ÇáÕãÕÇã
28-02-2007, 06:13 AM
, a Java Debug Manager program used by the Microsoft Java runtime engine. This file is included as part of a standard Windows installation and is not a "virus." (The icon for this file is a graphic of a bear like the one shown to the left
áíÓ ÝíÑæÓ ÇÎì ÇáßÑíã
æåÐå åì ÇíÞæäÊå :
http://www.snopes.com/computer/graphics/bear.jpg
rawrawraw
28-02-2007, 06:13 AM
äÚã ÝÇíÑæÓ æåÐå ãÚáæãÇÊ Úäå ÈÇáÇäßáíÒí.
************ hoax
Type (http://vil.nai.com/vil/*******/v_99436.htm#threat-type) Hoax SubType (http://vil.nai.com/vil/*******/v_99436.htm#threat-subtype) - Discovery Date (http://vil.nai.com/vil/*******/v_99436.htm#threat-date) Length (http://vil.nai.com/vil/*******/v_99436.htm#threat-length) 0 Minimum DAT (http://vil.nai.com/vil/*******/v_99436.htm#threat-minimum-dat) N/A (http://vil.nai.com/vil/*******/%3Ca%20href='#'>N/A</a>) ( ) Updated DAT (http://vil.nai.com/vil/*******/v_99436.htm#threat-update-dat) N/A (http://vil.nai.com/vil/*******/%3Ca%20href='#'>N/A</a>) ( ) Minimum Engine (http://vil.nai.com/vil/*******/v_99436.htm#threat-minimum-engine) 4.1.60 Description Added (http://vil.nai.com/vil/*******/v_99436.htm#threat-description-added) 04/08/2002 Description Modified (http://vil.nai.com/vil/*******/v_99436.htm#threat-description-modified) 01/22/2003 8:54 AM (PT)
Type (http://vil.nai.com/vil/*******/v_99436.htm#)
Type of threat.
SubType (http://vil.nai.com/vil/*******/v_99436.htm#)
Additional type information.
Discovery Date (http://vil.nai.com/vil/*******/v_99436.htm#)
Date that AVERT discovered this threat.
Length (http://vil.nai.com/vil/*******/v_99436.htm#)
File size, in bytes, of the threat.
Minimum DAT (http://vil.nai.com/vil/*******/v_99436.htm#)
McAfee DAT files contain detection and repair information for threats. The Minimum DAT field specifies the lowest/oldest DAT version that is capable of detecting the first incarnation of a threat, and the release date. The highest/newest DAT version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Each description displays the minimum, fully tested, DAT version that includes regular detection for a particular threat. These fully tested DATs are released on a daily basis. If necessary, they are also released when a Medium, Medium On Watch, or High risk threat is discovered. An EXTRA.DAT will also be posted for these more prevalent threats, if necessary.
For each description listed, detection is always available. In the event that the DAT version specified is not yet available, an EXTRA.DAT file may be downloaded via the McAfee AVERT Extra.dat Request Page. Alternatively, minimally tested HOURLY BETA DAT files are available for downloading.
Updated DAT (http://vil.nai.com/vil/*******/v_99436.htm#)
McAfee DAT files are constantly being updated to enhance detection capabilities. The Updated DAT field specifies the released DAT version that contains the most up to date detection.
Minimum Engine (http://vil.nai.com/vil/*******/v_99436.htm#)
The scan engine uses the DAT files to detect threats. The Minimum Engine field specifies the lowest/oldest engine version that is capable of detecting this threat. The highest/newest engine version should always be used for the most complete protection and are available on the Anti-Virus Updates page.
Description Added (http://vil.nai.com/vil/*******/v_99436.htm#)
Date/time this description was published using Pacific Time.
Description Modified (http://vil.nai.com/vil/*******/v_99436.htm#)
Date/time this description was last modified using Pacific Time.
Risk Assessment
Corporate User N/A (**********:openWindow('http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html#N/A');) Home User N/A (**********:openWindow('http://www.mcafee.com/us/threat_center/outbreaks/virus_library/risk_assessment.html#N/A');)
Tab Navigation
Overview (http://vil.nai.com/vil/*******/v_99436.htm#tab1)
Characteristics (http://vil.nai.com/vil/*******/v_99436.htm#tab2)
Symptoms (http://vil.nai.com/vil/*******/v_99436.htm#tab3)
Method of Infection (http://vil.nai.com/vil/*******/v_99436.htm#tab4)
Removal (http://vil.nai.com/vil/*******/v_99436.htm#tab5)
Variants (http://vil.nai.com/vil/*******/v_99436.htm#tab6)
All Information (http://vil.nai.com/vil/*******/v_99436.htm#tab7)Overview
Characteristics
AVERT HOAX Notice!!
McAfee AVERT Labs would like to inform you of a new email HOAX.
This email message is just a HOAX. Although, the ************ file may become infected by a number of valid viruses (most commonly W32/Magistr@MM (http://vil.nai.com/vil/*******/v_99040.htm)), the details of this HOAX message are not based on actual events.
We are advising users who receive the email to delete the message and DO NOT pass it on as this is how an email HOAX propagates.
************ is the Microsoft Debugger Registrar for Java. This application is only useful for Java developers and does not need to be restored on other user's systems. In the event that this file has already been deleted and you need to restore it, see the Removal Instructions (http://vil.nai.com/vil/*******/v_99436.htm#RemovalInstructions) for instructions.
