A hysterical urban legend...

Discussion in 'NOD32 version 1 Forum' started by Alessandro Valenza, Oct 28, 2002.

Thread Status:
Not open for further replies.
  1. Alessandro Valenza
    Offline

    Alessandro Valenza Former Eset Moderator

    A hysterical urban legend...nearly identical to the sulfnbk.exe mass hysteria of 2001.
    The JDBGMGR.EXE file is a legit Windows operating system file, just like sulfnbk.exe.
    Some rule of thumb:

    if you merely find JDBGMGR.EXE on your computer, then it's probably not infected;
    but if you receive JDBGMGR.EXE as an email attachment, then it probably is infected.

    This urban legend started in early April 2002 among Spanish-speaking computer users. The hysteria spilled over to the English-speaking community by mid-April 2002.

    <sulfnbk.exe is a Windows system file that is almost always located in the Windows command directory. Windows uses it to restore long file names if they become corrupted.

    If you deleted the file and want to get it back:

    http://support.microsoft.com/default.aspx?scid=kb;EN-US;q301316

    <JDBGMGR.EXE it is a standard utility program (the Microsoft Debugger Registrar for Java) included with some versions of Windows
    and is normally installed in the 'system32' subdirectory of the WINNT directory. It has an icon in the form of a teddy bear that may lead users to be suspicious of it.

    IMPORTANT: There have recently been reports that a new version of this hoax is circulating. The new version, apparently claims that JDBGMGR.EXE is associated with the widespread I-worm.Bugbear. Presumably, the hoax writer is playing on Bugbear's name and the teddybear icon associated with the JDBGMGR.EXE file.
    Please see below for further information on this hoax.

    Alessandro Valenza
    Software Analyst
    Future Time

    www.nod32.it
  2. CARCHARODON
    Offline

    CARCHARODON Registered Member

    I had serveral family & friends delete JDBGMGR.EXE before they forwarded the hoax on to me. Now they are all asking me to fix their computers so they can read their email (they use java to read their email)..

    I tried to explain the obserdity of the message that was send. I think it said something like "Normal anti-virus programs can not detect this virus, so go delete JDBGMGR.EXE with Windows find files". I hope explaing that if you can find it by searching so can a virus scanner, may help them think before they go deleting files next time. But, I'm sure I'll be fixing more computers as soon as the next big hoax comes around..
  3. rodzilla
    Offline

    rodzilla Registered Member

    > There have recently been reports that a new version of this hoax is circulating. The new version, apparently claims that JDBGMGR.EXE is associated with the widespread I-worm.Bugbear. Presumably, the hoax writer is playing on Bugbear's name and the teddybear icon associated with the JDBGMGR.EXE file.

    There is a link between Bugbear and the recent upsurge in JDBGMGR and SULFNBK hoaxs ... a "bonus" which the author of the virus probably didn't expect ... ie: Bugbear picks up and sends stored hoax emails. I've seen "new" SULFNBK warnings with original timestamps dating back as far as March 2001.

    We've had more calls about JDBGMGR and SULFNBK in the past month then we had when the hoaxes first appeared. First time around, they made it into the mainstream media, and people became aware of them. This time they've had very little publicity.

    As Alessandro said, the fact that Microsoft uses a "teddy bear" as the JDBGMGR.EXE icon has helped give this hoax more credibility ... I've seen text like "If you find the teddy bear icon, you've got the Bugbear virus" added to the original hoax message several times.
Thread Status:
Not open for further replies.