|
Author |
Message |
| Common
Ground / Security Blanket
- Computer Questions / Virus Alerts |
Robin
Cast Member
Posts: 940
Registered: Aug 2002
|
Posted
01-03-03 06:07 PM
I figure instead of starting a new topic for each, we could just collect them all in one thread.
I toss my cookies for Disney.
I wonder what inspired this new Disney T-shirt? "I'm right. You're wrong. Any Questions?"
|
|
Robin
Cast Member
Posts: 940
Registered: Aug 2002
|
Posted
01-03-03 06:07 PM
Masquerading as a Virus Fix Tool - WORM_RECORY.A (Low Risk)
WORM_RECORY.A is a highly encrypted, memory-resident worm that arrives as an email attachment with a random subject line, but a fixed message body. This worm overwrites the system file, Jdbgmgr.exe, and disguises itself as a virus fix tool from a known antivirus vendor. Upon execution, it drops copies of itself as the following:
%Windows%\Autotest.com
%Windows%\Jdbgmgr.exe
%Windows%\Windows Startup.pif
%Windows%\Uninstall32.pif
%Windows%\Security.pif
%Windows%\Compile32.pif
%Windows%\Startwin.com
%Windows%\Winboot32.com
%System%\Msdos32.pif
%System%\Autoexec32.bat
%System%\Cleanvir.pif
%System%\Jdbgmgr.exe
%Temp%\Jdbgmgr.exe
The dropped copy, Jdbgmgr.exe, overwrites the system file of the same name in the Windows system directory.
This worm drops another copy of itself in the StartUp folder as Systray.pif. This copy executes every time Windows starts. In addition to dropping a copy of itself in the StartUp folder, it also creates an entry in the registry Run key so that it executes at every Windows startup.
This worm uses Microsoft Outlook to send copies of itself to all addresses listed in all distribution lists of the Microsoft Outlook address book. It sends email with the following details:
Subject:
Microsoft Support
Fwd: Computer Virus fix Tool
Fwd: Computer Virus Alert
Fwd: Latest News
Fw: Important
Fwd: Latest Computer Virus outbreak
Fwd: Damaged Software information
Fwd: Urgent inforation
Email Security Update
Fw: Serious Alert
From helpdesk support
Fw: Read this
Free support
Technical support
Fw: Client support
Security update
Software patch
Microsoft news
Fwd: Software alert
Important information
Fwd: Help on Computer issue
Fw: High-threat computer virus fix
Fwd: Computer issues
Fwd: Severe virus alert
Software support
Fw: Attention users
Fwd: Email virus alert
High-risk computer virus removal
Fwd: Attention employees
Message Body:
Hello readers,
I have just cleaned my computer from a highly damaging computer virus Which is spreading rapidly through computer networks worldwide.
There is one way to check to see if your computer is infected with this virus.
Click the "Start" menu at the bottom left of your screen.
Click the "Find" or "Search" button.
Click the "Files or folders..." option.
Then once the search application starts, type "Jdbgmgr.exe"
If you have found this file, right-click on it and click the "Properties" tab. If the Properties menu has a picture of a bear on it, your computer is infected with this virus. (Note that the non-infected file picture has a hammer and a screwdriver shown in it). You may delete this file, but this is not the only file that the virus infects, To remove this virus, I have included a virus removal tool in the attachments "" that will scan all system files and remove any infectious code from them. This virus removal tool is very easy to use. If you have any trouble with this tool, read the help menu that the removal tool supplies. If your computer is infected with this virus, It is strongly recommended that you send this removal tool to as many people as you can to help remove the traces of this virus worldwide.
Attachment:
Fixvir.exe
Fixtool.exe
Remove32.com
Virusremove.pif
Cleanvir.pif
Recovery.exe
Scan32.pif
Cleaner.pif
Cleanvirus.com
Removal.exe
Deletevir.com
Scanvir.pif
Killvirus.com
Killvir.com
Virusfix.exe
Fixvirus.com
Fixvir.pif
This worm drops copies of itself in shared folders of ICQ and Kazaa, making it easily accessible for other users to download.
If you would like to scan your computer for WORM_RECORY.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at:http://housecall.trendmicro.com
I toss my cookies for Disney.