It uses this icon:
http://vil.nai.com/images/jdbgmgrlg.gif Below is the actual text from the message that may be received via email. There are numerous variations on these messages. </B></U>
(English version)
I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple: The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is ************ and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search"2.- In the "Files or Folders option" write the name ************ 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of ************ DO NOT OPEN IT FOR ANY REASON6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE. (Spanish version)
encontré el osito en mi máquina por lo que cumplo con remitir el mensaje para que lo busquen en su máquina. el procedimiento es sencillo: El motivo de este e-mail es advertir a todos los usuarios de hotmail sobre un nuevo virus que circula por medio del MSN Messenger. El virus se llama ************ y se transmite automáticamente por medio del Messenger y tambien por la libreta de direcciones. . El virus no es detectado por McAfee o Norton y permanence en letargo durante 14 días antes de dañar el sistema entero. Puede ser borrado antes de que elimine los archivos de tu computadora. Para eliminarlo, solo hay que hacer los pasos siguientes: 1. Ir a Inicio, pulsar "buscar" 2.- En búsqueda "archivos o carpetas" escribir el nombre ************ 3.- Asegurarse de que este buscando en disco "C" 4.- Pulsar en "buscar ahora" 5.- Si aparece el virus (el icono es un osito que tendrá el nombre de ************ NO ABRIR POR NINGUN MOTIVO 6.- Pulsar en el botón derecho del ratón y eliminarlo (ira a la papelera de reciclaje). 7.- Ir a la papelera de reciclaje y borrarlo definitivamente o bien vaciar la papelera entera. SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE ALGUN DAÑO (German version)
Hallo, gerade habe ich den Virus detectiert und vernichtet, schaut lieber nach, ob ihr nicht auch betroffen seit! Der Virus ist mit ueblichen Programmen nicht abzuwehren und wird durch Outlook Express verbreitet: - Die infizierte Datei namens: ************, befindet sich im Laufwerk C:, besser ueberall nachschauen.- Wenn gefunden, nicht oeffnen sondern gleich loeschen- Auch aus dem Muelleimer loeschen.- Solltet Ihr auch infiziert sein, sendet doch bitte diese Nachricht an Euer komplettes Adressbuch! Vielen Dank (Dutch version)
Ik had een virus, dus check even of jullie het ook hebben. Het is een virus dat eerst 2 weken niks doet en daarna pas toeslaat. Het gaat ongemerkt naar iedereen in je adresboek.Het is heel makkelijk om het te traceren en te verwijderen. Hoe dat moet lees je hieronder.Het virus wat is ontvangen heet: ************Het wordt niet opgespoord door Norton of VET. Het slaapt ca 14 dagen en dan infecteerthet de computer en beschadigt het systeem. Met alle ellende vandien.Het wordt automatich doorgestuurd naar iedereen in je adresboek, of je nu e-mail verstuurt of niet.Ik heb direct mijn systeem gecheckt en ja hoor.Ik heb het meteen verwijderd.De instructies om het te verwijderen zijn:Ga naar het Start menu en dan naar de optie zoeken en dan bestanden of mappen. In bestand optie, tik in de naam ************. Zoek op de hele harde schijf, dus C: .Klik dan op “zoek nu”. Het virus heeft een beer-icoontje wat wordt gevolgd door de naam ************. NIET OPENEN!!!!!Druk 1 keer zodat het blauw wordt en druk dan op delete Ga dan naar de prullenbak en haal hem daar ook weg. Dus helemaal van je harde schijf afhalen.
Symptoms
Method of Infection
Removal
In the event that ************ was deleted erroneously, the following method may be used to restore the file from backup (see additional information from Microsoft (http://support.microsoft.com/default.aspx?scid=KB;EN-US;q322993&):
-- Windows 95 Instructions --
1) Click START - RUN
2) Type: EXTRACT /A C:\WINDOWS\OPTIONS\CABS\WIN95_09.CAB ************ /L C:\WINDOWS\SYSTEM and hit ENTER
NOTE: The location of the CAB files may vary. If this does not work for you, try using your Windows CD-ROM path (ie. D:\Win95). -- End Windows 95 Instructions --
-- Windows 98 Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type SFC and hit ENTER
2) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\************ and hit ENTER
3) In the RESTORE FROM field, type in the path to your WINDOWS CAB files
(ie. C:\WINDOWS\OPTIONS\CABS)
(ie. D:\WIN98 where D is the drive letter assigned to your CD-ROM)
4) Click OK and continue with the restore function
-- End Windows 98 Instructions --
-- Windows NT 4 Instructions --
See Microsoft Knowledge Base Article - Q322993 (http://support.microsoft.com/default.aspx?scid=KB;EN-US;q322993&) -- End Windows NT 4 Instructions --
-- Windows ME Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type MSCONFIG and hit ENTER
2) Click the Extract Files button
3) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\************ and hit ENTER
4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files
(ie. C:\WINDOWS\OPTIONS\INSTALL)
5) Click OK and continue with the restore function
-- End Windows ME Instructions --
-- Windows 2000 Instructions --
1) Click START - RUN, type expand d:\i386\jdbgmgr.ex_ %windir%\system32 and hit ENTER
Note: this assumes that D: is your CD-ROM drive, and that you have the Windows2000 CD-ROM in the drive. If this is not the case, d:\i386 should be replaced with the path to your i386 directory.
-- End Windows 2000 Instructions --
-- Windows XP Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type MSCONFIG and hit ENTER
2) Click the Expand File... button
3) In the "File to restore" field, type %WinDir%\SYSTEM32\************ and hit ENTER
4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files. This may vary from machine to machine. It may be on a local drive, network drive, or CD-ROM
(ie. C:\WINDOWS\OPTIONS\INSTALL)
5) In the Save File in field, type in %WinDir%\SYSTEM32.
6) Click OK and continue with the restore function
-- End Windows XP Instructions --
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
AVERT HOAX Notice!!
McAfee AVERT Labs would like to inform you of a new email HOAX.
This email message is just a HOAX. Although, the ************ file may become infected by a number of valid viruses (most commonly W32/Magistr@MM (http://vil.nai.com/vil/*******/v_99040.htm)), the details of this HOAX message are not based on actual events.
We are advising users who receive the email to delete the message and DO NOT pass it on as this is how an email HOAX propagates.
************ is the Microsoft Debugger Registrar for Java. This application is only useful for Java developers and does not need to be restored on other user's systems. In the event that this file has already been deleted and you need to restore it, see the Removal Instructions (http://vil.nai.com/vil/*******/v_99436.htm#RemovalInstructions) for instructions.
