Author Topic: Virus & spyware issues  (Read 52279 times)

0 Members and 1 Guest are viewing this topic.

Offline Largey

  • Opinions on many things
  • ***
  • Posts: 102
Virus & spyware issues
« on: October 08, 2002, 12:39:40 am »
Virus Hoax

There is a virus hoax that advises customers to delete a valid Windows file that is named Jdbgmgr.exe. This file is the Microsoft Debugger Registrar for Java. If you receive the e-mail message that is listed in the "More Information" section of this article, delete the e-mail message and do not forward it to others. Although this file may become infected with a virus, its presence is not an indication of a virus infection.  

More Information:
This is how the e-mail may look when sent to you.....

The Jdbgmgr.exe virus hoax arrives in an e-mail message with the following body text:  
"I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple:"

The objective of this e-mail is to warn all users about a new virus that is spreading by MSN Messenger. The name of this virus is jdbgmgr.exe and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.

The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps:
1. Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe  
3.- Be sure that you are searching in the drive "C"  
4.- Click "find now"  
5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON
6.- Right click and delete it (it will go to the Recycle bin)  
7.- Go to the recycle bin and delete it or empty the recycle bin.  

IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.  

The above is a HOAX, Do absolutely Nothing. !!

The Microsoft Debugger Registrar for Java (Jdbgmgr.exe) is only used by Microsoft Visual J++ 1.1 developers.

If you follow the e-mail message instructions and delete this file, you do not have to recover it unless you use Microsoft Visual J++ 1.1 to develop Java programs on Windows XP, Windows NT 4.0, Windows 98 Second Edition, Windows 98, or Windows 95.

For Windows XP, Windows NT 4.0, Windows 98 Second Edition, Windows 98, and Windows 95:

Reinstall Microsoft Virtual Machine (Microsoft VM).

Tech Supp.

Falcon Media
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #1 on: October 08, 2002, 08:29:07 pm »
This hoax has been around for some months now.
Many of these so called 'warnings' often purporting to be from reputable sources like IBM are hoaxes.
My advice is to check out a reputable AntiVirus website, I use the excellent SARC site (From the publishers of Norton) at http://www.sarc.com/avcenter/vinfodb.html where you can search for information.

Needless to say, the best defence against viruses is to :

A: Have Antivirus software
B: Keep it updated regularly
C: Be sensible, NEVER open attachments from people you don't know

 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #2 on: July 17, 2003, 11:32:43 pm »
I have just downloaded the Mozilla browswer 1.4 and I like it. The site loads in 1.15 seconds on ADSL via Mozilla and 1.45 secs on ADSL via IE6. What browsers do other people use and how is the download speed? †You can test the speed of download by putting the URL into Stopwatch.
Click here for Stopwatch
Click here for the free Mozilla browser
« Last Edit: July 17, 2003, 11:35:38 pm by admin »
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

John_fraser

  • Guest
Re: Virus & spyware issues
« Reply #3 on: July 18, 2003, 01:51:12 am »
Actually I like Mozilla a lot, but I must admit that the sites Iím responsible for only work in I.E. Microsoft has such a hold on the browser market that I canít justify the cost of testing for anything else, let alone the extra development. Its never been a problem: Because everyone supports I.E everyone uses I.E. and because everyone uses I.E. everyone supports it. MS win again.

What server do you use?
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #4 on: July 18, 2003, 01:56:11 am »
Quote
What server do you use?

The site is hosted on Positive Internet's shared server and I use that for e-mail too. Is that what you meant John?
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

John_fraser

  • Guest
Re: Virus & spyware issues
« Reply #5 on: July 18, 2003, 02:06:59 am »
I was thinking of IIS or Apache.

