Malicious Code (Virus and Trojan ) Warnings
Warnings about Trojans, viruses, and other malicious code that has no basis in fact. The Good Times, Teddy Bear and other similar warnings are here.
PKZ300  Irina  Good Times  Good Times Spoof  Deeyenda  Ghost  PENPAL GREETINGS!  Make Money Fast  NaughtyRobot  Join the Crew  Death Ray  A.I.D.S. Hoax  Bud Frogs Screen Saver  Bug's Life Screen Saver  AOL4FREE  AOL V4.0 Cookie  Blue Mountain Cards  Takes Guts to Say Jesus Hoax	Elf Bowling and Frogapult Hoax Chain Letter  2400 Baud Modem Virus  2400 Baud Modem Virus spoof  Make Money Fast  America Online Upgrade  WIN A HOLIDAY  Cat Colonic Hoax  Mobile Phone Virus Hoax  Wobbler and California Virus Hoax  Lump of Coal Virus Hoax  BUDDYLST.SIP Virus Hoax  Family Pictures Hoax  WTC Survivor Virus Hoax  intifadah.cjb.net Hoax  SULFNBK.EXE Hoax  Virtual Card Hoax  !000 Hoax  The Jdbgmgr Hoax (aka Teddy Bear Virus)  Life Is Beautiful Hoax

PKZ300 Warning

The following is the true warning about PKZ300 from the PKWare web site:

  !!! PKZIP Trojan Horse Version - (Originally Posted May 1995) !!!

  It has come to the attention of PKWARE that a fake version of PKZIP is being
  distributed as PKZ300B.ZIP or PKZ300.ZIP. It is not an official version from
  PKWARE and it will attempt to erase your hard drive if run. It attempts to
  perform a deletion of all the directories of your current drive. If you have
  any information as to the creators of this Trojan horse, PKWARE would be
  extremely interested to hear from you. If you have any other questions about
  this fake version, please e-mail support@pkware.com

Irina Virus Hoax 

The original hoax message is as follows:

  FYI
  There is a computer virus that is being sent across the Internet.
  If you receive an e-mail message with the subject line "Irina", DO NOT
  read the message. DELETE it immediately.
  Some miscreant is sending people files under the title "Irina". If
  you receive this mail or file, do not download it. It has a virus
  that rewrites your hard drive, obliterating anything on it. Please be
  careful and forward this mail to anyone you care about.

  ( Information received from the Professor Edward Prideaux, College of
  Slavonic Studies, London ).

Good Times Virus Hoax

CIAC first described the Good Times Hoax in CIAC NOTES 94-04c released in 
December 1994 and described it again in CIAC NOTES 95-09 in April 1995. More 
information is in the Good_Times FAQ(http://www.public.usit.net/lesjones/
goodtimes.html) written by Les Jones.

The original "Good Times" message that was posted and circulated in November and 
December of 1994 contained the following warning: 

  Here is some important information. Beware of a file called Goodtimes.
  Happy Chanukah everyone, and be careful out there. There is a virus on
  America Online being sent by E-Mail. If you get anything called "Good Times",
  DON'T read it or download it. It is a virus that will erase your hard drive.
  Forward this to all your friends. It may help them a lot.

  The FCC released a warning last Wednesday concerning a matter of
  major importance to any regular user of the Internet.  Apparently,
  a new computer virus has been engineered by a user of America
  Online that is unparalleled in its destructive capability.  Other,
  more well-known viruses such as Stoned, Airwolf, and Michelangelo
  pale in comparison to the prospects of this newest creation by a
  warped mentality.

  What makes this virus so terrifying, said the FCC, is the fact that
  no program needs to be exchanged for a new computer to be infected.
  It can be spread through the existing e-mail systems of the
  Internet. Once a computer is infected, one of several things can
  happen.  If the computer contains a hard drive, that will most
  likely be destroyed. If the program is not stopped, the computer's
  processor will be placed in an nth-complexity infinite binary loop
  - which can severely damage the processor if left running that way
  too long.     Unfortunately, most novice computer users will not
  realize what is happening until it is far too late.