It uses this icon:
http://vil.nai.com/images/jdbgmgrlg.gif Below is the actual text from the message that may be received via email. There are numerous variations on these messages. </B></U>
(English version)
I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple: The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is ************ and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system. The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search"2.- In the "Files or Folders option" write the name ************ 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of ************ DO NOT OPEN IT FOR ANY REASON6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin. IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE. (Spanish version)
encontré el osito en mi máquina por lo que cumplo con remitir el mensaje para que lo busquen en su máquina. el procedimiento es sencillo: El motivo de este e-mail es advertir a todos los usuarios de hotmail sobre un nuevo virus que circula por medio del MSN Messenger. El virus se llama ************ y se transmite automáticamente por medio del Messenger y tambien por la libreta de direcciones. . El virus no es detectado por McAfee o Norton y permanence en letargo durante 14 días antes de dañar el sistema entero. Puede ser borrado antes de que elimine los archivos de tu computadora. Para eliminarlo, solo hay que hacer los pasos siguientes: 1. Ir a Inicio, pulsar "buscar" 2.- En búsqueda "archivos o carpetas" escribir el nombre ************ 3.- Asegurarse de que este buscando en disco "C" 4.- Pulsar en "buscar ahora" 5.- Si aparece el virus (el icono es un osito que tendrá el nombre de ************ NO ABRIR POR NINGUN MOTIVO 6.- Pulsar en el botón derecho del ratón y eliminarlo (ira a la papelera de reciclaje). 7.- Ir a la papelera de reciclaje y borrarlo definitivamente o bien vaciar la papelera entera. SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE ALGUN DAÑO (German version)
Hallo, gerade habe ich den Virus detectiert und vernichtet, schaut lieber nach, ob ihr nicht auch betroffen seit! Der Virus ist mit ueblichen Programmen nicht abzuwehren und wird durch Outlook Express verbreitet: - Die infizierte Datei namens: ************, befindet sich im Laufwerk C:, besser ueberall nachschauen.- Wenn gefunden, nicht oeffnen sondern gleich loeschen- Auch aus dem Muelleimer loeschen.- Solltet Ihr auch infiziert sein, sendet doch bitte diese Nachricht an Euer komplettes Adressbuch! Vielen Dank (Dutch version)
Ik had een virus, dus check even of jullie het ook hebben. Het is een virus dat eerst 2 weken niks doet en daarna pas toeslaat. Het gaat ongemerkt naar iedereen in je adresboek.Het is heel makkelijk om het te traceren en te verwijderen. Hoe dat moet lees je hieronder.Het virus wat is ontvangen heet: ************Het wordt niet opgespoord door Norton of VET. Het slaapt ca 14 dagen en dan infecteerthet de computer en beschadigt het systeem. Met alle ellende vandien.Het wordt automatich doorgestuurd naar iedereen in je adresboek, of je nu e-mail verstuurt of niet.Ik heb direct mijn systeem gecheckt en ja hoor.Ik heb het meteen verwijderd.De instructies om het te verwijderen zijn:Ga naar het Start menu en dan naar de optie zoeken en dan bestanden of mappen. In bestand optie, tik in de naam ************. Zoek op de hele harde schijf, dus C: .Klik dan op “zoek nu”. Het virus heeft een beer-icoontje wat wordt gevolgd door de naam ************. NIET OPENEN!!!!!Druk 1 keer zodat het blauw wordt en druk dan op delete Ga dan naar de prullenbak en haal hem daar ook weg. Dus helemaal van je harde schijf afhalen.
Symptoms
Symptoms -
Method of Infection
Method of Infection -
Removal -
Removal -
In the event that ************ was deleted erroneously, the following method may be used to restore the file from backup (see additional information from Microsoft (http://support.microsoft.com/default.aspx?scid=KB;EN-US;q322993&):
-- Windows 95 Instructions --
1) Click START - RUN
2) Type: EXTRACT /A C:\WINDOWS\OPTIONS\CABS\WIN95_09.CAB ************ /L C:\WINDOWS\SYSTEM and hit ENTER
NOTE: The location of the CAB files may vary. If this does not work for you, try using your Windows CD-ROM path (ie. D:\Win95). -- End Windows 95 Instructions --
-- Windows 98 Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type SFC and hit ENTER
2) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\************ and hit ENTER
3) In the RESTORE FROM field, type in the path to your WINDOWS CAB files
(ie. C:\WINDOWS\OPTIONS\CABS)
(ie. D:\WIN98 where D is the drive letter assigned to your CD-ROM)
4) Click OK and continue with the restore function
-- End Windows 98 Instructions --
-- Windows NT 4 Instructions --
See Microsoft Knowledge Base Article - Q322993 (http://support.microsoft.com/default.aspx?scid=KB;EN-US;q322993&) -- End Windows NT 4 Instructions --
-- Windows ME Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type MSCONFIG and hit ENTER
2) Click the Extract Files button
3) In the "Specify the system file you would like to restore" field, type C:\WINDOWS\SYSTEM\************ and hit ENTER
4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files
(ie. C:\WINDOWS\OPTIONS\INSTALL)
5) Click OK and continue with the restore function
-- End Windows ME Instructions --
-- Windows 2000 Instructions --
1) Click START - RUN, type expand d:\i386\jdbgmgr.ex_ %windir%\system32 and hit ENTER
Note: this assumes that D: is your CD-ROM drive, and that you have the Windows2000 CD-ROM in the drive. If this is not the case, d:\i386 should be replaced with the path to your i386 directory.
-- End Windows 2000 Instructions --
-- Windows XP Instructions --
Information on using the System File Checker to restore files (http://vil.nai.com/vil/systemhelpdocs/SFC.htm) 1) Click START - RUN, type MSCONFIG and hit ENTER
2) Click the Expand File... button
3) In the "File to restore" field, type %WinDir%\SYSTEM32\************ and hit ENTER
4) In the RESTORE FROM field, type in the path to your WINDOWS CAB files. This may vary from machine to machine. It may be on a local drive, network drive, or CD-ROM
(ie. C:\WINDOWS\OPTIONS\INSTALL)
5) In the Save File in field, type in %WinDir%\SYSTEM32.