Just me trying to be as sad as someone timing their site to 100th of a second :)
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #6 on: July 18, 2003, 09:48:50 am »
You are right John, it is sad -- very sad. I wish I hadn't started this thread now. †:-[ †Sorry everyone -- however one more sad question. †I was interested to read what you said about browser testing. I have found with this site that testing in Netscape 4.7 (as well as IE) sometimes throws up problems that don't show up in IE. Tables that don't work and pages that don't load properly etc. I am not good at reading the stats, but it appears that more than half the users of this site use Mozilla. Does that mean that if I look at the site in Mozilla and IE it should be ok for most people? Click here to see the latest browser stats for this site †I downloaded Mozilla 1.4 after reading this article on BBC News Online about Netscape.
« Last Edit: July 18, 2003, 09:58:19 am by admin »
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #7 on: July 18, 2003, 12:11:54 pm »
I used to work for a web design company and can confirm there are many differences between Netscape and IE. However, as you rightly say, most sites are coded to work with IE only, as the effort to guarantee cross browser compatibility can be substantial, sometimes up to half the total development effort.
It's regarded (at least by techie people) that Netscape and Mozilla (which is derived from Netscape code) adhere to standards far more closely than IE, however with IE having better support by virtue of the fact that every Windows system has it already installed.
Real anoraks might like to try another browser, Opera, which is very fast and standards based.
I would expect that the brookmans.com site should be fairly consistent across browsers as it appears to be fairly simple in design. This is good as it means pages will load quickly !
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #8 on: July 18, 2003, 01:30:57 pm »
Quote
I would expect that the brookmans.com site should be fairly consistent across browsers as it appears to be fairly simple in design.


That is because the editor has a fairly simple brain.

:)
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #9 on: July 18, 2003, 01:40:29 pm »
Elegant solutions are usually the simplest ones..  ;)
 

John_fraser

  • Guest
Re: Virus & spyware issues
« Reply #10 on: July 18, 2003, 03:19:04 pm »
The KISS principal is one I adhere to at all times.

50% Mozilla sounds astonishingly high, or is that because there are a lot of AOL accounts there using Netscape 7?

We had loads of issues with Netscape 4.08 and 4.7. Getting the sites to work in those was over 50% of the HTML & JavaScript work. It also handicapped I.E. and was still buggy in those browsers. My experience is that the only standards organisation for browsers that matters meets in Redmond Seattle.
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #11 on: July 18, 2003, 04:56:11 pm »
The log files refer to Mozilla compatible browsers, such as IE and others. I don't know the origins of the name but believe that Mozilla was a standard that the browser was then named after or something similar. So I would expect the vast majority of your site's visitors still come from IE browsers. If you are able to, examing your web servers logfile can reveal lots of information, although I believe the brookmans.com site is on a shared server and you might not be able to do this directly.
 

Offline jet

  • Opinions on everything
  • *****
  • Posts: 1285
  • Gender: Male
Re: Virus & spyware issues
« Reply #12 on: July 18, 2003, 05:34:08 pm »
oh my mistake, thought you were talking about family dogs (Bowsers) and what italian cheese has got to do with it I really do not know?
regards,
jet
 

John_fraser

  • Guest
Re: Virus & spyware issues
« Reply #13 on: July 18, 2003, 07:26:49 pm »
Trivia foot note.

The first browser was Mosaic. The second browser, Netscape was code named Mozilla, which stood for Mosaic Killer.

The reason I.E. says Mozilla was for compatability with sites that use to check the version of the browser.
 

John_fraser

  • Guest
Re: Virus & spyware issues
« Reply #14 on: August 26, 2003, 01:50:09 am »
I've been using Avent for the last few weeks at work. It is a free upgrade for I.E. and turns it into a tabbed browser. In addition to letting you use tabs, it has some nice features, like opening multiple home pages and a neat search bar Ė I never liked Googleís. These more than compensate for a few minor annoyances.

http://www.avantbrowser.com/

As I said, itís free and even once installed you can still use IE without it.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: Virus & spyware issues
« Reply #15 on: February 08, 2004, 02:10:23 am »
Whilst not wishing to get into a browser (or OS or editor) war, I do have a recommendation for current "best web browser".

I've been using Mozilla Firebird (http://www.mozilla.org) for several months now. It still isn't "released" (currently 0.7) but my experiences with it suggest that it is a good deal more stable than some commercial-release code.