Good Times Spoof 

December 1996 

READ THIS:

    Goodtimes will re-write your hard drive. Not only that, but
  it will scramble any disks that are even close to your computer. It

  will recalibrate your refrigerator's coolness setting so all your ice
  cream goes and melts. It will demagnetize the strips on all your credit
  cards, screw up the tracking on your television and use subspace field
  harmonics to scratch any CD's you try to play.

   It will give your ex-girlfriend your new phone number. It
  will mix Kool-aid into your fish tank. It will drink all your beer and
  leave its socks out on the coffee table when there's company coming
  over. It will put a dead kitten in the back pocket of your good suit
  pants and hide your car keys when you are late for work.

   Goodtimes will make you fall in love with a penguin. It will
  give you nightmares about circus midgets. It will pour sugar in your
  gas tank and shave off both your eyebrows while dating your
  girlfriend behind your back and billing the dinner and hotel room to
  your Discover card.

    It will seduce your grandmother. It does not matter if she
  is dead, such is the power of Goodtimes, it reaches out beyond the
  grave to sully those things we hold most dear.

    It moves your car randomly around parking lots so you can't
  find it. It will kick your dog. It will leave libidinous messages on
  your boss's voice mail in your voice! It is insidious and subtle. It
  is dangerous and terrifying to behold. It is also a rather
  interesting shade of mauve.

   Goodtimes will give you Dutch Elm disease. It will leave the
  toilet seat up. It will make a batch of Methanphedime in your bathtub
  and then leave bacon cooking on the stove while it goes out to chase
  grade schoolers with your new snow blower.

   Listen to me. Goodtimes does not exist.

   It cannot do anything to you. But I can. I am sending this
  message to everyone in the world. Tell your friends, tell your
  family. If anyone else sends me another E-mail about this fake
  Goodtimes Virus, I will turn hating them into a religion. I will do
  things to them that would make a horse head in your bed look like
  Easter Sunday brunch.

Deeyenda Virus Hoax 

   **********VIRUS ALERT**********


  VERY IMPORTANT INFORMATION, PLEASE READ!

  There is a computer virus that is being sent across the Internet.  If
  you  receive an e-mail message with the subject line "Deeyenda", DO NOT
  read the message, DELETE it immediately!

  Some miscreant is sending e-mail under the title "Deeyenda" nationwide,
  if you get anything like this DON'T  DOWNLOAD THE FILE!  It has a virus
  that rewrites your hard drive, obliterates anything on it.    Please be
  careful and forward this e-mail to anyone you care about.

  Please read the message below.

  Alex

  ----------- FCC WARNING!!!!! ---------

            DEEYENDA PLAGUES INTERNET

  The Internet community has again been plagued by  another computer
  virus.  This message is being spread throughout the Internet, including
  USENET posting, EMAIL, and other Internet activities.  The reason for
  all the attention is because of the nature of this virus and the
  potential security risk it makes.  Instead of a destructive Trojan
  virus (like most viruses!), this virus referred to as Deeyenda Maddick,
  performs a comprehensive search on your computer, looking for valuable
  information, such as e-mail and login passwords, credit cards, personal
  info., etc.

  The Deeyenda virus also has the capability to stay memory resident
  while running a host of applications and operation systems, such as
  Windows 3.11 and Windows 95.  What this means to Internet users is that
  when a login and password are send to the server, this virus can copy
  this information and SEND IT OUT TO UN UNKNOWN ADDRESS (varies).

  The reason for this warning is because the Deeyenda virus is virtually
  undetectable.  Once attacked your computer will be insecure.  Although
  it can attack any O/S this virus is most likely to attack those users
  viewing Java enhanced Web Pages (Netscape 2.0+ and Microsoft Internet
  Explorer 3.0+ which are running under Windows 95).    Researchers at
  Princeton University have found this virus on a number of World Wide
  Web pages and fear its spread.

  Please pass this on, for we must alert the general public at the
  security risks.

Ghost.EXE Warning

PENPAL GREETINGS! Warning Hoax

  FYI!

  Subject:  Virus Alert
  Importance:  High
  If anyone receives mail entitled: PENPAL GREETINGS! please delete it WITHOUT
  reading it.  Below is a little explanation of the message, and what it would
  do to your PC if you were to read the message.  If you have any questions or
  concerns please contact  SAF-IA Info Office on 697-5059.