6) Click OK and continue with the restore function
-- End Windows XP Instructions --
Variants
Variants -
N/A
rawrawraw
28-02-2007, 06:16 AM
æåÐå ãÚáæãÇÊ ÃæÖÍ ãä ÔÑßÉ f-secure hgulghrm
http://www.f-secure.com/images/newlook/menutop.gif (http://www.f-secure.com/)http://www.f-secure.com/images/newlook/logoint.gif http://www.f-secure.com/images/pixel.gif%22
Select local site
Global Sites F-Secure.fi F-Secure Italian site F-Secure UK site F-Secure.com Slovenia France Germany Italy Japan Sweden
http://www.f-secure.com/images/dotted_line.gif
http://www.f-secure.com/images/nav_privacy.gif (http://www.f-secure.com/privacy_policy.shtml)
http://www.f-secure.com/images/nav_legal.gif (http://www.f-secure.com/legal_notices.shtml)
http://www.f-secure.com/images/nav_contact2.gif (http://www.f-secure.com/contactus.shtml) http://www.f-secure.com/images/dotted_line.gif
http://www.f-secure.com/images/pixel.gifhttp://www.f-secure.com/images/securityinfo.gif (http://www.f-secure.com/virus-info/)
Hoax Warnings
http://www.f-secure.com/pics/left_subbuttonbg.gif
http://www.f-secure.com/pics/dummy.gif Alphabetical Index Select from the list A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 0 Other Latest 50NAME: (http://www.f-secure.com/hoaxes/info/name.shtml)************ virus hoaxALIAS: (http://www.f-secure.com/hoaxes/info/alias.shtml)Teddy Bear hoax
NOTE: A worm has been found that actually uses the ************ filename! For more information, please go to:
http://www.f-secure.com/v-descs/recory.shtml (http://www.f-secure.com/v-descs/recory.shtml)
NOTE: On 21st of May 2002, a new virus using this hoax was found. The virus sends messages coming apparently from Symantec corporation and contains a warning on the JDBGMGR hoax - plus a virus attached to it.
In April 2002 there appeared a hoax message concerning a new virus that was reportedly discovered in Windows utility ************. The jdbgmgr is a standard windows component that is found in every windows installation, it is used as Java debugger manager in Microsoft Java runtime engine. The icon of the original ************ file for some reason looks like a teddy bear:
http://www.f-secure.com/virus-info/v-pics/jdbgmgr.gif
We checked several versions of this utility from Windows installations and found nothing malicious in them.
Please ignore this hoax or anything similar warning about ************ and don't pass it on.
According to Microsoft's website:
" If you follow the e-mail message instructions and delete this file, you do not have to recover it unless you use Microsoft Visual J++ 1.1 to develop Java programs on Windows XP, Windows NT 4.0, Windows 98 Second Edition, Windows 98, or Windows 95."
If you have deleted ************, please see Microsoft knowledgebase article Q322993 for further instructions: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993 (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322993)
Please note that some e-mail worms (for example, Magistr) might sometimes send an infected ************ in an e-mail attachment, but this infection is caused by Magistr not JDBGMGR by itself. So the bottom line is, if you receive ************ or any other windows component by email, it is most probably a file infected by a virus. If you find ************ from your system directory, it is most probably a clean file.
A variation of this hoax is known to exist which relates the ************ file to the Bugbear worm:
http://www.f-secure.com/v-descs/tanatos.shtml (http://www.f-secure.com/v-descs/tanatos.shtml)
The Bugbear is a real worm completely unrelated to this file.
Here's the original hoax message:
---Begin Hoax Text -------------------------------------------
I have been informed that the following file is a virus that may be in you C drive.</B>
Please go into your find file and if this exists (it has an icon of a bunny) please do not open. Use your right click button and just delete, then go into your recycle folder and delete it from there, do not open.</B>
If this exists, please let everyone know in your address book.</B>
************</B>
---End Hoax Text ---------------------------------------------
This variant of the hoax was found in April 2002:
---Begin Hoax Text -------------------------------------------
Dear Sirs:</B>
It is possible that a VIRUS could be sent to you because you were registered in our Outlook's directory.</B>
This VIRUS sends itself to all addresses registered in your Outlook's Address Book (happens also with other e-mailing programs). If you find it please resend this email to all your email addresses.</B>
How to erase it: This virus is not found neither by Mc Afee, Norton, or any other AntiVirus programs.</B>
How to erase it: 1) In the Start Menu go to "Search Files", then search for ************ or j*.exe 2) the Virus programs has a Teddy Bear as the Icon. 3) Once you found it, erase it. 4) go to the windows' trash can and empty it or at least open it and then erase the file with the teddy bear icon. 5) resend this email to everybody on your mailing lists.</B>
BYE, AND SHAME ON THE VIRUS DEVELOPERS! THEY HURT ALL BUSINESS, PEOPLE, AND OTHERS.</B>
---End Hoax Text ---------------------------------------------
This variant of the hoax was found in April 2002:
---Begin Hoax Text -------------------------------------------
I found the little bear in my machine because of that I am sending this message in order for you to find it in your machine. The procedure is very simple:</B>
The objective of this e-mail is to warn all Hotmail users about a new virus that is spreading by MSN Messenger. The name of this virus is ************ and it is sent automatically by the Messenger and by the address book too. The virus is not detected by McAfee or Norton and it stays quiet for 14 days before damaging the system.</B>