Feature-wise, I like it mainly because it makes things like multimap usable - largely due to its excellent built-in popup and cookie management. It is quick and comes with a text box in the top right corner the contents of which the browser will post into a standard Google (or anything else you tell it to) search for you. The Mozilla site makes a deal of noise about "tabbed browsing"  where you can get multiple sessions going in tabs within the same frame. I don't really use that, but then it is a matter of preference.

The only downside is that the unix versions require that you've installed (and know how to configure) xprint - which is a pain if you haven't when you install the browser. The Windows version just uses the normal Windows printing system.

It is available as source, or as binary packages for Solaris, Linux, Mac and Windows. I use it on Solaris and Windows at home, and on Linux and Windows in the office. It has not let me down so far.

All in all, well worth a look.
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #16 on: March 04, 2004, 01:10:51 am »
Some people might have received e-mails which appear to have been sent from the Brookmans Park Newsletter.

The 'e-mail from address' could be any of the following: staff, administrator, management, or support @ this site (www.brookmans.com).

The attachments that come with the messages could contain the worm W32.Beagle.J@mm. The message are not from the Brookmans Park Newsletter.

The wording of the message is fairly convincing and clearly aimed at encouraging people to open the attachment that comes with the mail.

Here is the text from one mail.

Quote
Dear user, the management of Brookmans.com  mailing system wants to let you know that,

Some of our  clients complained about the spam  (negative e-mail content)
outgoing from your e-mail account.  Probably, you have been infected  by
a proxy-relay trojan  server.  In order  to keep  your computer safe,
follow  the instructions.

Pay attention  on attached  file.

Attached file protected with the password for security reasons.  Password  is 18221.

Kind  regards,
  The  Brookmans.com team                                http://www.brookmans.com



Please do not open the attached file, and please make sure your anti-virus software is up to date. If in doubt do a system scan.

I repeat, this site does not send out e-mails about services like this and would not send attachements.

This page tells you more about W32.Beagle.J@mm.

If any of our IT-savvy forum members can add any more information on this please do.



Editor's note: Edited only to make the title clearer.
« Last Edit: March 04, 2004, 08:38:58 am by admin »
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline Largey

  • Opinions on many things
  • ***
  • Posts: 102
Re: Virus & spyware issues
« Reply #17 on: March 04, 2004, 01:30:28 am »
Dave,
As we have already confirmed by checking your system registry. The worm has not been generated from the sites admin.
Worms, (Some people call them virus although they are not) have the ability to send e-mails using the hosts address book listings and therefore dupe the recipients into believing that the message has originated from someone else.
Recently, in particular this week we have seen many new varients appearing on a daily basis. Many of the virus checkers will update every few days but we recommend that people manually select the liveupdate daily for a while. This will give better protection.
Worms are generally not as destructive as a virus as they commonly degrade performance by the constant outgoing e-mails generated.

Paul


Editor's note: Edited only to make the title clearer.

« Last Edit: March 04, 2004, 08:38:49 am by admin »
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #18 on: March 04, 2004, 01:36:59 am »
Thanks for that Paul, I realised after posting that I should have called it Worm Alert, mind you, if I had some might have thought it was something to do with gardening tips. †;)   I have since expanded the title

Here are the other two e-mail messages for anyone interested. None of these messages was sent by the Brookmans Park Newsletter.

Quote

Dear user,

the management of Brookmans.com mailing system  wants to let you know that,

Our main  mailing server will  be temporary unavaible for next two days,
to  continue receiving mail in these days you have to  configure our  free
auto-forwarding service. For  more information see  the attached file.

The Management, The Brookmans.com team http://www.brookmans.com


and the last of the three.

Quote
"Dear user, the management of Brookmans.com  mailing system wants to let you know that,

Some of our  clients complained about the spam  (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server.

In order to keep your computer safe, follow the instructions. Pay attention on attached file. Attached file protected with the password for security reasons. Password is 18221.