  This is a warning for all internet users - there is a dangerous virus
  propagating across the internet through an e-mail message entitled "PENPAL
  GREETINGS!".
  DO NOT DOWNLOAD ANY MESSAGE ENTITLED "PENPAL GREETINGS!"
  This message appears to be a friendly letter asking you if you are
  interested in a pen pal, but by the time you read this letter, it is too late.
  The "Trojan horse" virus will have already infected the boot sector of your hard
  drive, destroying all of the data present.  It is a self-replicating virus,
  and once the message is read, it will AUTOMATICALLY forward itself to anyone
  who's e-mail address is present in YOUR mailbox!
  This virus will DESTROY your hard drive, and holds the potential to DESTROY
  the hard drive of anyone whose mail is in your inbox, and who's mail is in
  their inbox, and so on.  If this virus remains unchecked, it has the potential
  to do a great deal of DAMAGE to computer networks worldwide!!!!
  Please, delete the message entitled "PENPAL GREETINGS!" as soon as you see it!
  And pass this message along to all of your friends and relatives, and the
  other readers of the newsgroups and mailing lists which you are on, so that
  they are not hurt by this dangerous virus!!!!

Make Money Fast Hoax Warning

  ******VIRUS ALERT****** ******VIRUS ALERT****** ******VIRUS ALERT******

  There is NEW VIRUS rapidly affecting computers on the internet.  This new
  virus is insidious, in that it transmitted as a USENET message. Usenet is
  the "news group" area on the internet that users can openly discuss and
  exchange information on a wide variety of topics. 

  What makes this virus DOUBLY DANGEROUS, is that it is disguised as a common
  chain letter.  Chain letters have been passed across usenet almost since
  it's beginning.  Lately, a common chain letter subject is MAKE MONEY FAST.

  The Make Money Fast (MMF) chain is read by thousands of people daily. It is
  also known as: "Easy Cash", "Make Cash Fast", "Turn 5$ into $50,000" and
  many others. They are all basically the same scheme, in which the reader
  send $1 to each of the 5 people at the bottom of the list, then moves his
  name onto the list.

  The MMF Virus, as it has been doubled, rides along on these chain letters as
  a "hidden binary attachment".  Since most news reader programs (computer
  programs used to read USENET messages) will automatically decode and store
  binary attachments, there is NO SAFE WAY to protect yourself from infection.

  The virus attacks your system the next time you run your news reader.
  Though the virus is transmitted during a normal usenet session, your NEXT
  usenet session will probably be your last for a while. As a hidden
  attachment, it is automatically activated with your news reader, and very
  quickly destroys your partition table.  Generally, this is not even noticed
  until the next time you try to run ANY program. 

  The next thing the virus does is to place your micro processor into an
  nth-complexity infinite binary loop, quickly destroying it.  This will
  appear at first as a normal "lock-up" but will quickly wipe out the
  delicate circuitry in your system.

  The people that run usenet, at: news.admin.net-abusers are working night
  and day on a cure.  Perhaps some day an automatic process will be able
  to detect the MMF Virus in usenet messages and cancel them, but that is some
  time off.

  At this point, your ONLY hope is to NOT DOWNLOAD ANY MESSAGES that have a
  subject similar to above.  Please, FORWARD this message to ANYONE you know
  that reads usenet news.

  Thank you,
  News.Admin.Net-Abusers

  Hello! I've got some awesome news that I think you need to take two
  minutes to read if you have ever thought "How could I make some
  serious cash in a hurry???" , or been in serious debt,  ready to do
  almost anything to get the money needed to pay off those bill
  collectors. So grab a snack, a warm cup of coffee, or a glass of your
  favorite beverage, get comfortable and listen to this interesting,
  exciting find!
     Let me start by saying that I FINALLY FOUND IT! That's right!.
  found it! And I HATE GET RICH QUICK SCHEMES!! I hate those schemes
  like multi-level marketing, mail-order schemes, envelope stuffing
  scams, 900 number scams... the list goes on forever. I have tried
  every darn get rich quick scheme out there over the past 12 years. I
  somehow got on mailing lists for people looking to make money (more
  like 'desperate stupid people who will try anything for money!').
     

