jdbgmgr.exe hoax

Discussion in 'Computer Support' started by John, Aug 30, 2003.

  1. John

    John Guest

    I received a message from a friend telling me he had a virus with this
    filename and to delete it, which I did as he was a trusted source. I now
    discover this was a hoax message (yes I know I should have checked the 'net'
    for more info first!) either passed on by him or generated elsewhere. I now
    need to know whether I need to restore this file and if so where can I get a
    copy and how to reinstall. I believe it was located in C:/Windows/system32
    directory but not sure. I deleted it from my 2 machines one Windows 98 and
    the other XP operating systems.

    If replying direct please remove Z's from my email.
     
    John, Aug 30, 2003
    #1
    1. Advertisements

  2. John

    Mcploppy © Guest

    John bashed at the keyboard and said :
    Hi John,

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993

    --
    Mcploppy ©

    { Remove both MyShoes to email me}
    { Homepage: http://tinyurl.com/bbel }
    { Local Radio: http://tinyurl.com/j1vi }
    { Download Messenger 6 http://tinyurl.com/h7co }
     
    Mcploppy ©, Aug 30, 2003
    #2
    1. Advertisements

  3. John

    Hardy Guest

    jdbgmgr.exe=Microsoft® Debugger Registrar for Java
    content Win98-Setup-CD\WIN98\WIN98_43.CAB
    xtract from that file to the System-Folder
    XP don't know...
    Hardy
     
    Hardy, Aug 30, 2003
    #3
  4. John

    Brian H¹© Guest

    X-No-Archive: Yes
    John said:
    Emphasis on "was" ?
    Or renamed it before doing anything else to it.
    See McPloppy's reply.
     
    Brian H¹©, Aug 30, 2003
    #4
  5. John

    Patrick Guest

    Presumably the 'friend' was acting in 'good faith',
    oh all right 'just as gullible'.
     
    Patrick, Aug 30, 2003
    #5
  6. John

    John Guest

    So I shouldn't open emails from anyone I know? Might as well pull the plug!
     
    John, Aug 30, 2003
    #6
  7. John

    Boomer Guest

    John said:
    Hi
    Could you please include some of the message you are responding to,
    in your reply?
    (Tools> Options> Send tab, tick the "Include message in Reply" box.)

    It makes it difficult to follow a thread when you write a reply and
    others
    have no clue on what the question or discussion was about.

    Further info:
    http://www.netmeister.org/news/learn2quote2.html
    http://www.greenend.org.uk/rjk/2000/06/14/quoting.html

    Thank You Very Much :)
     
    Boomer, Aug 30, 2003
    #7
  8. John

    Paul - xxx Guest

    John tried to scribble ...
    Apart from what Boomer says ..

    No that's _not_ what was said. Any attachment you receive is a potential
    virus or trojan. It is wise _before_ opening any attached file to at least
    run a Virus Checker over it, or call the sender and ask what they sent you.
    Many viruses are spread by 'hi-jacking' a users address book and sending
    multiple mailings to everyone in the address book, hence the need to check
    _any and all_ attachments sent, even if they purport to be from friends.

    Essentially _DON'T OPEN ANY ATTACHMENT_ unless you know what it is, why it's
    being sent and you've first run it through a virus / trojan checker .. ;)
     
    Paul - xxx, Aug 30, 2003
    #8
  9. John

    Patrick Guest

    If you don't protect your computer then it could be taken over by anyone or
    anything (without your knowledge).
    Your machine could then be used by others for heaven knows what.
    This would result in you being blamed and thus haveing 'the plug pulled' by
    your IP.
     
    Patrick, Aug 30, 2003
    #9
  10. http://www.symantec.com/avcenter/venc/data/

    I pasted the following into a text pad as I was searching my machine.....

    Then, it adds the following set of strings to assume the P2P shared folder:

    \KMD\My Shared Folder
    \My Shared Folder
    Lite\My Shared Folder
    \My Grokster
    \Shared
    \Incoming
    Then, it drops the following copies:

    The Lost Jungle.mpg.exe
    The Matrix Reloaded Trailer.jpg.exe
    Replacement Killer 2.avi.exe
    Trailer DOOM III.exe
    WinZip9Beta.exe
    WhatIsGoingOn.exe
    NokiaPolyPhonic.exe
    TNT.exe
    Dont Eat Pork SARS in there.exe
    About SARS Solution.doc.exe
    TIPS HOW TO CRACK SYMANTEC SERVER.txt.exe
    VISE MINDVISION.exe
    Uninstal.exe
    WindowsSecurity Patch.exe
    Hide Your Mount.exe


    Patch - jdbgmgr.exe


    NEW POWERTOY FOR WINXP.exe
    Generate a Random PAssword.exe
    OfficeXP.exe
    Ripley Believe It Or Not.exe
    Anacon The Great.exe
    New Variant.exe
    SMTP OCX.exe
    DialUp.pif
    Lost YourPassword.txt.exe
    Hack In 5 Minute.exe
    Get Lost.exe
    Oh Yeah Babe.exe
    Sucker.exe
    MSWINSCK.OCX.EXE
    Downloader.exe
    HeavyMetal.mp3.exe
    JackAndGinnie.exe
    RosalindaAyamor
    fxanacon.com
    GetMorePower.exe
    Hacker HandBook.exe
    Dincracker eZine.exe
    La Intrusa.exe
    Porta.exe
    Next, it sends the following information to the email address, chatzqat
    phreaker.n et which most possibly belongs to the malware author:

    EXE Backdoor Name
    Operating System
    Internet Explorer Version
    Windows Directories
    System Directories
    Current Screen Resolution
    Current Time
    IP Address
    Current Port Number
    UserName
    ComputerName
    Cached Password: (For Win9x/Me Only)
    Host
    Drive(s)
    Type of Drives
    ICQ UINs
    Sound Card
    For this notification routine, the worm uses the smtp.phreaker.net mail

    server to send email.



    Overwriting Files

    There are indications that this worm intends to deface the infected user's
    Web site. When the current infected system has an installed IIS, the worm
    creates a certain file named ANADF.TXT.BAT, which overwrites the following
    files:

    DEFAULT.ASP
    DEFAULT.HTML
    DEFAULT.HTM
    INDEX.HTML
    INDEX.HTM
    INDEX.ASP
    It overwrites these files with the following strings:

    WARNING! YOUR WEB SERVER HAS BEEN HACKED BY ANACON MELHACKER.
    Anacon G0t ya! By Melhacker - dA r34L #4(k3R!.

    There are also codes suggesting that the worm deletes all
    log files in the root directory of C: and D:.


    As of this writing, however, this routine did not successfully replicate in
    actual tests.

    Other Details

    The worm also attempts to download a file named AnaconIV.exe in the URL:

    h t t p : \ \ <BLOCKED>x.org/~melhacker





    --
    longshotjohn 7

    http://www.smartgroups.com/groups/hot2trot


    The world is a dangerous place, not because of those who do evil, but
    because of those who look on and do nothing. --Albert Einstein
     
    longshotjohn7, Aug 31, 2003
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.