Kind  regards, The  Brookmans.com team

http://www.brookmans.com


So to repeat, please do not open the attachments that accompany these mails.


Editor's note: Edited only to make the title clearer.
« Last Edit: March 04, 2004, 08:40:42 am by admin »
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: Virus & spyware issues
« Reply #19 on: March 04, 2004, 02:03:59 am »
The advice given here is very good - many of these things, whilst they exploit vulnerabilities in things like address books - actually rely on "social engineering" and, as you have said, rely on duping an unwary user into an action that propagates the worm.

I'd add an observation regarding mail filtering, that general users ought to be able to implement with free software. I don't have any to hand, but many of these "banking" scams rely on URLs that look legitimate, but arent. The next time you get one (and I'll keep an eye out and post the pattern if I find one), look for a link in the email that seems to stop the "normal" URL partway through and seems to start off again with the "http" part. This is a masked direction to the "scam" site. If you can tell your mail filtering software to detect and automatically throw away any emails that look like this, you'll protect yourself from being socially engineered one day when you read your mail and aren't awake - or when a family member reads their mail and are less cautious about these things. Your bank balance may well thank you for it.

Or alternatively readers could use a sensible operating system that is less prone to these things ;-)


Editor's note: Edited only to make the title clearer.

« Last Edit: March 04, 2004, 08:41:11 am by admin »
 

Offline Bob Horrocks

  • Opinions on everything
  • *****
  • Posts: 1555
  • Gender: Male
  • Expertises:
  • Green Belt
  • Parish Council
Re: Virus & spyware issues
« Reply #20 on: March 05, 2004, 05:24:20 pm »
I saw a tip recently recommending you check the 'properties' of the sender's address.  I received an e-mail a few days ago purporting to be from Symantec i.e. Norton but the properties check revealed an e-mail address that did not look correct.  So I deleted the e-mail straight away.

Hope I did right

Offline Swan

  • Opinions on some things
  • **
  • Posts: 76
  • Forum Member
Re: Virus & spyware issues
« Reply #21 on: March 05, 2004, 06:19:56 pm »
Quote
I saw a tip recently recommending you check the 'properties' of the sender's address. †I received an e-mail a few days ago purporting to be from Symantec i.e. Norton but the properties check revealed an e-mail address that did not look correct. †So I deleted the e-mail straight away.

Hope I did right


This counts doubly so for any eMail requesting that you fill-in details for them to check against their records.

There is one doing the rounds at the moment that has an eBay header, and asks that you input your account details (they say they are restructuring their database or some other tosh) which was received by a workmate. We tracked the source to a location in Dallas Texas, got the name of domain owner via whois.com and passed it on to Herts police

Moral:

Beware of anything you haven't asked for, and anything you have already given
Godwin's Law:

As an online discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one.
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: Virus & spyware issues
« Reply #22 on: March 09, 2004, 09:15:08 pm »
Quote
I don't have any to hand, but many of these "banking" scams rely on URLs that look legitimate, but arent. The next time you get one (and I'll keep an eye out and post the pattern if I find one), look for a link in the email that seems to stop the "normal" URL partway through and seems to start off again with the "http" part.


Here we go (Don't click on the link below):

http://217.12.3.109/*-http://www.msn.com.name-brown.com/s2index.html

If you can get your mail software to recognise things that look like
this, and dump them, you'll be somewhat safer.

This particular one is aimed at Yahoo Europe (apparently).
« Last Edit: March 10, 2004, 08:40:16 am by admin »
 

Offline trinity

  • Opinions on many things
  • ***
  • Posts: 150
Re: Virus & spyware issues
« Reply #23 on: March 10, 2004, 02:05:43 am »
It has been pointed out to me that I missed something out.

Yes, I did check this from a "safe" machine (i.e. I didn't use a web browser - I used a unix shell script with a program called "netcat" that lets me pretend to be various things, and have a look at the result without actually running anything, but to mimic some of the behaviours of a browser).