NaughtyRobot

  Subject: security breached by NaughtyRobot

  This message was sent to you by NaughtyRobot, an Internet spider that
  crawls into your server through a tiny hole in the World Wide Web.

  NaughtyRobot exploits a security bug in HTTP and has visited your host
  system to collect personal, private, and sensitive information.

  It has captured your Email and physical addresses, as well as your phone
  and credit card numbers.  To protect yourself against the misuse of this
  information, do the following:

   1. alert your server Sysop,
   2. contact your local police,
   3. disconnect your telephone, and
   4. report your credit cards as lost.

  Act at once.  Remember: only YOU can prevent DATA fires.

  This has been a public service announcement from the makers of
  NaughtyRobot -- Car Jacking its way onto the Information Super Highway.

Join the Crew

         IMPORTANT - VIRUS Alert!!!


  Take note !

  Someone got an e-mail, titled as JOIN THE CREW.
  It has erased his hard drive.
  Do not open up any mail that has this title.
  It will erase your whole hard drive.
  This is a new e-mail virus and not a lot of people know about it,
  just let everyone  know, so they won't be a victim.

  Please e-mail this to everyone you know!!!
  Remember the title :   JOIN THE CREW

Death Ray

  A deadly new computer virus that actually causes home computers to explode
  in a hellish blast of glass fragments and flame has injured at least 47
  people since August 15, horrifying authorities who say millions of people
  are risking injury, blindness or death every time they sit down to work at
  their PC!

  "Computer viruses of the past could disable your computer, but this virus
  goes a step further -- and can kill you," declared Martin Heriden, a
  computer expert who specializes in identifying computer viruses. "This
  virus doesn't carry the usual 'markers' that enable it to be detected.
  It slips through the cracks, so to speak.

  "It is an extremely complicated process. But suffice it to say that the
  virus affects the computer's hardware, creating conditions that lead
  to dangerous short circuits and power surges. The end result?
  Explosions -- powerful explosions. And millions of Internet users are
  at risk."

  The virus, nicknamed Death Ray by experts like Heriden, surfaced in England
  on August 1. A 24-year-old college student was permanently blinded
  when his 15-inch color monitor exploded in his face.

  "So how do you protect yourself? I wish I knew," said Heriden. "You
  either stop using the Internet or you take your chances until we can
  get a handle on this thing and get rid of it for good.

The A.I.D.S. Hoax

There are actually several real AIDS viruses and Trojan horses, but this warning 
message does not describe any of them.

This particular warning message (shown below) indicates that the virus comes in 
an e-mail message. While a virus may be in an attachment to an e-mail message, 
reading that message with a standard, text based, mail reader cannot execute a virus.
A virus in an attachment cannot do anything until that attachment is executed, or in 
the case of a Word macro virus, the attached Word document is opened in Word. For 
this reason, CIAC recommends that you scan all executable programs and Word 
documents that were sent as attachments to e-mail messages before running or 
editing them.

The warning claims the virus destroys your actual hardware, such as memory, mouse, 
key board, and hard drive, all of which is impossible. Also notice that the author has not 
signed the message or given you any way to authenticate it, which is another strong 
indication of a hoax.

  THERE IS A VIRUS GOING AROUND CALLED THE A.I.D.S VIRUS. IT WILL ATTACH
  ITSELF INSIDE YOUR COMPUTER AND EAT AWAY AT YOUR MEMORY THIS MEMORY IS
  IRREPLACEABLE. THEN WHEN IT'S FINISHED WITH MEMORY IT INFECTS YOUR MOUSE
  OR POINTING DEVICE. THEN IT GOES TO YOUR KEY BOARD AND THE LETTERS YOU
  TYPE WILL NOT REGISTER ON SCREEN. BEFORE IT SELF TERMINATES IT EATS 5MB OF
  HARD DRIVE SPACE AND WILL DELETE ALL PROGRAMS ON IT AND IT CAN SHUT DOWN
  ANY 8 BIT TO 16 BIT SOUND CARDS RENDERING YOUR SPEAKERS USELESS. IT WILL
  COME IN E-MAIL CALLED "OPEN:VERY COOL! :) DELETE IT RIGHT AWAY. THIS
  VIRUS WILL BASICALLY RENDER YOUR COMPUTER USELESS. YOU MUST PASS THIS ON
  QUICKLY AND TO AS MANY PEOPLE  AS POSSIBLE!!!!! YOU MUST!