The virus can be cleaned before it deletes the files from your system. In order to eliminate it, it is just necessary to do the following steps: 1. Go to Start, click "Search" 2.- In the "Files or Folders option" write the name ************ 3.- Be sure that you are searching in the drive "C" 4.- Click "find now" 5.- If the virus is there (it has a little bear-like icon with the name of ************ DO NOT OPEN IT FOR ANY REASON 6.- Right click and delete it (it will go to the Recycle bin) 7.- Go to the recycle bin and delete it or empty the recycle bin.</B>
IF YOU FIND THE VIRUS IN ALL OF YOUR SYSTEMS SEND THIS MESSAGE TO ALL OF YOUR CONTACTS LOCATED IN YOUR ADDRESS BOOK BEFORE IT CAN CAUSE ANY DAMAGE.</B>
---End Hoax Text -------------------------------------------
This variant of the hoax was found in May 2002:
---Begin Hoax Text -------------------------------------------
Our association was infected by the virus jdbgmrg.exe and we think you might have received it as well. This virus is automatically transmitted via Messenger and the Adress Book. It is not detected by MacFee or Norton and it hibernates for 14 days before attacking your hard drive. To get rid of the virus, follow the instructions below :</B>
1. Go to START and select SEARCH then FOR FILES OR FOLDERS 2. In the window SEARCH FOR FILES OR FOLDERS, type the virus name: ************ 3. The window LOOK IN should indicate a search in the hard drive "C"</B>
4. Click on SEARCH NOW 5. If you find the virus (the icon is a teddy bear) DON'T OPEN IT!!! 6. Press SHIFT DELETE 7. If you find the virus on the hard drive, send this message to everyone figuring in your Adress book.</B>
Our appologies for this inconvenience. Thank you for your cooperation.</B>
---End Hoax Text ---------------------------------------------
Please note that in January 2003 there appeared a trojan called Dasmin that uses jdbgmrg.exe as file name. More information at http://www.f-secure.com/v-descs/dasmin.shtml (http://www.f-secure.com/v-descs/dasmin.shtml)
This variant of the hoax was found in May 2002:
---Begin Hoax Text -------------------------------------------
Today I received an e-mail of a supplier telling me that he may have sent to me and others one VIRUS through system. This virus is re-transmitted automatically to all the addresses stored in our list of contacts. YOU are one that belong to my mailing lists!!!</B>
Unhappily it cannot be avoided, therefor the virus is not detected by Mcfee or Norton and he stays occult for 14 days before destroying the whole system.</B>
Therefore, follow the steps below to proceed and avoid losing you data: 1) Click in "START" than in "FIND" 2) In "FIND" click in "Files and Folders" 3) NOW WRITE the name of the virus' file ************ on the space "named" 4) Click e checks that it is seeking him/it in the drive C 5) The virus possesses an icon in small bear form (grey colour) 6) When you have it listed don't open it in any way, delete the file immediately 7) Please don't forget to remove the file from "Recycle Bin" because even in Recycle Bin it can damage your computer. 8) In case you find this virus in you computer, send this message to all of the people that are in you address book before this causes some larger damage.</B>
---End Hoax Text ---------------------------------------------
This variant of the hoax was found in May 2002:
---Begin Hoax Text -------------------------------------------
I just received a message today from one of my friends in my Address Book. Their Address Book had been infected by a virus and it was passed on to my computer. My Address Book, in turn, has been infected. The virus (called ************) is not detected by Norton or McAfee Anti-virus systems. The virus sits quietly for 14 days before damaging the system. It's sent automatically by the messenger and by the Address Book, whether or not you sent emails to your contacts. I have checked, found it and deleted it. Here's how to check for the virus and how to get rid of it:</B>
DO THIS: 1. Go to start, Find or Search option. 2. In the files/folder option, type the name ************ 3. Be sure to search your C: drive (& all hard drives) 4. click "find now" 5. the virus has a teddy bear icon with the name ************ DO NOT OPEN IT 6. Right click and delete it. It will then go to the Recycle Bin 7. Go to the recycle bin and delete it there as well. IF YOU FIND THE VIRUS, YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK SO THAT THEY CAN ERADICATE IT IN THEIR OWN ADDRESS BOOKS. SORRY ABOUT THIS. I'M SURE EVERYONE IN MY ADDRESS BOOK WILL HAVE IT.</B>
---End Hoax Text ---------------------------------------------
This variant of the hoax was found in September 2002:
---Begin Hoax Text -------------------------------------------
A colleague's Address's Book has been infected by a virus and it was passed on to our computer. Our Address Book in turn has been infected. The virus (called ************) is apparently not detected by Norton or McAfee anti-virus systems. The virus sits quietly for 14 (fourteen) days before damaging the system. It is sent automatically by messenger and by Address Book, whether or not you sent emails to your contacts.</B>
It is quite easy to check for the virus and to get rid of it in a couple of minutes.</B>
1. Go to Start, Find or Search option. 2. In the files/folders option, write the name ************ 3. Be sure to search your C: drive and any other drives you may have.</B>
4. Click "find now" 5. The virus has a teddy bear icon with the name ************ - DO NOT OPEN IT 6. Go to edit, choose "select all" to highlight the file without opening it. 7. Now go to file and select "delete". It will then go to the Recycle Bin. 8. Go to the Recycle Bin and delete it there as well. 9. Finally, go through the same procedure searching for a second file: ************-2EF58AEB.pf (Upper and lower case as shown). This file might have turned up with your initial search.</B>
IF YOU FIND THIS VIRUS YOU MUST CONTACT ALL THE PEOPLE IN YOUR ADDRESS BOOK SO THAT THEY IN TURN MAY ERADICATE IT FROM THEIR OWN ADDRESS BOOKS. APOLOGIES AS WE ARE SURE EVERYONE IN OUR ADDRESS BOOK WILL HAVE IT.</B>
To do this open a new email message Click the photo of the address book next to "To" Click every name and add it to BCC Copy this message....enter subject....paste to email....send</B>
Or, this is quicker as long as your server doesn't place a limit on the number of addresses you may use at once. Go to Address Book, select "ALL"(Ctrl A), go to "send mail" which is in tools or action.</B>
---End Hoax Text ---------------------------------------------
Finnish translation of the hoax:
---Begin Hoax Text -------------------------------------------
Olen saanut tiedon eräältä liikekumppanilta, että hänen koneensa on välittänyt viirusta, joita eivät vielä yleiset viirustorjuntaohjelmat tunnista. Löysin viiruksen myös omasta koneestani ja on mahdollista, että ennen sen poistamista se on saattanut levitä sähköpostiluettelossani olleisiin osoitteisiin.</B>
Toimi näin: Aloita KÄYNNISTÄ, ETSI, valitse KAIKKI TIEDOSTOT, kirjoita etsimäsi tiedoston nimeksi ************, paina ETSI. Iconissa on pieni harmaa karhu, ÄLÄ AVAA!</B>
Jos se löytyy niin tuhoa se ************ painamalla oikeasta hiiren painikkeesta tiedoston nimeä ja sirrä se roskakoriin. Tämän jälkeen mene Roskakorin sisältöön klikkaamallaa sitä ja POISTA roskakorin sisältö.</B>
Valitan aiheuttamastani vaivasta.</B>---End Hoax Text ---------------------------------------------
French translation of the hoax:
---Begin Hoax Text -------------------------------------------
Notre entreprise a été infectée par le virus ************ et vous risquez de l'avoir reçu aussi. Ce virus est transmis automatiquement par messenger ainsi que par le carnet d'adresse. Il n'est pas détecté par MacFEE ou Norton et reste en sommeil pendant 14 jours avant de s'attaquer au disque dur. Il peut détruire tout le système. Pour vous en débarasser, suivez les instructions suivantes dès que possible :</B>
1. Aller à DÉMARRER et sélectionner RECHERCHER puis FICHIERS ou DOSSIERS 2. Dans la fenêtre FICHIERS ou DOSSIERS, taper le nom du virus : ************ 3. Vérifier que la fenêtre Recherche dans indique une recherche dans le disque dur "C" 4. Cliquer sur RECHERCHER MAINTENANT 5. Si vous trouvez le virus (l'icône est un petit ourson) NE L'OUVREZ SURTOUT PAS!!! 6. Appuyez sur SHIFT et DELETE en gardant le doigt sur la touche SHIFT 7. Si vous trouvez le virus sur votre disque dur, envoyez ce message à tous les correspondants de votre carnet d'adresse car nous ne savons pas depuis quand le virus est présent</B>
Nos excuses pour ce problème hors de notre contrôle. Merci de votre compréhension et de votre collaboration.</B>
---End Hoax Text ---------------------------------------------
Another French translation of the hoax:
---Begin Hoax Text -------------------------------------------
L'ICONE EST UN PETIT OURSON. 1.Aller dans DEMARRER, faire "RECHERCHER " 2.Dans la fenêtre FICHIERS-DOSSIERS taper le nom du virus : ************ 3.Assurez vous de faire la recherche sur votre disque dur en principe "C" 4.Appuyer sur "RECHERCHER MAINTENANT " 5.Si vous trouvez le virus L'ICONE EST UN PETIT OURSON son nom "************" NE L'OUVREZ SURTOUT PAS !!!! 6.Appuyer sur le bouton droit de la souris. Pour l'éliminer cliquer sur SUPPRIMER Vous pouvez aussi l'effacer en appuyant sur SHIFT DELETE afin qu'il ne reste pas dans la corbeille 7. Aller à la corbeille et l'effacer définitivement ou bien vider la corbeille. MAIS SURTOUT NE L'OUVREZ PAS SUPPRIMEZ LE DIRECTEMENT. Refaite la même opération avec sulfnbk.exe SI VOUS TROUVER LE VIRUS SUR VOTRE DISQUE DUR MERCI D'ENVOYER CE MESSAGE A TOUS VOS CORRESPONDANTS FIGURANT SUR VOTRE CARNET D'ADRESSES CAR CE VIRUS PASSE VRAIMENT PARTOUT ET TRES VITE!!!</B>
---End Hoax Text ---------------------------------------------
Spanish translation of the hoax:
---Begin Hoax Text -------------------------------------------
Me han informado de un virus que puede exsistir en su disco "C".</B>
Por favor de ir a Pulsar en "buscar ahora"</B>
Si aparece el virus (el icono es un osito que tendrá el nombre de ************ NO ABRIR POR NINGUN MOTIVO</B>
Pulsar en el botón derecho del ratón y eliminarlo (ira a la papelera de reciclaje).</B>
Ir a la papelera de reciclaje y borrarlo definitivamente o bien vaciar la papelera entera.</B>
SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE ALGUN DAÑO.</B>
---End Hoax Text ---------------------------------------------
German translation of the hoax:
---Begin Hoax Text -------------------------------------------
Hallo zusammen,</B>
es gibt einen neuen Virus, der sich über´s Adressbuch verschickt und der nicht von allen Virenprogrammen erkannt wird. (Ich hatte ihn auf meiner Festplatte) Der Virus soll 14 Tage nach der Infektion aufwachen und ist leicht zu entfernen:</B>
1. Start 2. Suchen 3. Im Fenster Dateien/Ordner ************ eingeben 4. Suche auf C: durchführen lassen (auch in den versteckten Dateien) 5. Auf keinen Fall öffnen sondern sofort entfernen und auch den Papierkorb ausleeren.</B>
---End Hoax Text ---------------------------------------------
Another german translation of the hoax, this one also mentions setdebug.exe:
---Begin Hoax Text -------------------------------------------
Wir haben soeben diese wichtige Viruswarnung empfangen; deshalb bitte unten stehende Viruswarnung unbedingt ernst nehmen.</B>
Wir haben diese EXE-Datei tatsächlich auf unserem Rechner gefunden, daneben gibt es noch eine Datei mit einem Teddy-Icon eine Ordnerbene höher:</B>
setdebug.exe.</B>
Wichtig!!!!</B>
An alle, die in unserem Adressbuch stehen!</B>
Heute kam erneut ein Hinweis, dass wieder mal ein Virus kursiert, das sich automatisch an alle im persönlichen Adressbuch aufgelisteten E-Mail-Addis versendet.</B>
Die Nachricht hat sich leider bewahrheitet, so dass zu befürchten ist, dass alle, die in unseren Adressbüchern stehen, nun dieses Virus auf ihrem C-Laufwerk sitzen haben. Das Virus soll nach 14 Tagen aktiv werden und zerstört dann das Betriebssystem. Man kann es aber schnell finden und eleminieren:</B>
