems, or VET.
The virus sits quietly for 14 days before damaging the system.
It is sent automatically by messenger and by the address book,
whether or not you send emails to your contacts.
Here's how to check for and get rid of the virus:
1. Go to Start, then to Find or Search option
2. In the file folder option, type the name jdbgmgr.exe
Note: Be sure you search your C: drive
and all subfolders
and any other drives you may have.
3. Click "find now"
4. The virus has a Teddy Bear icon with
the name jdbgmgr.exe
DO NOT OPEN IT !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
5. Go to Edit (on menu bar), choose "select all"
to highlight the file without opening it.
6. Go to File (on the menu bar) and select delete.
It will then go to the Recycle Bin.
7. Empty Recyle Bin
IF YOU FIND THE VIRUS, YOU MAY WANT TO
CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK,
SO THEY CAN ERADICATE IT IN THEIR OWN ADDRESS BOOKS.
To do this
a) Open a new e-mail message
b) Click your address book icon
c) Highlight every name and add to "BCC"
d) Copy and paste this message into the body of your email.
|
***************** VIRUS ALERT - W32/Naked@MM ****************
Since its discovery early on March 6, 2001, McAfee.com has
seen a large and growing number of computers infected with
W32/Naked@MM. This is a HIGH RISK virus that is spreading
rapidly via the Windows email program Outlook. The infected
email can come from addresses that you recognize. Attached
is a file named NakedWife.exe, which poses as a Flash movie.
The email message can appear as follows:
Subject: Fw: Naked Wife
Body:
My wife never look like that! ;-)
Best regards,
(sender's name)
Attachment: NakedWife.exe
When run, it copies itself to a TEMP directory and displays
a window entitled "Flash" which reads "JibJab loading". It
then attempts to delete all .BMP, .COM, .DLL, .EXE, .INI,
and .LOG files in the WINDOWS and WINDOWS\SYSTEM directories
and emails itself to all recipients in the Windows Address
Book using Microsoft Outlook.
Click here for detection and removal instructions.
|
|
Virtual Card for You1.htm
Category: Hoax
Please ignore any messages regarding this hoax and do not pass on messages.
Passing on messages about the hoax only serves to further propagate it.
Symantec AntiVirus Research Center (SARC)
Virtual Card for You
Reported on: January 10, 2001
Last Updated on: February 13, 2001 at 12:44:05 PM PST
The Virtual Card for You is a hoax that should be ignored. The following is
the text that may be received as an email message:
Virus Alert VIRUS WARNING To ALL INTERNET USERS:
A new virus has just been discovered that has been classified by Microsoft
(www.microsoft.com) and by McAfee (www.mcafee.com) as the most destructive
ever!
This virus was discovered yesterday afternoon by McAfee and no vaccine has
yet been developed. This virus simply destroys Sector Zero from the hard
disk, where vital information for its functioning are stored.
This virus acts in the following manner: It sends itself automatically to
all contacts on your list with the title "A Virtual Card for You".
As soon as the supposed virtual card is opened, the computer freezes so that
the user has to reboot. When the ctrl+alt+del keys or the reset button are
pressed, the virus destroys Sector Zero, thus permanently destroying the
hard disk.
Please distribute this message to the greatest number of people possible.
Yesterday in just a few hours this virus caused panic in New York, according
to news broadcast by CNN www.cnn.com). This alert was received by an
employee of Microsoft itself.
|
|
VBS/SST@MM or the AnnaKournikova Virus is spread via email in
Windows Outlook. McAfee AVERT has given it a risk assessment
of HIGH-RISK. The email comes with an attachment named
AnnaKournikova.jpg.vbs. You may receive the infected email
from addresses that you recognize in this format:
Subject: Here you have, ;o)
Body:
Hi: Check This!
Attachment: AnnaKournikova.jpg.vbs
If you run AnnaKournikova.jpg.vbs, the script copies itself
to the WINDOWS directory as "AnnaKournikova.jpg.vbs" and
creates a registry key and key values. Subsequently, it
forwards a copy of itself to everyone in your Outlook email
address book.
Please do not run the attachment.
Click here for detection and removal instructions
|
|
Anyone out there suddenly
unable to access the TTC Discussion Boards?
Have you gotten this message?
"Error Message: 100053 Software Caused Connection to Abort"
If so, apparently there is a "naming" problem
or just possibly a slow timing problem
getting out of South Africa and onto the World Wide Web.
Here is A LINK
that will give you the information to tell your Internet Service Provider (ISP)
to help resolve this problem.
|
|
Latest VIRUS ALERTs
******* VIRUS ALERT - W32/ProLin@MM ********
W32/ProLin@MM is an Internet worm that spreads via email.