Bud Frogs Screen Saver 

The Bud Frogs screen saver is a legitimate program and the warning about it is a hoax. 
Keep in mind that this or any executable program could be infected with a virus so take 
care if you get a copy from a third party. Any legitimate program could also be replaced 
with a Trojan program by simply changing the Trojan's name to that of the legitimate 
program. As with any program, you should never run one obtained from unknown 
sources because you run the risk of running a virus or Trojan Horse. Try to get your 
programs from the original site and scan them with anti-virus software just to be sure 
they are not infected.

   DANGER!!!    VIRUS ALERT!!!

   THIS IS A NEW TWIST.  SOME CREEPOID SCAM-ARTIST IS   
   SENDING OUT A VERY DESIRABLE SCREEN-SAVER (THE BUD 
   FROGS). BUT IF YOU DOWN-LOAD IT, YOU'LL LOSE 
   EVERYTHING!!!!! YOUR HARD DRIVE WILL CRASH!!

   DON'T DOWNLOAD THIS UNDER ANY CIRCUMSTANCES!!!

   IT JUST WENT INTO CIRCULATION YESTERDAY, AS FAR AS 
   WE KNOW....BE CAREFUL.

   PLEASE DISTRIBUTE TO AS MANY PEOPLE AS POSSIBLE...THANX

   BELOW IS WHAT THE SCREEN SAVER PROGGIE WOULD LOOK LIKE!

   File: BUDSAVER.EXE (24643 bytes)
   DL Time (28800 bps): <1 minute 

Bug's Life Screen Saver 

Another screen saver that is supposed to be a Trojan program. There is no such Trojan 
or virus; this is a hoax. There are Trojan programs out there but this is not one of them. 
To insure you have a good copy of any downloaded program, be sure to get it from the 
original site and not from a third party where it might have been infected with a virus. 

  Subject:        FW: Another Virus !!!!!!
 
  Someone is sending out a very desirable screen-saver, a
  Bug's Life - "BUGGLST.ZIP". If you download it, you will 
  lose everything!!! Your hard drive will crash and someone 
  from the Internet will get your screen name and password! 
  DO NOT DOWNLOAD THIS UNDER ANY CIRCUMSTANCES!!!  IT JUST
  WENT INTO circulation yesterday, as far as we know. Please
  distribute/inform this message. This is a new, very malicious
  virus and not many people know about it.  This information
  was announced yesterday morning from Microsoft.  Please share 
  it with everyone that might access the Internet. Once again, 
  pass this along to EVERYONE in your address book so that 
  this may be stopped

AOL V4.0 Cookie

Tatiana Gau, Vice President of AOL Integrity Assurance.

  From a former AOL employee:

  I'll try and cut through the crap, and try to get to the point of this
  letter.

  I used to work for America Online, and would like to remain
  anonymous for that reason.  I was laid off in early September, but I know
  exactly why I was laid off, which I will now explain:

  Since last December, I had been one of the many people assigned to design
  AOL 4.0 for Windows  (AOL 4.0 beta, code named Casablanca).  In the beginning,
  I was very proud of this task, until I found out the true cost of it.  Things
  were going fine until about mid-February, when me and 2 of my colleagues
  started to suspect a problem, an unexplainable 'Privacy Invasion', with the
  new version.  One of them, who is a master programmer, copied the finished
  portion of the new version (Then 'Build 52'), and took it home, and we spent
  nearly 2 weeks of sleepless nights  examining and debugging the program,
  flipping it inside-out, and here is what we found.

