Is this a virus??

“Sheesh! I just opened an e-mail from a known person... and now I'm wondering if IT is a virus. (My Norton is not working... LONG story)

If it's a virus I want instructions on getting this thing outta my system ASAP!!
While the e-mail had a known name and subject of "Possible VIRUS in your address book" as its subject line, as you can see the e-mail itself has a bunch of mumbo jumbo crap in the header. OR is this just crap to get a person to delete a needed file on the computer???!

Then it said:

To:
Date: Sat, 6 Mar 2004 22:15:54 -0800
Subject: Fw: Possible address book virus
Message-ID: <000d01c4040b$a7422da0$a5680a0c@net>


----- Original Message -----
From: Scootbak
To: Undisclosed-Recipient:;
Sent: Wednesday, March 03, 2004 5:28 PM
Subject: Possible address book virus


Hi All,
Unfortunately a virus has been passed to me through an address book virus which also infected my address book. Since you are in my address book,
you will probably find it in your computer, too. I followed the instructions below and did find it in my computer, so it is possibly in yours as well.

The virus (called jdbg.exe) is not detected by Norton or McAfee Antivirus systems. It sits quietly for 14 days before damaging the system. It is
sent automatically by 'messenger' and by address book, whether or not you sent email to your contacts. Basically, that means you will pass it
along unknowingly, as I did.

I was sent this email and am now passing it on to you as to how to checkfor the virus and how to get rid of it. Please do this. It's very simple to do and took me less than a minute to complete.

1. Go to Start, then click your 'Find' or 'Search' option
2. In the folder option, type the name "jdbgmgr.exe"
3. Be sure to search your C. Drive and all the sub folders in other drives you may have.
4. Click 'Find Now', or "Search".
5. The virus has a teddy bear icon with the name "jdbgmgr.exe" Don't open it!
6. Go to "Edit" (on the menu bar) and choose "Select All" to highlight thefile without opening it.
7. Now go to "File" (on the menu bar) and select "Delete". That will send the virus to the recycle bin.

If you find the virus, you must contact all the people in your Address Book so that they may eradicate the virus from their own address books.
To do this:
1. Open a new email message
2. Click the icon "Address Book"
3. Highlight every name and add to "BCC"
4. Copy this message and paste to e-mail this to everyone”

“Don't do anything yet.... Hold on a minute.”

“OK, answering my own question, it's a hoax (as I suspected after the initial "VIRUS!!" response)

HOAX!!”

“Was it on my email? I have the latest Symantec AntiVirus on my computer, but I was using Yahoo Mail to send the email to you.”

“Good! Had me scared!”

“See above, StoveyBaby [grin]

LOL!”

“I know, isn't that awful? I should have known better than to fall for it. As I started thinking to look for hoax info on Symantec, I had already posted the knee-jerk reaction.

SORRY!!!!”

“I have not received any yahoo email at all today.
I figured something might be wrong, lol.”

“very weird.

jdbgmgr.exe virus hoax AKA Teddy Bear hoax


But some jerk took advantage of the situation and wrote a worm...

Recory.B
ALIAS: Recory


Still, it sounds like you have the original... the hoax, not the worm.

When I saw that, I had to do a quick doubletake, LOL”

“I fell for a similar hoax once way back..... stupid freaking idiots who started these things .....”

“There are several good Virus Hoax pages that you should reference when you get a message like this.

Symantec Virus Hoaxes

< a href="http://hoaxbusters.ciac.org/" target=_new>CIAC Hoaxbusters

McAfee Virus Hoaxes

F-Secure Virus Hoaxes

It's a good idea to bookmark these pages.”

“whoops! screwed up on this one...

CIAC Hoaxbusters”

“It didn't look like a virus. Maybe just a low grade bacterial infection. Take 2 aspirin and don't walk on it.”

“Oh my gosh, I didn't know that thing was still circulating.
What a wonderful way to hose your own system.”

“Virus 'Gangs' To Blame For Recent Epidemic
By Robert Vamosi: Senior Associate Editor, Reviews ZDNet
Friday, March 5, 2004



It's a busy time for computer viruses and worms. Over the last three weeks, we've seen nearly two dozen variations of Bagle, Netsky, and MyDoom circulate the Net. What gives? It looks like gang warfare is responsible, drive-by shootings on the information highway.


