Virus Hoax
Home Archive Teddy Bear Virus Hoax – jdbgmgr.exe

Teddy Bear Virus Hoax – jdbgmgr.exe

by Brett M. Christensen

Outline:
Email warns that a file on your computer called jdbgmgr.exe is a virus and provides instructions on how to delete jdbgmgr.exe.




Brief Analysis:
The message is a hoax. Jdbgmgr.exe is a legitimate Windows file. It is not a virus and should not be deleted.

Example:

SORRY – but as you’re on my address list this virus has probably forwarded itself on to you.

It is easily removed if you don’t open the file (jdbgmgr.exe) It has a teddy bear icon and is not detectable by norton or mcafee.

First go to Start then the find or search option. In the files or folders option type jdbgmgr.exe. Search C drive and tick the ‘include subfolders’ and any other drives you may have. Click ‘find now’ – the virus has a grey teddy icon. DO NOT OPEN IT. Go to edit (on the menu bar) and ‘select all’. Now go to file (on the menu bar) and DELETE. This will send it to the recycle bin so then go and delet or empty it there as well.

If you find the virus (as I did!) you must contact everyone in your address book and send them these instructions. ASAP.





Detailed Analysis:
The so-called “Teddy Bear” virus hoax is not one of the latest email hoaxes but, as email hoaxes go, this one is proving to be quite resilient. It regularly pops up on forums and news groups and still finds its way to my inbox.

Unfortunately, this one is a little more harmful than your average email hoax in that it can trick unwary computer users into deleting “jdbgmgr.exe”, a legitimate Windows file. One of the reasons that this email hoax has been so successfully is that the file in question (jdbgmgr.exe) really does have a cute little teddy bear icon. Such an icon may look out of place for a Windows file, so people are perhaps that little bit more willing to believe the warning in the email. Of course, if nothing else, the teddy bear icon proves that computer programmers actually do have a sense of humor (grin).

jdbgmgr.exe Icon
Teddy bear icon for jdbgmgr.exe

Luckily, deleting jdbgmgr.exe will not cause problems for the average end user. The file is the Microsoft Debugger Registrar for Java, which is used only by Microsoft Visual J++ 1.1 developers. However, email hoaxes like this and the sulfnbk.exe email hoax set up a dangerous precedent. Given the amount of computer users that have already deleted “jdbgmgr.exe”, an email hoax that advised people to delete a crucial Windows file could cause as much damage as a real virus.

An important rule of thumb here is to never delete a file on the strength of a forwarded email message alone. Always check the veracity of an email-borne virus warning by checking a legitimate Anti-Virus site even if the warning was sent to you by Uncle Boris who “knows all about computers”.

If you have already deleted jdbgmgr.exe you can get detailed information by reading this Microsoft Knowledge Base article.

Another recent version of the hoax runs as follows:

I received this message below and DID have the jdbgm virus file in my C drive, I followed the instructions below and deleted it. I suggest you also check by following the instructions below. Kindest regards, [Removed]

To all parties in our address book:

We received this message from someone else today…

On January 15th or there about we received a virus that automatically is past through e-mail address books. We found it in our c-drive. Since you are in our address book, you will probably find it in your computer too. The virus called jdbe.exe is not detected by Norton or McAfee anti-virus systems. The virus sits quietly for 14 days before damaging the system. It is sent automatically by “messenger” and by address book whether or not you sent e-mail to your contacts. Here is how to check for the virus and how to get rid of it.

PLEASE DO THE FOLLOWING ASAP:

1 Go to the Start, then click your “find” or “search” option.
2. In the folder option, type the name jdbgm
3. Be sure to search your C drive (this is where I found it) and all the sub folders and other drives you may have
4. Click “find now”
5. the virus has a teddy bear icon! with the name jdbgmgr.exe. DO NOT OPEN IT!
6. Go to Edit (on the menu bar) and choose “select all” to highlight the file without opening it.
7. Now go to the File (on your menu bar) and select delete. The virus will then go to the recycle bin.
*** If you find the virus, you must contact all the people in your address book so that they may eradicate the virus from their own address books
To do this:
1. Open a new e-mail message
2. Click the icon address book (contacts) next to “To”
3. Highlight every name and add to “BCC”
4. Copy the message and paste to e-mail
SORRY ABOUT THIS




Last updated: February 2, 2017
First published: July 2, 2004
By Brett M. Christensen
About Hoax-Slayer

References
Microsoft Knowledge Base article

Importance Notice

After considerable thought and with an ache in my heart, I have decided that the time has come to close down the Hoax-Slayer website.

These days, the site does not generate enough revenue to cover expenses, and I do not have the financial resources to sustain it going forward.

Moreover, I now work long hours in a full-time and physically taxing job, so maintaining and managing the website and publishing new material has become difficult for me.

And finally, after 18 years of writing about scams and hoaxes, I feel that it is time for me to take my fingers off the keyboard and focus on other projects and pastimes.

When I first started Hoax-Slayer, I never dreamed that I would still be working on the project all these years later or that it would become such an important part of my life. It's been a fantastic and engaging experience and one that I will always treasure.

I hope that my work over the years has helped to make the Internet a little safer and thwarted the activities of at least a few scammers and malicious pranksters.

A Big Thank You

I would also like to thank all of those wonderful people who have supported the project by sharing information from the site, contributing examples of scams and hoaxes, offering suggestions, donating funds, or helping behind the scenes.

I would especially like to thank David White for his tireless contribution to the Hoax-Slayer Facebook Page over many years. David's support has been invaluable, and I can not thank him enough.

Closing Date

Hoax-Slayer will still be around for a few weeks while I wind things down. The site will go offline on May 31, 2021. While I will not be publishing any new posts, you can still access existing material on the site until the date of closure.

Thank you, one and all!

Brett Christensen,
Hoax-Slayer