The Old Teddy Bear Hoax

by Rob Zorn
from the June 2004 Newsletter

The Jdbgmgr Hoax has been around for a couple of years and I've run an article on it before. It seems it would be a good idea to repeat it, however. The help desk reports that the number of customers encountering the hoax seems to be on the rise again. Indeed, I've received several well-meaning warnings lately myself.

The Jdbgmgr hoax e-mail turns up, usually sent to you by an alarmed friend, and encourages you to go and delete a perfectly innocent Windows file from your system. The file that the hoax refers to (Jdbgmgr.exe) is a Java Debugger Manager. It is a Microsoft file that is installed with Windows. If you search for it within Windows you will see it has a teddy bear icon as described in the hoax.

The e-mail you receive may look something like the following:

I was notified today by someone whose address book I am in that he had found a virus on his computer. It supposedly attaches to everyone in his address book and his C drive.

This morning I did find that virus on my C drive. Therefore, since you are in my address book, you will probably find it in your computer too. The virus (called jdbgmgr.exe) is not detected by Norton or McAfee Anti-virus systems. The virus sits quietly for 14 days before damaging the system. It is sent automatically by 'Messenger' and by your Address Book, whether or not you've sent e-mail to your contacts. Here is how to check for the virus and how to get rid of it. PLEASE DO THIS ASAP (it will only take a minute).

1.- Go to Start, click "Search"
2.- In the "Files or Folders option" write the name jdbgmgr.exe
3.- Be sure that you are searching in the drive "C"
4.- Click "find now"
5.- If the virus is there (it has a little bear-like icon with the name of jdbgmgr.exe DO NOT OPEN IT FOR ANY REASON.
6.- Right click and delete it (it will go to the Recycle bin)
7.- Go to the recycle bin and delete it or empty the recycle bin.

IF YOU FIND THE VIRUS IN YOUR SYSTEM, SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.

Now, it is true that, just like any .exe file, Jdbgmgr.exe, can become infected by a virus. However, just because the file appears on your hard drive, that does not mean you have become infected. Any healthy Windows system should have that file there.

The Microsoft Debugger Registrar for Java (Jdbgmgr.exe) is generally only used by Microsoft Visual J++ 1.1 developers and others writing or testing Java web code. As such, the file is not system critical and it is not imperative that it is reinstalled unless you specifically require that function. If you do wish to reinstall the file, you will need to reinstall the Java Virtual Machine component of Windows, or download the Java environment from:
http://java.sun.com/getjava/index.html.

I probably wouldn't bother. Your best course of action is to give yourself a scolding for uncritically following instructions and deleting files without checking on the validity of what you were told. After that you can just get on with your life. Keep it quiet (no one else needs to know) and make a resolution to yourself to be more careful in future. Whatever you do, don't pass the hoax on!

Even though deleting jdbgmgr.exe probably isn't really going to hurt your computer, hoaxes like these can actually do a lot of harm. Forwarding them on causes panic and confusion, and could even result in a "boy who cried wolf" effect, whereby less-informed Internet users become de-sensitised by all the hoaxes and then ignore a REAL virus warning.

In effect, and interestingly, the hoax e-mail itself becomes like a virus. Though it is not in and of itself malicious code, it does seek to accomplish many of the same things. It attempts to do damage to your machine, it is malicious in its nature, it preys upon ignorance and fear and it even asks you to forward itself on to everyone in your address book, which a coded virus would automatically do.

When receiving an email that claims to alert you to a new virus, look for URLs (links) to web pages at reputable antivirus sites, that back up the warning claim. A good virus warning should ALWAYS link to a website, eg. at Nortons or McAfee etc, to back up its claims. Lastly, if in doubt, check with a computer "geek" or your Internet Service Provider, or browse through a good antivirus website (eg. http://www.symantec.com/avcenter/vinfodb.html) for information on the warning, to determine if it's real or a hoax. Most antivirus websites have info on hoaxes as well as legitimate viruses.

HERE ARE A FEW RELATED SITES OF INTEREST:

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993 - Microsoft's official knowledge base article on jdbgmgr.exe.
http://www.vmyths.com/ VMyths Online Database of Virus and E-mail Hoaxes
http://www.trendmicro.com/vinfo/hoaxes/hoax.aspTrend Micro Hoax Database