Don't click on that link I posted. If you do you'll be redirected to a site that will try to sell dodgy clinical medicines. The purpose of the "disguised" link is to hide where the actual site is (rxsupplyhouse.com, registered to an outfit called Whitaker Consulting in British Columbia, Canada). I believe the reason for this is to try to sell medicines privately, to people in the US who would otherwise have to pay more for them. The morality of doing something like that, with no checks on the validity of the prescription, is clearly questionable. Actually buying is clearly very silly.

In general, it is very unwise to click on *any* links on email, usenet or a blog that you have no positive reason to trust - either from the sender or by checking the URL. Your browser or mailer will (or should - if it doesn't you should throw it away and get a proper one) show you the details of any URL, and you should check these before following any links.
 

Offline Editor

  • David Brewer
  • Administrator
  • Opinions on everything
  • *****
  • Posts: 8877
  • Thanked: 136 times
  • Gender: Male
    • Media Helping Media
  • Expertises:
  • Media consultant
  • Journalism trainer
  • Walking
  • Real ale
Re: Virus & spyware issues
« Reply #24 on: April 17, 2004, 11:40:35 am »
I was reading on BBC News Online this morning that the average PC has 28 spyware programmes on it. The report says that while some are relatively harmless, others steal personal information such as banking details. Can any of our local IT experts say whether standard anti-virus programmes, like Norton or AVG, deal with this as part of the package, or is it necessary to download and use something like Spybot.


Click here for BBC story
« Last Edit: April 17, 2004, 01:38:29 pm by admin »
The Brookmans Park Newsletter has been supporting the village and our local community since 1998 by providing free, interactive tools for all to use.
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #25 on: April 17, 2004, 12:13:11 pm »
My recommendation is AdAware, freely downloadable for personal use.
Go to www.lavasoft.de
Make sure you check for updates after installation.
Do a scan of the whole system and remove anything it finds.

Make sure you regularly scan.

You can upgrade to a paid for version which runs in the background, preventing any spyware being installed in the first place.

Hope this helps - let me know what you find !!

SQ
 

Offline ChessMan

  • Opinions on some things
  • **
  • Posts: 20
  • Gender: Male
  • Forum Member
    • LH and BP Chess Club
Re: Virus & spyware issues
« Reply #26 on: April 17, 2004, 11:56:23 pm »
Very useful. Thanks. I'd like to know what some of the little poppits were reporting on though!
:P
 

Offline supersonic

  • Opinions on many things
  • ***
  • Posts: 113
  • Yabba-dabba-doo
Re: Virus & spyware issues
« Reply #27 on: April 18, 2004, 02:15:47 am »
Thanks sasquartch. 36 of the little blighters removed!

supersonic
 

Offline Johnny Redd

  • Opinions on some things
  • **
  • Posts: 72
  • Gender: Male
  • Forum Member
Re: Virus & spyware issues
« Reply #28 on: April 27, 2004, 08:52:45 pm »
I downloaded the ad-aware software and suffered problems starting the pc a few days later.

After a visit from a company in Welham Green out of the blue they specifically mentioned ad-aware as being a no-no to have on your computer along with "trickler.exe" and "gain", the intimation being that it was itself spyware.

Anyone got any ideas????
 

Offline sasquartch

  • Forum Moderator
  • Opinions on everything
  • *****
  • Posts: 1412
  • Thanked: 20 times
  • Brookmans Park Forum Member
Re: Virus & spyware issues
« Reply #29 on: April 28, 2004, 12:18:12 am »
Gain is certainly spyware and their products are used to sponsor peer to peer file sharing services. Trickler is one such product. If you use KaZaa you will have inadvertently loaded spyware.

I'd be very suprised if AdAware caused your problems - this will remove and detect spyware, not spy itself. I've used this extensively without problems both on standalone home PC's as well as corporate.

My best advice would always avoid loading any software you don't actually need, many utilities such as 'enhanced search utilities' and the like are bad news.

Jonny Redd, do you know exactly what the problem was with your PC ?

 

Tags: