Disklavier

© 1995-2002 Symantec Corporation.
All rights reserved.
Legal Notices
Privacy Policy

Jdbgmgr.exe file hoax Reported on: April 12, 2002 Last Updated on: May 16, 2002 at 10:25:02 AM PDT

Symantec Security Response encourages you to ignore any messages regarding this hoax. It is harmless and is intended only to cause unwarranted concern.

Type: Hoax

This is a hoax that, like the SULFNBK.EXE Warning hoax, tries to persuade you to delete a legitimate Windows file from your computer. The file that the hoax refers to, Jdbgmgr.exe, is a Java Debugger Manager. It is a Microsoft file that is installed when you install Windows.

It has a teddy bear icon as described in the hoax:



CAUTION: Jdbgmgr.exe, like any file, can become infected by a virus. One virus in particular, W32.Efortune.31384@mm, targets this file. Norton AntiVirus has provided protection against W32.Efortune.31384@mm since May 11, 2001.

NOTE: If you have already deleted the Jdbgmgr.exe file, some Java applets may not run correctly. This is not a critical system file. The file version may vary with your operating system and version of Internet Explorer. If you want to restore the file, read the instructions in the How to restore the Jdbgmgr.exefile section at the end of this document.


Hoax message
This hoax has appeared in several languages. Some are as follows:

English
I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple:

The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.

The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps:
1. Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe
3.- Be sure that you are searching in the drive "C"
4.- Click "find now"
5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON
6.- Right click and delete it (it will go to the Recycle bin)
7.- Go to the recycle bin and delete it or empty the recycle bin.

IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.


French
JE VIENS D'ETRE INFECTE PAR UN DE MES FOURNISSEUR
FAITES CE QU'IL Y A D'ECRIT EN DESSOUS ET TOUT SE PASSERA BIEN LE NOM DU VIRUS EST jdbgmgr.exe L'ICONE EST UN PETIT OURSON.IL EST TRANSMIS AUTOMATIQUEMENT PAR LE CARNET D'ADRESSES.
LE VIRUS N'EST PAS DETECTE PAR VOTRE ANTIVIRUS ET RESTE EN SOMMEIL PENDANT 14 JOURS AVANT DE S'ATTAQUER AU DISQUE DUR. IL PEUT DETRUIRE TOUT= LE SYSTEME !!!
JE VIENS MOI MEME DE LE TROUVER SUR MON DISQUE DUR !!!AGISSEZ DONC TRES V=ITE POUR L' ELIMINER COMME SUIT:
1. Aller dans DEMARRER, faire "RECHERCHER"
2. dans la fenetre FICHIERS-DOSSIERS taper le nom du virus: jdbgmgr.exe
3. Assurez vous de faire la recherche sur votre disque dur "C"
4. Appuyer sur "RECHERCHER MAINTENANT"
5. Si vous trouvez le virus L'ICONE EST UN PETIT OURSON son nom "jdbgmgr.exe " ---> NE L'OUVREZ SURTOUT PAS!!!!!
6. Appuyer sur le bouton droit de la souris pour l'=E9liminer aller la CORBEILLE) vous pouvez aussi l'effacer en appuyant sur SHIFT DELETE afin qu'il ne reste pas dans la corbeille.
7. aller la CORBEILLE et l'effacer d=E9finitivement ou bien vider la corbeille. Mais SURTOUT NE L'OUVREZ PAS , SUPPRIMER-LE DIRECTEMENT !!!!=!

SI VOUS TROUVEZ LE VIRUS SUR VOTRE DISQUE DUR ENVOYEZ CE MESSAGE A TOUS VOS CORRESPONDANTS FIGURANT SUR VOTRE CARNET D'ADRESSES CAR CE VIRUS PASSE VRAIMENT PARTOUT ET TRES VITE !!! !!! !!! .


DESOLE POUR CET INCIDENT MAIS, MOI AUSSI, JE ME SUIS FAIT AVOIR !!! !!!
ET MERCI D'AGIR VITE.

Italian
Abbiamo ricevuto un virus che si trasmette automaticamente a tutti gli indirizzi di posta elettronica. Se si eseguono le seguenti istruzioni si cancella senza causare danni.


FARE LA VERIFICA DESCRITTA PER ELIMINARE IL VIRUS.

Il virus si chiama jdbgmgr.exe e si trasmette automaticamente tramite Messenger ed anche attraverso la rubrica degli indirizzi. Il virus NON E'RILEVATO da McAfee o Norton e rimane in letargo 14 giorni prima di recare
dei danni al sistema .Per eliminarlo basta eseguire le seguenti operazioni:

1) Cliccare sullo schermo in basso a destra "Avvio o Start"
2) Cliccare su "Trova", andare da "Files o Cartelle" e scrivere il nome
del virus: jdbgmgr.exe
3) Assicurarsi che cerchi sul disco "C"
4) Cliccare su "Cerca ora"
5) Se appare il virus (l'icona è un orsacchiotto) NON APRIRE !!
6) Cliccare sul pulsante destro del mouse ed eliminare.
7) Andare sul cestino e cancellare definitivamente.

SE AVETE TROVATO IL VIRUS NEL VOSTRO COMPUTER INVIATE QUESTO MESSAGGIO A TUTTE LE PERSONE CHE SI TROVANO SULLA VOSTRA RUBRICA D'INDIRIZZI O E-MAILS.





Portuguese
Caros colegas,

Atenção!

Hoje pela manhã recebemos um e-mail de um amigo da Argentina dizendo-nos que tinha-nos enviado um VIRUS via sistema. Este virus é
automaticamente retransmitido à todos os endereços armazenados em nossas lista de contatos. VOCÊ é um deles!!!. Infelizmente não podemos
evitá-lo pois ele não é detectado por Mcfee ou o Norton e permanece oculto por 14 dias antes de destruir o sistema inteiro.

Portanto, siga atentamente os passos a seguir e evite perder seus dados:

1) Clique em "Iniciar" depois "localizar" (o buscar);

2) Em "localizar" clique em "Pastas e arquivos" - escrever o nome do arquivo "virótico": jdbgmgr.exe;

3) assegure-se de que está procurando -o no drive C;

4) Localizar agora;

5) O virus possui um ícone em forma de ursinho (cinza);

6) Caso você o encontre, não abra de maneira alguma, delete-o imediatamente,

7) Não esqueça de retirá-lo da Lixeira pois senão nada adiantará.

8) Caso você encontre este virus no seu computador, envie esta mensagem a todas as pessoas que estejam na sua agenda de endereços antes
que este cause algum dano maior. Obrigado pela atenção.

Spanish
ESTIMADOS AMIGOS:

ES POSIBLE QUE UN VIRUS HAYA ENTRADO A SU SISTEMA, POR LO QUE LES
PIDO MIL
DISCULPAS.-

PARA VER Y ELIMINAR EL VIRUS,SEGUIR LAS SIGUIENTES INSTRUCCIONES:
-IR A INICIO, LUEGO A BUSCAR
-BUSCAR EN EL ARCHIVO O CARPETA jdbgmgr.exe ASEGURARSE QUE SE BUSCA
EN EL
DISCO C.-
-BUSCAR AHORA.
-SI APARECE QUE EXISTE EL VIRUS, NO ABRIR EL ARCHIVO.- CON EL BOTON
DERECHO
SEÑALAR EL ARCHIVO Y ELIMINARLO.-
-LUEGO IR A LA PAPELERA DE RECICLAJE Y TAMBIEN ELIMINARLO.-
ESTE VIRUS NO ES DETECTABLE CON EL NORTON U OTROS ANTIVIRUS.-

How to restore the Jdbgmgr.exe file
If you have deleted this file, restoration is optional. Without it, some Java applets may not run correctly. This is not a critical system file. Follow the instructions for your operating system.

NOTES:

• You can also restore this file by reinstalling Microsoft Internet Explorer.
• The C:\Windows\System folder is the usual default location for this file. It is possible that if you have a custom installation, or a special configuration that was installed by the computer manufacturer, the file could be in a different location.
• The instructions in this document are provided for your convenience. The extraction of Windows files uses Microsoft programs and commands. Symantec does not provide warranty support for or assistance with Microsoft products. If you have any questions, please see your Windows documentation or contact Microsoft.

Windows 2000/XP
If you are using Windows 2000/XP, you can restore the file using the System Configuration Utility.

1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Expand file. The "Expand one file from installation source" dialog box appears.
4. In the "File to restore" box, type the following:

%windir%\system32\jdbgmgr.exe

5. In the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. In the Save file in" box, type:

%windir%\system32

7. Click Expand and follow the prompts.

Windows Me
If you are using Windows Me, you can restore the file using the System Configuration Utility.

1. Click Start and then click Run.
2. Type msconfig and then press Enter.
3. Click Extract Files. The "Extract one file from installation disk" dialog box appears.
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

c:\windows\system\jdbgmgr.exe

NOTE: If you installed Windows to a different location, make the appropriate substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box, click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Install. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.

Windows 98
If you are using Windows 98, you can restore the file using the System File Checker.

1. Click Start and then click Run.
2. Type sfc and then press Enter.
3. Click "Extract one file from installation disk."
4. In the "Specify the system file you would like to restore" box, type the following, and then click Start:

c:\windows\system\jdbgmgr.exe

NOTE: If you installed Windows to a different location, make the appropriate substitution.

The Extract File dialog box appears.

5. Next to the "Restore from" box click Browse, and browse to the location of the Windows installation files. If they were copied to the hard drive, this is, by default, C:\Windows\Options\Cabs. You can also insert the Windows installation CD in the CD-ROM drive and browse to that location.
6. Click OK and follow the prompts.

Windows 95 (or alternative method for Windows 98/Me)
If you are using Windows 95, you need to use the extract command. This can also be used on Windows 98/Me.

1. Click Start, point to Find or Search, and then click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that Include subfolders is checked.
3. In the "Named" or "Search for..." box, type:

precopy1

4. Click Find Now or Search Now. If it does not exist on the hard drive, then insert the Windows installation CD and repeat the search on that drive.
5. When you find the file, write down the location of Precopy1, for example, C:\Windows\Options\Cabs. This is your Source Path.
6. The general form of the Extract command is:

extract /a \precopy1.cab jdbgmgr.exe /L c:\windows\system

NOTE: Make sure that you include the /a switch, as shown. Depending on your version of Windows, the Jdbgmgr.exe file can be in a .cab file other than Precopy1.cab. By using the /a switch, the Extract program will look first in the Precopy1.cab, and if the file is not found there, it will look in all subsequent .cab files until it is found, and can be extracted.

So if the source path is C:\Windows\Options\Cabs, then the Extract command becomes:

extract /a c:\windows\options\cabs\precopy1.cab jdbgmgr.exe /L c:\windows\system

NOTE: If you installed Windows to a different location, make the appropriate substitution.

7. Click Start and then click Run.
8. Type the following, making the appropriate substitutions as previously noted

extract /a \precopy1.cab sulfnbk.exe /L c:\windows\command

9. Click OK.

For more information on how to use the Microsoft Extract command, see the Microsoft Knowledge Base document, How to Extract Original Compressed Windows Files, Article ID: Q129605

Write-up by: George Koris