Virus question

Richard · May 22, 2003

Ok people.. I've copied an email below.. got it from a friend of mine, I posted the followup posts too

Subject: VIRUS

SIGH sorry all........I found my address book had a few new additions of people I didn't know......and I checked and OMG I did have this virus /forums/images/graemlins/frown.gif please follow the simple steps as outlined below to delete it.........I am very sorry /forums/images/graemlins/frown.gif
**name deleted**

Subject: Fw: Fw: Very important-Do not delete About a virus

If you have had problems with your computer, try this out..........I had it on mine..........

Subject: Fwd: Virus Warning - Please Read!
I found the virus in our computer so check you may have it.
A virus has been passed on to me by a contact. My address book WAS infected. Since you are in my address book, there is a good chance you will find it in your computer too. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee anti-virus systems, or VET to date.

The virus sits quietly for 14 days before damaging the system. It is sent automatically by messenger and by the address book, whether or not you send emails to your contacts. Here's how to check for the virus and how to get
rid of it:

YOU MUST DO THIS
1. Go to Start, Find or Search option
2. In the file folder option, type the name jdbgmgr.exe
3. Be sure you search your C: drive and all sub-folders, and any other drives you may have.
4. Click "find now"
5. The Virus has a Teddy Bear icon with the name jdbgmgr.exe DO NOT OPEN IT
6. Go to Edit (on the menu bar), choose "seelect all" to
highlight the file without opening it.
7. Now go to File (on the menu bar) and select Delete. It will
then go to the Recyle Bin.

IF YOU FIND THE VIRUS, YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK, SO THEY CAN ERADICATE
IT IN THEIR OWN ADDRESS BOOKS. To do this,

a) Open a new email message
b) Click the icon of the address book next to the "TO"
c) Highlight every name and add to "Bcc"
d) Copy this message, enter subject paste to email.

Sorry for the inconvenience. Many regrets.

------------------
My response back to her:

Just a thought little lady....

There have been some hoax's going around very similar to this where you are actually deleting needed windows files.

Not saying that is the case here, just that the body of the letter reads exactly like the hoax did. Instead of the virus deleting files on your machine, it gets YOU to do the dirty work.

I'd be intrigued to know if you have any issues after deleting this file.

/forums/images/graemlins/smile.gif

-----------------
Her response back to me:

sigh i've been getting a lot of emails back saying it's a hoax hon but..........how does that explain the fact that when I opened my email this am.........I had 25 new addy's that belong to another friend of mine??? Am very confused........SIGH any suggestions????
SMOOOOOOOOOOOCH xoxoxo

(Authors note: Please disregard the smooches, kisses and hugs /forums/images/graemlins/blush.gif /forums/images/graemlins/blush.gif /forums/images/graemlins/grin.gif /forums/images/graemlins/cool.gif )

-------------

I happen to have this file on my home Win98 machine, but my work pc (Win XP-prof) does NOT have it. I only download COPIES of emails at home, and actually download them at work. my HOME pc does contain this file, yet my work pc does NOT (makes no sense if work pc downloads ALL files)

Upshot...I'm still convinced it's a hoax.. Fine..

her follow up question of

but..........how does that explain the fact that when I opened my email this am.........I had 25 new addy's that belong to another friend of mine???

Any thoughts?

(I DID ask her if her pc wore protection on dates.....) /forums/images/graemlins/shocked.gif /forums/images/graemlins/blush.gif

Thanks for any thoughts
Richard

GaryM · May 22, 2003

Symantic says it's a hoax http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

I think she might actually have a problem, but this isn't it!

Richard · May 22, 2003

curious if this might be her answer...

Setup: If someone NOT on my list emails me something and I reply, (I use outlook express, dont know about other programs), it will AUTOMATICALLY add that person's name to my list, presuming them to be a friend.

if someone sent her an email that somehow had multiple names in the address line... and she hit "reply"..

could it happen there? (I have NO idea what she uses.. her email to me came from Hotmail)

sort of a mass "reply name addition" hmm /forums/images/graemlins/confused.gif

Bird · May 22, 2003

Yep, Gary, every time I get one of those e-mails warning of viruses, I got to Symantec's web site to check and usually it's another hoax.

StoneHeartFarm · May 22, 2003

Richard,

Per Snope's website, it is a hoax. Fortunately, the file she deleted is only useful to programmers writing JAVA script.

There is also a link to microsoft which confirms it as their file.

Looks like a variation of other hoaxes I've seen that try to get you to delete files on your computer. Sort of like the Amish virus. LOL.

Steve

http://www.snopes.com/computer/virus/jdbgmgr.htm

Richard · May 22, 2003

ok, we got the virus part down now, as a hoax as I'd suspected.... now the trickier part..

how does that explain the fact that when I opened my email this am.........I had 25 new addy's that belong to another friend of mine??? Am very confused........SIGH any suggestions????

the above is her direct comment... I for one am clueless other than my comment up a couple posts.. obviously, she is attributing her additional email names as an effect of this "hoax". Well, if the hoax is a hoax, it presumably is not the issue behind her question... so, presuming that she's not dreaming and the event happened as she said (my wondering all the sudden is, how does she know "exactly who" is on her friends, mailing list...gonna have to run that past her)

Anyone have any idea on how this may have happened? (given the facts as she's presented them)

Thanks

WVBill · May 23, 2003

Richard: I think your original theory about the action of replying (or "reply to all") putting addresses in her address book is the most likely answer. I have seen this happen with some of our customers using both Outlook and Groupwise. It's a user familiarization issue. I don't know if it's a feature of other e-mail applications, though.

Two other possible but less likely explanations:

1) e-mail database corruption (only applicable if she's on a corporate e-mail system, though).

2) another virus. Many "e-mail viruses" replicate by sending themselves to everyone in someone's Outlook address list. They don't usually leave behind additions to your address list, though - but it's possible.

Richard · May 23, 2003

Thank you Bill... I do know it's her personal pc at home. I'll be talking to her a bit later on and will pursue this angle, see if she can shed some light.

Thanks again

Richard · May 23, 2003

wow... I just tried it and that is EXACTLY what happened to me. A friend sent me an email, along with 20 other recipients (not bcc's) and I hit reply all and WALA...

I had 20 additions to my email.

/forums/images/graemlins/smile.gif

WVBill · May 23, 2003

Yep, the call to our support staff was almost word-for-word:

"OMG, I've got the virus because I certainly didn't put those addresses in my address book!"