jdbgmgr.exe hoax

Discussion in 'Computer Support' started by John, Aug 30, 2003.

  1. John

    John Guest

    I received a message from a friend telling me he had a virus with this
    filename and to delete it, which I did as he was a trusted source. I now
    discover this was a hoax message (yes I know I should have checked the 'net'
    for more info first!) either passed on by him or generated elsewhere. I now
    need to know whether I need to restore this file and if so where can I get a
    copy and how to reinstall. I believe it was located in C:/Windows/system32
    directory but not sure. I deleted it from my 2 machines one Windows 98 and
    the other XP operating systems.

    If replying direct please remove Z's from my email.
     
    John, Aug 30, 2003
    #1
    1. Advertising

  2. John

    Mcploppy © Guest

    John bashed at the keyboard and said :

    > I received a message from a friend telling me he had a virus with this
    > filename and to delete it, which I did as he was a trusted source. I
    > now discover this was a hoax message (yes I know I should have
    > checked the 'net' for more info first!) either passed on by him or
    > generated elsewhere. I now need to know whether I need to restore
    > this file and if so where can I get a copy and how to reinstall. I
    > believe it was located in C:/Windows/system32 directory but not sure.
    > I deleted it from my 2 machines one Windows 98 and the other XP
    > operating systems.
    >
    > If replying direct please remove Z's from my email.


    Hi John,

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993

    --
    Mcploppy ©

    { Remove both MyShoes to email me}
    { Homepage: http://tinyurl.com/bbel }
    { Local Radio: http://tinyurl.com/j1vi }
    { Download Messenger 6 http://tinyurl.com/h7co }
     
    Mcploppy ©, Aug 30, 2003
    #2
    1. Advertising

  3. John

    Hardy Guest

    jdbgmgr.exe=Microsoft® Debugger Registrar for Java
    content Win98-Setup-CD\WIN98\WIN98_43.CAB
    xtract from that file to the System-Folder
    XP don't know...
    Hardy

    "John" <> schrieb im Newsbeitrag
    news:E4_3b.3110$...
    > I received a message from a friend telling me he had a virus with this
    > filename and to delete it, which I did as he was a trusted source. I now
    > discover this was a hoax message (yes I know I should have checked the

    'net'
    > for more info first!) either passed on by him or generated elsewhere. I

    now
    > need to know whether I need to restore this file and if so where can I get

    a
    > copy and how to reinstall. I believe it was located in C:/Windows/system32
    > directory but not sure. I deleted it from my 2 machines one Windows 98 and
    > the other XP operating systems.
    >
    > If replying direct please remove Z's from my email.
    >
    >
     
    Hardy, Aug 30, 2003
    #3
  4. John

    Brian H¹© Guest

    X-No-Archive: Yes
    John said:

    > I received a message from a friend telling me he had a virus with this
    > filename and to delete it, which I did as he was a trusted source. I now


    Emphasis on "was" ?

    > discover this was a hoax message (yes I know I should have checked the 'net'


    Or renamed it before doing anything else to it.

    > for more info first!) either passed on by him or generated elsewhere. I now
    > need to know whether I need to restore this file and if so where can I get a


    See McPloppy's reply.

    > copy and how to reinstall. I believe it was located in C:/Windows/system32
    > directory but not sure. I deleted it from my 2 machines one Windows 98 and
    > the other XP operating systems.
    >
    > If replying direct please remove Z's from my email.
     
    Brian H¹©, Aug 30, 2003
    #4
  5. John

    slumpy Guest

    "So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
    threw back my head and roared with laughter as John continued:

    > I received a message from a friend telling me he had a virus with this
    > filename and to delete it, which I did as he was a trusted source. I
    > now discover this was a hoax message (yes I know I should have
    > checked the 'net' for more info first!) either passed on by him or
    > generated elsewhere. I now need to know whether I need to restore
    > this file and if so where can I get a copy and how to reinstall. I
    > believe it was located in C:/Windows/system32 directory but not sure.
    > I deleted it from my 2 machines one Windows 98 and the other XP
    > operating systems.
    >
    > If replying direct please remove Z's from my email.


    Do you know how many people get infected with viruses because they open
    crap from 'a trusted source' ?

    Trusted to be a fucking idiot, yeah.
    --
    slumpy
    no more
    no less
    just slumpy
     
    slumpy, Aug 30, 2003
    #5
  6. John

    DaveW Guest

    "slumpy" <> wrote in message
    news:bipv8b$c6nb9$-berlin.de...
    > "So, Mr Slumpy you *really* are the perpetual comedian, aren't you ?" I
    > threw back my head and roared with laughter as John continued:
    >
    > > I received a message from a friend telling me he had a virus with this
    > > filename and to delete it, which I did as he was a trusted source. I
    > > now discover this was a hoax message (yes I know I should have
    > > checked the 'net' for more info first!) either passed on by him or
    > > generated elsewhere. I now need to know whether I need to restore
    > > this file and if so where can I get a copy and how to reinstall. I
    > > believe it was located in C:/Windows/system32 directory but not sure.
    > > I deleted it from my 2 machines one Windows 98 and the other XP
    > > operating systems.
    > >
    > > If replying direct please remove Z's from my email.

    >
    > Do you know how many people get infected with viruses because they open
    > crap from 'a trusted source' ?
    >
    > Trusted to be a fucking idiot, yeah.


    Don't be so hard on John. Even you were a stupid frigging idiot at one
    time.
    If he does it a second time, THEN you can dissect his balls to see if he has
    any brains, ;-)
     
    DaveW, Aug 30, 2003
    #6
  7. John

    Patrick Guest

    Brian H¹© wrote:
    > X-No-Archive: Yes
    > John said:
    >
    >> I received a message from a friend telling me he had a virus with
    >> this filename and to delete it, which I did as he was a trusted
    >> source. I now

    >
    > Emphasis on "was" ?


    Presumably the 'friend' was acting in 'good faith',
    oh all right 'just as gullible'.

    >
    >> discover this was a hoax message (yes I know I should have checked
    >> the 'net'

    >
    > Or renamed it before doing anything else to it.
    >
    >> for more info first!) either passed on by him or generated
    >> elsewhere. I now need to know whether I need to restore this file
    >> and if so where can I get a

    >
    > See McPloppy's reply.
    >
    >> copy and how to reinstall. I believe it was located in
    >> C:/Windows/system32 directory but not sure. I deleted it from my 2
    >> machines one Windows 98 and the other XP operating systems.
    >>
    >> If replying direct please remove Z's from my email.
     
    Patrick, Aug 30, 2003
    #7
  8. John

    John Guest

    So I shouldn't open emails from anyone I know? Might as well pull the plug!
     
    John, Aug 30, 2003
    #8
  9. John

    Boomer Guest

    John said:

    > So I shouldn't open emails from anyone I know? Might as well
    > pull the plug!


    Hi
    Could you please include some of the message you are responding to,
    in your reply?
    (Tools> Options> Send tab, tick the "Include message in Reply" box.)

    It makes it difficult to follow a thread when you write a reply and
    others
    have no clue on what the question or discussion was about.

    Further info:
    http://www.netmeister.org/news/learn2quote2.html
    http://www.greenend.org.uk/rjk/2000/06/14/quoting.html

    Thank You Very Much :)
     
    Boomer, Aug 30, 2003
    #9
  10. John

    Paul - xxx Guest

    John tried to scribble ...

    > So I shouldn't open emails from anyone I know? Might as well pull the
    > plug!


    Apart from what Boomer says ..

    No that's _not_ what was said. Any attachment you receive is a potential
    virus or trojan. It is wise _before_ opening any attached file to at least
    run a Virus Checker over it, or call the sender and ask what they sent you.
    Many viruses are spread by 'hi-jacking' a users address book and sending
    multiple mailings to everyone in the address book, hence the need to check
    _any and all_ attachments sent, even if they purport to be from friends.

    Essentially _DON'T OPEN ANY ATTACHMENT_ unless you know what it is, why it's
    being sent and you've first run it through a virus / trojan checker .. ;)

    --
    .............................Paul - xxx
    Seti 1942 wu in 14790 hours
    http://setiathome.ssl.berkeley.edu
     
    Paul - xxx, Aug 30, 2003
    #10
  11. John

    Patrick Guest

    John wrote:
    > So I shouldn't open emails from anyone I know? Might as well pull the
    > plug!


    If you don't protect your computer then it could be taken over by anyone or
    anything (without your knowledge).
    Your machine could then be used by others for heaven knows what.
    This would result in you being blamed and thus haveing 'the plug pulled' by
    your IP.
     
    Patrick, Aug 30, 2003
    #11
  12. DaveW wrote:
    > "slumpy" <> wrote in message
    > news:bipv8b$c6nb9$-berlin.de...
    >> > If he does it a second time, THEN you can dissect his balls to see if

    > he has any brains, ;-)


    http://www.symantec.com/avcenter/venc/data/

    I pasted the following into a text pad as I was searching my machine.....

    Then, it adds the following set of strings to assume the P2P shared folder:

    \KMD\My Shared Folder
    \My Shared Folder
    Lite\My Shared Folder
    \My Grokster
    \Shared
    \Incoming
    Then, it drops the following copies:

    The Lost Jungle.mpg.exe
    The Matrix Reloaded Trailer.jpg.exe
    Replacement Killer 2.avi.exe
    Trailer DOOM III.exe
    WinZip9Beta.exe
    WhatIsGoingOn.exe
    NokiaPolyPhonic.exe
    TNT.exe
    Dont Eat Pork SARS in there.exe
    About SARS Solution.doc.exe
    TIPS HOW TO CRACK SYMANTEC SERVER.txt.exe
    VISE MINDVISION.exe
    Uninstal.exe
    WindowsSecurity Patch.exe
    Hide Your Mount.exe


    Patch - jdbgmgr.exe


    NEW POWERTOY FOR WINXP.exe
    Generate a Random PAssword.exe
    OfficeXP.exe
    Ripley Believe It Or Not.exe
    Anacon The Great.exe
    New Variant.exe
    SMTP OCX.exe
    DialUp.pif
    Lost YourPassword.txt.exe
    Hack In 5 Minute.exe
    Get Lost.exe
    Oh Yeah Babe.exe
    Sucker.exe
    MSWINSCK.OCX.EXE
    Downloader.exe
    HeavyMetal.mp3.exe
    JackAndGinnie.exe
    RosalindaAyamor
    fxanacon.com
    GetMorePower.exe
    Hacker HandBook.exe
    Dincracker eZine.exe
    La Intrusa.exe
    Porta.exe
    Next, it sends the following information to the email address, chatzqat
    phreaker.n et which most possibly belongs to the malware author:

    EXE Backdoor Name
    Operating System
    Internet Explorer Version
    Windows Directories
    System Directories
    Current Screen Resolution
    Current Time
    IP Address
    Current Port Number
    UserName
    ComputerName
    Cached Password: (For Win9x/Me Only)
    Host
    Drive(s)
    Type of Drives
    ICQ UINs
    Sound Card
    For this notification routine, the worm uses the smtp.phreaker.net mail

    server to send email.



    Overwriting Files

    There are indications that this worm intends to deface the infected user's
    Web site. When the current infected system has an installed IIS, the worm
    creates a certain file named ANADF.TXT.BAT, which overwrites the following
    files:

    DEFAULT.ASP
    DEFAULT.HTML
    DEFAULT.HTM
    INDEX.HTML
    INDEX.HTM
    INDEX.ASP
    It overwrites these files with the following strings:

    WARNING! YOUR WEB SERVER HAS BEEN HACKED BY ANACON MELHACKER.
    Anacon G0t ya! By Melhacker - dA r34L #4(k3R!.

    There are also codes suggesting that the worm deletes all
    log files in the root directory of C: and D:.


    As of this writing, however, this routine did not successfully replicate in
    actual tests.

    Other Details

    The worm also attempts to download a file named AnaconIV.exe in the URL:

    h t t p : \ \ <BLOCKED>x.org/~melhacker





    --
    longshotjohn 7

    http://www.smartgroups.com/groups/hot2trot


    The world is a dangerous place, not because of those who do evil, but
    because of those who look on and do nothing. --Albert Einstein
     
    longshotjohn7, Aug 31, 2003
    #12
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Pete

    jdbgmgr.exe?????

    Pete, Sep 7, 2003, in forum: Computer Support
    Replies:
    15
    Views:
    820
    navyretired
    Sep 8, 2003
  2. GUZZI-

    jdbgmgr

    GUZZI-, Nov 4, 2003, in forum: Computer Support
    Replies:
    5
    Views:
    581
    Petit Alexi
    Nov 4, 2003
  3. Quercus Robur

    Virus jdbgmgr.exe

    Quercus Robur, May 18, 2004, in forum: Computer Security
    Replies:
    3
    Views:
    499
    Jim Watt
    May 18, 2004
  4. alexander rickert

    virus jdbgmgr.exe

    alexander rickert, Feb 25, 2004, in forum: Computer Information
    Replies:
    2
    Views:
    469
  5. MOON HOAX "later that it was all a hoax"

    , May 29, 2005, in forum: Digital Photography
    Replies:
    1
    Views:
    402
    Unclaimed Mysteries
    May 30, 2005
Loading...

Share This Page