1. Auf "Start" klicken und dann auf "Suchen" klicken. 2. In "Suchen" auf "Dateien/Ordner" klicken und den Datei-Namen des Virus' eingeben:</B>
************</B>
(Achtung: Es muss Laufwerk C überprüft werden!)</B>
3. Das Virus hat einen grauen Teddybären als Icon. Wenn es tatsächlich auf Laufwerk C abgespeichert ist, nicht öffnen, sondern sofort löschen. Das muss dann unbedingt auch im Papierkorb gemacht werden. Wer das Virus in seinem Computer gefunden hat, bitte sofort alle in seinem Adressbuch befindlichen Personen informieren.</B>
Bitte nicht darauf verlassen, das das Virus durch einen Virus-Scan eliminiert wird. Mein aktuelles Virensuchprogramm hat das Virus nicht entdeckt.</B>
Von den "Sendern" kam nicht einmal eine Mail in den letzten Tagen, das Virus verbreitet sich also "Mail-frei". Darum UNBEDINGT Laufwerk C überprüfen. Wir hoffen mit der unangenehmen Nachricht dennoch geholfen zu haben.</B>
Viele Grüße</B>
Cläre und Gerd Wilh. Bellersheim</B>
Virus hat auch uns erwischt, deswegen nochmals Warnung ernst nehmen!!!!</B>
setdebug.exe ************</B>
---End Hoax Text ---------------------------------------------
Another German translation of the hoax:
---Begin Hoax Text -------------------------------------------
ECHT WICHITG! Mal wieder versucht ein Virus, sich über die Adressbücher der Leute auszubreiten. Diesem scheint es tatsächlich zu gelingen und es ist kein Fake, daher schicke ich die Warnung hier mal an alle aus meinem Adressbuch:</B>
"Es ist wirklich ein Ernstfall ! Bitte schaut umgehend nach!!!</B>
Das Virus verbreitet sich von Adressbuch zu Adressbuch, also bitte gleich nachschauen. Es ist in der Tat von Norton und McAfee (und AntiVir9x) nicht auffindbar. Es schlummert etwa 14 Tage auf dem Rechner, aktiviert sich dann selbst und löscht sämtliche Daten auf der Festplatte. Die Anweisung zu seiner Entfernung ist recht einfach:</B>
1. Auf "Start" klicken, dann auf "Suchen", dann auf Dateien/Ordner. 2. In der Suchmaske "************" eintippen - so heisst die Virusdatei 3. Bei "Suchen in" muss die Festplatte drin stehen, in der Regel C: 4. Suche starten. 5. Wenn diese Datei auftaucht (sie hat einen kleinen Teddybär als Symbol) AUF KEINEN FALL ÖFFNEN! 6. Mit der rechten Maustaste den Dateinamen anklicken, dann löschen drücken 7. Bei der Rückfrage ob die Anwendung tatsächlich in den Papierkorb verschoben werden soll, "Ja" drücken. 8. Auf den Desktop gehen und den Papierkorb öffnen. 9. Die Datei "************" im Papierkorb suchen und mit der rechten Maustaste aus dem Papierkorb entgültig löschen.</B>
Wenn Du/Sie die Datei auf dem Rechner gefunden hast/haben, bitte diese E-Mail an alle Kontakte im Adressbuch versenden, weil der Virus über das Adressbuch verbreitet wird. Danke."</B>
---End Hoax Text ---------------------------------------------
Portugese translation of the hoax:
---Begin Hoax Text -------------------------------------------
Porque de facto recebi o Vírus que o texto refere, "re-passo" o texto de alerta.</B>
Atenç o! - Verifiquem, e se tiverem dificuldades, a melhor soluç o é contactar os vossos Informáticos.</B>
Acabei de receber um e-mail com um V•RUS via sistema. Segundo me informaram, este vírus é automaticamente retransmitido à todos os endereços armazenados em nossas lista de contatos. VOC• é um deles!!! Infelizmente n o podemos evitá-lo pois ele n o é detectado por Mcfee ou o Norton e permanece oculto por 14 dias antes de destruir o sistema inteiro.</B>
Portanto, siga atentamente os passos a seguir e evite perder seus dados:</B>
1) Clique em "Iniciar" depois "localizar" (ou buscar); 2) Em "localizar" clique em "Pastas e arquivos" - escrever o nome do arquivo "virótico": ************; 3) assegure-se de que está procurando -o no drive C; 4) Localizar agora; 5) O vírus possui um ícone em forma de ursinho (cinza); 6) Caso voce o encontre, n o abra de maneira alguma, delete-o imediatamente, 7) N o esqueça de retira-lo da Lixeira pois sen o nada adiantará. 8) Caso voce encontre este vírus no seu computador, envie esta mensagem a todas as pessoas que estejam na sua agenda de endereços antes que este cause algum dano maior.</B>
---End Hoax Text ---------------------------------------------
Romanian translation of the hoax:
---Begin Hoax Text -------------------------------------------
Subject: Atentie</B>
Am fost informati astazi de aparitia unui virus extrem de puternic ce nu poate fi reperat de Norton si care ataca numai PC-urile. Pentru securitatea dvs. si a celor cu care corespondati, va sfatuim sa verificati daca nu ati fost infectati. Virusul se numeste ************ si se transmite automat prin intermediul Messenger-ului si a carnetului de adrese al Outlook Express. Nu este detectat de McAfee sau Norton Antivirus si devine activ dupa 14 zile de la sosire. Este extrem de periculos pentru sistem. Pentru a-l elimina sunt necesari urmatorii pasi: 1. Intrati in Start Menu" (Start) si mai apoi in "Find" 2. Intrati in "Find files and folders", scrieti numele ************ 3. Asigurati-va ca domeniul de cautare este C/ 4. Apasati pe "Find now" 5. Daca virusul apare (semnul sau iconic este un ursulet cu numele ************) NU IL DESCHIDETI!!!! 6. Apasati pe butonul din dreapta al mouse-ului dumneavoatra si mai apoi pe Delete (Recycle bin) 7. Mergeti la folderul "Recycle bin" si goliti-l.</B>
DACA ATI GASIT ACEST VIRUS, ANUNTATI IMEDIAT TOATE PERSOANELE DIN CARNETUL DE ADRESE INAINTE CA VIRUSUL SA ATACE.</B>
MULTUMIM!</B>
---End Hoax Text ---------------------------------------------
Polish translation of the hoax:
---Begin Hoax Text ------------------------------------------- PrzybyB do mnie anomimowo, i prawdopodobnie zostaB rozesBany dalej. Na szcz [cie jest na niego sposób: 1Wejdz na START i WYSZUKAJ 2 Wybierz PLIKI I FOLDERY i wpisz ************ 3 upewnij si , |e przeszukujesz MÓJ KOMPUTER 4 kliknij ZNAJDy 5 je|eli masz wirusa uka|e si ikona misia i nazwa. 6.Nie otwieraj! 7 UsuD poprzez pod[wietlenie (lewa Mysz i prawa mysz) 8. opró|nij kosz 9. Wy[lij informacj do swojej listy.</B>---End Hoax Text ---------------------------------------------
