Hi,

My daughter has removed c:\windows\jdbgm.exe because a friend told here it was a virus. (sigh)

2 questions come to mind. Where is the program for and can it be replaced by a new one without reinstalling this win 2000 setup?

I don't have this file on my XP system so can somebody send me the file?

It looks like the system does not work as smoothly anymore, Here's the hijackthis log, just in case:

Logfile of HijackThis v1.91.2
Scan saved at 21:42:08, on 27-2-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.fun4u.101.nl/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer=wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride=192.168;<local>
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WeatherWatcher] C:\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Startup: Outlook Express starten.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: MultiPro.lnk = C:\Program Files\MultiPro\MultiPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\NPFMSG.EXE
O9 - Extra button: WIC Messenger (HKLM)
O9 - Extra 'Tools' menuitem: WIC Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/6/343/nl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6131712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab


Thanks

Frans

http://www.symantec.com/avcenter/venc/data/jdbgmgr.exe.file.hoax.html

Thanks for the link. now I wait to see if the hijackthis log is OK.
Hopefully sonbody can copy it to the right forum please?

Thanks

Frans

Hi fraha,

One dialer that I can see:
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/6/343/nl.exe

But that version of HijackThis is ancient.

Regards,

Pieter

Just a note here..had three people this AM tell me that they also got a copy of that hoax email again..telling them to delete jdbgm.exe..so it is starting up again :(

This better: ;D

Logfile of HijackThis v1.97.7
Scan saved at 22:41:46, on 27-2-2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\Norman\NVC\BIN\Zanda.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINNT\Explorer.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\NORMAN\Nvc\BIN\NJEEVES.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger Plus! 2\MsgPlus.exe
C:\NORMAN\Nvc\BIN\ZLH.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\NORMAN\Nvc\BIN\NYMSE.EXE
C:\NORMAN\Nvc\BIN\NIP.EXE
C:\Program Files\United Devices\UD.EXE
C:\Program Files\MultiPro\MultiPro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\United Devices\ud_1396140.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\United Devices\ud_1396140_0.dir\ud_ligfit_Release.exe
C:\WINNT\System32\svchost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fun4u.101.nl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwproxy.xs4all.nl:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\NORMAN\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe
O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [WeatherWatcher] C:\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE
O4 - Startup: Outlook Express starten.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: MultiPro.lnk = C:\Program Files\MultiPro\MultiPro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NPF Messenger.lnk = C:\Program Files\Norman\NPF\NPFMSG.EXE
O9 - Extra button: WIC Messenger (HKLM)
O9 - Extra 'Tools' menuitem: WIC Messenger (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/6/343/nl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37874.6131712963
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://dgl.microsoft.com/downloads/outc.cab

Hoi fraha,

LOL. Not better. Still the same dialer.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.cavello.com/dialxs/plugins/d/6/343/nl.exe

Then reboot.

Regards,

Pieter

Done just that, thanks again! ::)

dont worry, this is a virus and your daughterr did right to delite it. it mat seem like it is not running smoothly anymore but your sytem is better off without it.

if yu really want it back i will email it to you, just email it to me asking for it 'skipthekangaroo@hotmail.com'

none of the antivirus programs e.g. norton can deine it yet so dont worry.

-{ Quote: " quoting: matt jenkins link=board=18;threadid=23055;start=0#msg148183 date=1079999360]dont worry, this is a virus and your daughterr did right to delite it. it mat seem like it is not running smoothly anymore but your sytem is better off without it.
.
.
none of the antivirus programs e.g. norton can deine it yet so dont worry." }-

Matt,

What exactly is the virus you are talking about? This thread is specifically about the hoax that usually comes in email saying to delete the perfectly valid Jdbgmgr.exe file from Microsoft.

This is probs a real old thread but i was wondering if anyone knows what the file actually does?

Hi blu3zirux,

This might help: http://support.microsoft.com/default.aspx?scid=kb;EN-US;322993
"Jdbgmgr.exe = The Microsoft Debugger Registrar for Java is only used by Microsoft Visual J++ 1.1 developers."

Regards,

snap

Yes, i recently again got a copy of such a warning email with a CC to many other names, so again i sent my autoresponder text with the kind of real info and hoax warning and where to get the file back and again i got a mass mailing ok it still is a virus but it seems not to harm if it is there or if you removed it. grgr!
I wonder sometimes why to give proper info if people seem rather to care for the hoaxes.

Today is 03 Apr 04 and I have just received the email telling me to remove this file. Glad I checked first

Hmmm I removed all windows files, just in case ;D

-{ Quote: "Hmmm I removed all windows files, just in case ;D" }-

ROFL... yah... that's the spirit, that way none can get infected. :P

TAS

Just got email too (4th July)

well.. If you need the file as it is.. the jdbgmr. exe thingey with it's "pals", jdb[...]. EX_ ... Just add me in your msn :julianam26@hotmail.com. It'll be a pleasure for me to send it to you.

ok... would please somebody clear things out for me?

IS THIS A VIRUS OR NOT?!

I'm confused... write back, I wanna know

Check out this URL re the jdbgm virus...
.
.
.
http://www.keypoint.com.au/knowledge.html?strid=1576