YOU HEARD ME right. "Gangs" of virus writers are currently trying to outdo one another and protect their turf. What they're fighting for is control of thousands of Trojan horses that create stealth peer-to-peer networks out of virus-infected computers worldwide. Such networks can be used to launch next-generation computer viruses or distributed denial-of-service attacks. They can also be sold to spammers who use them to anonymously send messages to our inboxes. Because of all their uses, virus writers consider these networks worth fighting for.


Unfortunately, you and I aren't just bystanders, we're the targets. And the only solution I can offer is what I've been saying for years: Update your antivirus software and don't open unsolicited e-mail messages. I wish there were a magic fix I could offer that would inoculate us all from these viruses, but, unfortunately, I can't. These infections aren't even very original. They use good old-fashioned social engineering, and not a software flaw, to spread.


There appear to be three distinct gangs: the MyDoomers, who are using source code from the MyDoom.b worm to set up stealth networks; the Bagles, who wrote their own unique viral code to establish the same sorts of networks; and the Netskys, who seem to have started the whole imbroglio by thwarting the plans laid down by MyDoom and Bagle.


THE FIGHT seems to have broken out on Feb. 18, when Netsky.b appeared on the Net and began removing traces of MyDoom and Bagle from infected computers. Netsky.b not only removed the viral code, but also the Trojan horse "back doors." These are the tunnels of communication that allow the MyDoom and Bagle gangs to communicate with infected systems and thus set up the valuable peer-to-peer networks. Needless to say, the authors of the Bagle and MyDoom variants took offense--as Netsky spread, their networks began to shrink in size and thus their ability to do harm online diminished.


One week later, on Feb. 25, the Netsky.c variant appeared a hidden message embedded in the code: "We are the skynet--you can't hide yourself---we kill malware...MyDoom.f is a thief of our idea!" (Such messages are known as "greetz.") A few days later, Bagle.J and MyDoom.G responded: "Hey, NetSky...Don't ruin our business, wanna start a war?" and "To NetSky's creator(s): imho, skynet is a decentralized peer-to-peer neural network. We have seen P2P in Slapper in Sinit only. They may be called skynets, but not your...app." (Slapper is a Linux worm that established its own P2P network starting in August 2002; Sinit is a common Trojan horse that also established its own P2P network, starting in October 2003.)


Greetz are not new; often they are directed at rival Internet gangs or antivirus researchers. In December of 2001, rival members of Israeli script kiddie gangs unwittingly released the Goner virus. In that case, the virus (which they called Pentagone) contained greetz with Internet nicknames of the authors: "Pentagone coded by: suid, tested by: ThE_SkuLL and Isatanl." Originally, the authors named in the greetz denied their involvement; shortly thereafter, however, they took credit for the virus when the news media started saying the code was cut and pasted from elsewhere. A short time later, the Israeli youths were arrested and sentenced to 2.5 years in jail.


Also, the recently arrested Belgium virus writer Gigabyte is famous for using greetz to taunt antivirus researchers, namely Graham Cluley of Sophos Antivirus.


MOST OF THE VIRUSES that have appeared over the last few weeks rate a 6 on our 10-point Virus Meter, meaning we consider them moderate threats. As of last Friday, only Netsky.d was spreading quickly, infecting one out of every 19 e-mails; this is very close to the infection rate of the original MyDoom, which spread at a rate of one out of every 12 e-mails in mid-January.


Despite some interesting programming nuances, such as requiring a password to unlock the Zip file attachment in the e-mail, these variants introduce only minor changes to the original code--just enough to fool the signature files that your antivirus software uses to recognize and stop them. So far, two antivirus companies, Kaspersky and BitDefender, have added the capability to decode the password-protected Zip attachments in infected e-mails, but I expect all antivirus companies will adopt this strategy soon.


The viruses' success, in the end, is due to their social engineering. They spread because human beings--hopefully not you--open the files attached to the e-mails they're sent in. As a result, many corporations are now blocking all Zip file attachments, which is surely impacting worker productivity. But until every desktop has up-to-date antivirus technology, and until every user stops opening unsolicited e-mail attachments, viruses like these will continue to afflict us.”

