JDBGMGR: Virus or hoax... or both?

May 13, 2002 Sophos Press Release

Sophos has received a large number of calls in recent weeks from users concerned about a virus known as JDBGMGR or JDBGMGR.EXE.

There is a warning message being distributed around the net (in various languages) telling users to search their hard drives for a file called JDBGMGR.EXE. If they find it - the warning tells them - delete it because it is infected by a virus which may trigger after 14 days.

Sophos advises users to treat the warning with scepticism.

JDBGMGR.EXE is the Microsoft Debugger Registrar for Java and may be present quite legitimately on many computers.

The confusion is compounded, however, by the W32/Magistr-A virus which is capable of emailing infected copies of JDBGMGR.EXE to innocent users. This is probably how the scare started. It should be noted that Sophos Anti-Virus has been capable of detecting W32/Magistr-A since March 2001.

Sophos offers users confused by the hoax warning and the virus, the following advice:

  1. If you receive an unsolicited executable file in your email (such as JDBGMGR.EXE), simply delete the email. You should never launch or open unsolicited executable code on your computer.
  2. Existence of a file called JDBGMGR.EXE on your hard drive is not evidence in itself of a virus infection. The best way to check for a virus infection is with anti-virus software.
  3. Run a quality anti-virus product and keep it updated to protect against the latest threats.
  4. Do not pass on virus warnings to all of your friends. Instead, check the facts at an anti-virus website, or forward the warning to the person in your company who is responsible for virus protection so they can decide if it is valid.
  5. Consider adding Sophos's free hoax information feed to your website and intranet to keep your users informed about the latest virus hoaxes spreading across the internet.