McAfee AVERT has given it a risk assessment of
MEDIUM TO HIGH-RISK.
The email comes with an attachment named
CREATIVE.EXE,
which carries the icon of a
Shockwave Media Player application.
You may receive the email in this format:
Subject = A great Shockwave flash movie
Body = Check out this new flash movie
that I downloaded just now ...
It's Great
Bye
Attachment = creative.exe
If you run CREATIVE.EXE, it finds and alters all
.JPG and .ZIP files on your system
and forwards a copy of itself to
everyone in your email address book.
Please do not run the attachment.
Click here for detection and removal instructions
******* VIRUS ALERT - W32/Navidad@M ********
W32/Navidad@M is an Internet worm that spreads using the
Windows email program Outlook. McAfee AVERT has given it a
risk assessment of MEDIUM-ON WATCH, due to a significant
increase in infection levels worldwide.
The email can come from addresses that you will recognize.
Attached is a file named NAVIDAD.EXE and when it is run, it
displays a dialog box entitled, "Error" which reads "UI". A
blue eye icon then appears in the system tray next to the
clock in the lower right corner of the screen, and a copy of
the worm is saved to the file "winsvrc.vxd" in the WINDOWS
SYSTEM directory.
If your PC becomes infected with the W32/Navidad@M worm, all
subsequent emails addressed to you will be responded to
automatically with an email from your address with the
W32/Navidad@M worm as an attachment.
Click here for detection and removal instructions.
|
|
Subject: TROJ_SONIC.B virus in the wild
Importance: High
TrendMicro has identified a new email virus in the wild. TROJ_SONIC.B
arrives in an email message with subject: I'm your poison. There is no
message, only an attachment lovers.exe.
This file sends itself to all addresses in the your address book and
modifies the registry to execute at every Windows bootup. When first
executed, it displays the following error message:
is not a valid WIN32 application.
TROJ_SONIC.B is being scanned for at our Exchange servers, so you should
not see it from INGR email. However, if you check your email via the
internet or your ISP, you can become infected. IGS and IM/GS Officescan
servers are being updated with the 793 pattern files, which will scan for
and clean the virus. We will push the updates to all campus workstations.
If you work remotely, you will want to synchronize your Officescan as soon
as possible to download the 793 pattern files.
Get info and antivirus here.
Then type "troj_sonic" in the Quick Search.
|
Momma Kath here,
My computer was dragging and I was getting
messages that I was sending out a virus with my emails.
I found a fix for it, please read this:
VBS KAK WORM VIRUS
Think you got it?
Here is a listing of the symptoms seen so far.
- In the Start-Programs-Startup folder there is a file (typically hidden) called kak.hta.
On bootup, the computer displays a "Memory Driver Error" message in a blank window.
- Occasionally a message will come up saying something like,
"Invalid Registry Entry Kak.Reg".
- Sporadic but frequent problems with Outlook Express 4.0 - 5.0
(Part of Internet Explorer 4.0 - 5.0).
- The system seems to drag more then normal.
- Attachments are placed on every outgoing mail you send.
- Friends and Family complain of you sending them a virus.
The Virus*
Name: Kak
Alias: Wscript.KakWorm, KakWorm
WScript.KakWorm is a worm that attaches itself to every email sent
from the infected system. It is written with JavaScript and it works on both English
and French versions of Windows 95/98 if Outlook Express 4 or 5 is
installed or Microsoft Outlook.
The worm uses a known security vulnerability in both Outlooks.
When an user receives an infected email message,
the worm creates a file "kak.hta" to the Windows Startup directory.
When the system is restarted, the worm activates.
It replaces "c:\autoexec.bat" with a batch file that deletes the worm
from the Startup directory. The original "autoexec.bat" is copied to "C:\AE.KAK".
It also modifies the message signature settings of both Outlooks,
replacing the current signature with an infected file, "C:\Windows\kak.htm".
A signature file is the text that is tacked on to the end of every e-mail sent.
(Containing your name, address, phone number, e-mail address, ect.)
Therefore every message sent with Outlook Express or Microsoft Outlook after
that will contain the worm.
Next it modifies the Windows registry in a such way that it will be
executed in every system startup. In first day of each month if the
number of hours is more than 17 (after 5:00pm), the worm will show
an alert box with the following text:
Kagou-Anit-Kro$oft say not today!
|
For anyone with a network,
if my computer slows down,
I also use my START - FIND - FILE
option to search for any:
*.vbs OR *.KAK files
and I delete them.
|
" GO HIP "
Have you been annoyed by the Go Hip advertising?
You can remove it!
It is an annoying advertising scheme.
Open the Go Hip page
"Click" Sign on
and then follow the directions to remove it.
|
|