Slovenian translation of the hoax:
---Begin Hoax Text ------------------------------------------- Pozdravljeni, ker ste v moji listi naslovov, vam moram posredovati navodila za iskanje virusa, ki smo ga dobili (ravno prek tega, ker so me imeli drugi v naslovih) . Virusa ne najdeta ne Norton ne McFee in ostaqne 14 dni neaktiven preden zacne vse unicevati. Klikni START, nato gres na NAJDI klikni na MAPE in DATOTEKE natipkaj ime mape "virntico" ali ************ preveri ce isce na C daj Najdi virus ima ikono sivega medvedka_ ne odpiraj samo brisi in vrzi iz kosa ven ce ga najdes poslji mail vsem, ki so v tvojem imeniku naslovov.</B>
Zal mi je za nevsecnosti.</B>---End Hoax Text ---------------------------------------------
Dutch translation of the hoax:
---Begin Hoax Text ------------------------------------------- Beste,</B>
We hebben een boodschap ontvangen van een van onze contacten dat ons adresboek wel eens geinfecteerd kan zijn door een virus (genaamd ************), dat niet gedetecteerd wordt door de Norton of McAfee antivirus scanners.</B>
Het virus slaapt ongeveer een 14 dagen voordat het je computer gaat beschadigen. Het wordt automatisch doorgestuurd naar je contacten uit je adresboek, of je nu hen een e-mail stuurt of niet. We hebben het gecontroleerd en het gevonden in c:\windows\system" en verwijderd.</B>
Wat moet je doen: 1 Ga in je Windows Verkennen naar Extra, Zoeken, Bestanden of mappen. 2 In het "Naam:" venster schrijf je: "************" 3 In het "Zoeken in:" venster ga je naar "Drive_c (C:)" 4 Klik op "Nu zoeken" 5 Het virus heeft een klein beertje als icoon voor de naam "************" - OPEN DIT NIET !!!!!! 6 Aanklikken met je RECHTER muisknop en verwijderen (het gaat dan naar je Prullenbak) 7 Ga naar je Prullenbak en verwijder het bestand of maak je Prullenbak helemaal leeg</B>
ALS JE HET VIRUS VINDT, MOET JE ALLE ADRESSEN UIT JE ADRESBOEK WAARSCHUWEN, OOK AL HEB JE ZE DE LAATSTE TIJD GEEN E-MAILS GESTUURD, ZODAT ZIJ OP HUN BEURT HUN CONTACTEN KUNNEN WAARSCHUWEN.</B>
Sorry voor het ongemak</B>---End Hoax Text ---------------------------------------------
Swedish translation of the hoax:
---Begin Hoax Text ------------------------------------------- Subject: ursäkta, virus!</B>
Hej alla i min adressbok!</B>
Jag blev just varse att ett virus, i form av en teddybjörn, nästlat sig in i min dator. Tyvärr tar sig denna björn tydligen förbi vanliga virusskydd som Norton eller McAfee och roar sig sedan med att skicka sina egna virusmejl till personer i ens adressregister.</B>
Risken finns nu att björnen letat sej till era adressregister, men var icke alltför bekymrade, den kan lätt kastas ut!</B>
Gör så här: Gå till Start, och sedan till Sök (Filer/Mappar) i C:, där du skriver ************ och - Sök! Ifall en liten teddybjörn poppar upp följd av texten ************ så tryck på högra musknappen och delete-delete-delete. Visa ingen hänsyn! Sedan tömmer du papperskorgen på samma vis. Därefter kan det vara lämpligt att uppmana alla dina mejl-kontakter att leta björnar i sina datorer.</B>
Med ursäkter för virusspridningen samt önskan om god björnjakt,</B>
---End Hoax Text ---------------------------------------------
Norwegian translation of the hoax:
---Begin Hoax Text -------------------------------------------
Hei, et nytt virus er i sirkulasjon, det sprer seg via e-post og blir ikke oppdaget av virusprogrammer. Dette viruset går visstnok inn i maskinen og sprer seg via adresseboken uten at du trenger å starte programmet. Viruset ligger og hviler i 14 dager innen det aktiviseres og sletter innholdet på harddisken. Det utløses av filene "************" og "sulfnbk.exe". jeg har funnet begge filene på min maskin (de er slettet nå), og siden du er i adresseboken min bør du sjekke om du er "infisert".</B>
Det du skal gjøre er følgende: 1.. Trykk på "start", gå til "søk" 2.. Trykk på "etter filer eller mapper", skriv inn "sulfnbk.exe" og ************" (først det ene, så det andre) 3.. Kontroller at du søker på C: eller min datamaskin. Trykk på "søk nå". 4.. Om du finner viruset, med et svart, stygt ikon som heter sulfnbk.exe, eller med en liten bamse som heter ************: IKKE ÅPNE DET!! 5.. Dersom det dukker opp, høyreklikk på ikonet, gå ned til "slett" og venstreklikk. 6.. Det opplyses at dette er en programfil o.s.v. og om du vil sende det til papirkurven. Svar ja. 7.. Gå til papirkurven og fjern viruset manuelt, eller "tøm papirkurv". 8.. Gjenta prosedyren for begge filene.</B>
Dersom et eller begge virusene finnes på din maskin, gi beskjed til alle som finnes i din adressebok.</B>
---End Hoax Text ---------------------------------------------
Danish translation of the hoax:
---Begin Hoax Text -------------------------------------------
Hej med jer. Jeg har fået besked på at der er en ny virus som programmerne ikke kan fange Den kommer automatisk ind bare man modtager en mail. Den tager ens adresser og går automatisk videre selv om man ikke har sendt</B>mail til den pågældende. Virussen ligger herefter skjult i computeren i 14 dage og begynder at ødelægge systemet.
Virussen findes og slettes på flg. måde: > >>1. tryk på START og Søg, Filer eller mapper > >>2. Søg efter filen ************ > >>3. Søg både på c-drevet og d-drevet > >>4. Hvis den er på din pc vises en lille bjørn som ikon, ÅBEN DEN IKKE > >>5. Click med højre museknap og vælg slet > >>6. Tøm derefter papirkurven så filen er helt væk.
Hvis du finder filen skal alle i dit adresse kartotek have denne besked, for at få stoppet virussen.
---End Hoax Text ---------------------------------------------
If you receive any of these hoax messages or something similar, please ignore them.
[Description created: Jarno Niemela, Ero Carrera, F-Secure Corp.; April, 2002]
Description Index Select from the list A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9 0 Other Latest 50