“--Are Worm Variants Due to a Grudge Match?
(2/3 March 2004)
Text in the code of recently released multiple variants of MyDoom,
NetSky and Bagle appear to indicate that the rash of malware is the
result of a battle between competing virus-writing groups.


http://www.eweek.com/print_article/0,1761,a=120716,00.asp

http://zdnet.com.com/2102-1105_2-5168983.html?tag=printthis

http://www.computerworld.com/printthis/2004/0,4814,90767,00.html

http://www.eweek.com/print_article/0,1761,a=120741,00.asp

http://www.newsfactor.com/story.xhtml?story_title=Worm_Writers_Continue_Verbal_Warfare&story_id=23291&category=netsecurity”

“Line 'em all up and give each a bullet in the head.”

“Use a big enough bullet, and it might only take one.”

“I got a new one. As soon as some mail comes in with attachments they immediately clone themselves in the out box. I keep the send immediately turned off by default so I catch them when they come in. However, now I have to close Outlook instead of keeping it open when I am online. I have found no way to filter around this either. As soon as it comes in, it puts a copy in the outbox before the filter deletes it. Really need something that will delete things at the server without bringing it into the client.

Anyone else dealing with this?”

“Have you got your preview pane on redhawk?”

“Yes and I have the inbox open but it goes into the outbox at exactly the same time as it goes into the inbox and there have been several and none of them are opened even in the preview pane.”

“First off, turn off the preview pane. That's a must.

Second, you do have some virus software, right? Make sure that it's up to date and that the settings are correct.

Third, you'd alluded to some filters you have set up. Make sure that one of them hasn't been accidentally set to copy to the Outbox.

Fourth, make sure you aren't already infected. Many of the new worms actually disable your virus protection, so you have to be very vigilant and keep it up to date. You can't protect yourself with old software anymore, you have to keep your virus definitions up to date at the very least.

There's been some talk in the news lately about these rounds of viruses being a turf war fought between different hacker groups. Their turf is your PC. The best way to get these wars to grind to a halt is to deny them the field of battle.

Unfortunately, like getting people to stop responding to trolls, getting people to take their time and set their computers up correctly is damn near impossible.”

“Found the problem, my own stupidity!

I have Outlook set to delete ANYTHING with an attachment. Most of my friends know I have a special mailbox for mail with attachments and to let me know when they send one what the subject line will be. I also set a filter up to reply to any attachment that I don't accept mail with attachments without prior notification.

What I forgot was that my spam filter automatically sends the questionable email as an attachment.

So the spam that came in was sending a response to the out box.

How's that for outsmarting yourself?”

“which one of you rat bastids hacked my computer?”

“Symantec: Hackers Have It Easier Than Ever

Symantec's twice-annual Internet Security Threat Report paints a grim picture.

http://update.techweb.com/cgi-bin4/DM/y/efq60BDIYJ0CLd0CQNm0Ai



Bagle Worms Sneak Through Defenses

New versions of Bagle use new tactics to squeeze by anti-virus defenses, among them packaging payloads in protected files.

http://update.techweb.com/cgi-bin4/DM/y/efq60BDIYJ0CLd0CQNo0Ak”

“i knew you had a dark side, tilt”

“Got worms in your.... JIHAD BAGLE?”

“I had a beagle with worms, once....”

“The only time I had a beagle I had fries on the side.”

“Was his name Snoopy?”

“No, Dinner.”

“does this spot on my arm look like ringworm?”

“I'm Not Gonna Say It.”

“Just wondering what hs_err_pid1032.log is, because it just showed up on my desktop a few minutes ago, i dont' know where it came from”

“I hope this clears it up for you.




Actually it appears to be an error report log.”

“Yep...your major infected...grab the 12 guage and pump a couple into the box...”

“Then see your doctor for penicillin shote.....”

“or shots...what ever you prefer”

“yeah, that's what it appears to be - i found that same page, it doesn't seem to have anything to do with what showed up on mine... but i'm assuming it's just an error report log, from java”

“You still need your shots”

“anyone else receiving emails saying something like this:

Dear user!

We are informing you that today, the amount of $719.00 AUD has been drawn out of your account.

Technical assistance of ANZ Bank.
www.anz.com"

you can't even copy the url. Hope I didn't click it by mistake just now

Got those emails from differnet banks too. One of them was called "National" I think.”

“Sounds like more of those crooked crooks to me.....”

“Sounds like a phishing scam to me...”

“ANZ is a real bank.

Froma link off of their index page.
Some ANZ customers have been targeted with a hoax email leading to a false bank website.

Always ensure that you only log on to ANZ Internet Banking by typing www.anz.com into the address bar, rather than following links to the ANZ website. Disregard any emails that advise otherwise.”