I wonder what inspired this new Disney T-shirt? "I'm right. You're wrong. Any Questions?"
|
|
annie
Cast Member
Posts: 321
Registered: Aug 2002
|
Posted
01-03-03 08:04 PM
Robin
Please check this link:
http://www.symantec.com/avcenter/ve....file.hoax.html
No one should delete the jdbgmgr.exe file without doing some research first. The legit windows file does have a bear icon, it's supposed to. This appears to be a hoax.
annie
"Are the fires of Hell a-glowing? Is the grisly reaper mowing? Who can provide the world with the answer to these pressing questions?"
"The candy man can," Rumsfeld added grimly.
|
|
Coastalwader
Cast Member
Posts: 935
Registered: Aug 2002
|
Posted
01-03-03 09:04 PM
quote:
annie wrote:
Robin
Please check this link:
http://www.symantec.com/avcenter/ve....file.hoax.html
No one should delete the jdbgmgr.exe file without doing some research first. The legit windows file does have a bear icon, it's supposed to. This appears to be a hoax.
annie
It's also listed on Snopes.com as a hoax. Sorry. 
King Unca Bubba Lord DisneyTex
|
|
Robin
Cast Member
Posts: 940
Registered: Aug 2002
|
Posted
01-04-03 08:40 PM
Actually this is a different alert than the hoax (though they could be wrong about the bear icon.)
This virus overwrites the Jdbgmgr.exe along with other files. The antivirus companies really should do a cross reference because this 'is' quite confusing
Here's info on the new virus at Symantec's site. If you check out the dates you'll see it's a new listing.
http://securityresponse.symantec.co....recory@mm.html
[Edited by Robin]
I toss my cookies for Disney.
I wonder what inspired this new Disney T-shirt? "I'm right. You're wrong. Any Questions?"
|
|
annie
Cast Member
Posts: 321
Registered: Aug 2002
|
Posted
01-05-03 04:55 PM
You're right, it is confusing!
Looks like the virus bandits are taking advantage of known hoaxes.
Speaking of, got a virus today (don't know what kind because I deleted it right away) from MzzEeyore (and I know this is a spoof of the RCH member with a similar name, most likely not really her) with the header "Have a Nice Epiphany"
Timely
annie
"Are the fires of Hell a-glowing? Is the grisly reaper mowing? Who can provide the world with the answer to these pressing questions?"
"The candy man can," Rumsfeld added grimly.
|
|
Crank
Administrator
Posts: 1957
Registered: Aug 2002
|
Posted
01-06-03 11:45 AM
This really is a virus! I would suggest a visit to the Symantec site to read about how to detect it.
I'm clean...
BTW, thanks, Robin!
I like persons better than principles, and I like persons with no principles better than anything else in the world.
Oscar Wilde, The Picture of Dorian Gray, 1891
BOYCOTT FRENCH TOAST, GERMAN SAUSAGE AND BELGIAN CHOCOLATES
Crank-->
All Content is © the Poster and is to be considered Intellectual Property. All Rights Reserved. Though Brilliant, Breathtaking and Extrememly Well Written the Content contained herein is Opinion and Opinion only.
ib4cruzn at charter dot net
|
|
Coastalwader
Cast Member
Posts: 935
Registered: Aug 2002
|
Posted
01-07-03 07:03 PM
quote:
Crank wrote:
This really is a virus! I would suggest a visit to the Symantec site to read about how to detect it.
I'm clean...
BTW, thanks, Robin!
Well, this is pretty confusing.....they are listing a very similar letter to the one Robin posted as part of the email that delivers the virus.
[Edited by Coastalwader]
King Unca Bubba Lord DisneyTex
|
|
Crank
Administrator
Posts: 1957
Registered: Aug 2002
|
Posted
01-07-03 07:53 PM
quote:
Coastalwader wrote:
Well, this is pretty confusing.....they are listing a very similar letter to the one Robin posted as part of the email that delivers the virus.
[Edited by Coastalwader]
Yeah, Kerry, I am familiar with that. Although nobody should delete "Jdbgmgr.exe" indicriminately, they *should* have a look at the Symantec site. While "Jdbgmgr.exe" is NOT normally a virus, there is one associated with it.
I like persons better than principles, and I like persons with no principles better than anything else in the world.
Oscar Wilde, The Picture of Dorian Gray, 1891
BOYCOTT FRENCH TOAST, GERMAN SAUSAGE AND BELGIAN CHOCOLATES
Crank-->
All Content is © the Poster and is to be considered Intellectual Property. All Rights Reserved. Though Brilliant, Breathtaking and Extrememly Well Written the Content contained herein is Opinion and Opinion only.
ib4cruzn at charter dot net
|
|
|
Common
Ground / Security Blanket
- Computer Questions / Virus Alerts |
|