  Unlike all previous versions of America Online, version 4.0 puts something in 
  your hard drive called a 'cookie'.  (AOL members click here for a definition).
  However, the cookie we found on Version 4.0 was far more treacherous than
  the simple Internet cookie.  How would you like somebody looking at your
  entire hard drive, snooping through any (yes, any) piece of information on
  your hard drive.  It could also read your password and log in information and
  store it deep in the program code. Well, all previous versions,
  whether you like it or not, have done this to a certain extent, but
  only with files you downloaded.  As me and my colleagues discovered,
  with the new version, anytime you are signed on to AOL, any top
  AOL executive, any AOL worker, who has been sworn to secrecy regarding this
  feature, can go in to your hard drive and retrieve any piece of information
  that they so desire.  Billing, download records, e-mail, directories,
  personal documents, programs, financial information, scanned images, etc.
  Better start keeping all those pictures on a floppy disk!

  This is a totally disgusting violation of our rights, and your right to
  know as well.  Since this is undoubtedly 'Top Secret' information that I am
  revealing, my life at AOL is pretty much over.        After discovering this inform
  attain, we started to inform a few other workers at America Online, so that
  we could get a large enough crew to stop this from happening to the millions
  of unfortunate and unsuspecting America Online members.  This was in early
  August.  One month later, all three of us were unemployed.  We got together,
  and figured there was something we had to do to let the public know.

  Unemployed, with one of us going through a divorce (me) and another who is
  about to undergo treatment for Cancer, our combined financial situation is
  not currently enough to release any sort or article.  We attempted to create
  a web page on three different servers containing in-depth information on AOL
  4.0, but all three were taken down within 2 days.  We were running very low
  on time (4.0 is released early this winter), so we figured our last hope to
  reveal this madness before it effects the people was starting something
  similar to a chain letter, this letter you are reading.  Please do the
  following, to help us expose AOL for who they really are, and to help us and
  yourself receive personal gratification for taking a stand for our freedom:

  1. Forward this letter to as many people as you can (not just friends and
  family, as many as you can)!

  2. Tell people who aren't on America Online in person, especially
  important people (Private Investigators, Government workers, City Council)

  3. If the information about the new version isn't exposed by the time AOL
  is released early this winter, for your own protection, DON'T DOWNLOAD AOL
  4.0 UNDER ANY CONDITION !!!

  Thank you for reading and examining this information.  Me and my colleagues
  hope that you will help us do the right thing in this situation.
  Enjoy America Online (just kidding!).

  Regards, A former AOL employee

AOL4FREE

1. The AOL4FREE Macintosh Program for gaining fraudulent accounts on AOL. 
2. The AOL4FREE Virus Warning Hoax. 
3. The AOL4FREE.COM Trojan horse program that deletes all the files on your hard drive. 

"A former Yale computer science student has pleaded guilty to defrauding America 
Online. AOL estimates it lost between $40,000 and $70,000 in service charges 
because the student distributed his computer program, AOL4FREE, to hundreds of 
other users." 

The second item is the AOL4FREE Virus Warning Hoax message. The following message 
has been circulating around the Internet, warning of a virus infected e-mail message: 

  VIRUS ALERT!!!
    DON'T OPEN E-MAIL NOTING "AOL4FREE"

  Anyone who receives this must send it to as many people as you can.   It
  is essential that this problem be reconciled as soon as possible.  A few
  hours ago, I opened an E-mail that had the subject heading of "AOL4FREE.COM".
  Within seconds of opening it, a window appeared and began to display my files
  that were being deleted.  I immediately shut down my computer, but it was too
  late.  This virus wiped me out.  It ate the Anti-Virus Software that comes with
  the Windows '95 Program along with F-Prot AVS.  Neither was able to detect it.
  Please be careful and send this to as many people as possible, so maybe this
  new virus can be eliminated.

1. A virus like program can not spread in an e-mail message. While an infected

program could be attached to an e-mail message, the e-mail message itself
cannot contain one in any form that could be executed. 
 
2. A virus or Trojan horse program can not infect a system by simply being read.

The current mail readers do not execute an e-mail message, they display it on
the screen for you to read. You must take care when downloading an attachment
to an e-mail message. In some mail readers you can double click on the
attachment icon to have it extracted and opened by whatever program created it.
If that attachment is a program, it is downloaded and run, and running any
program you have not scanned could cause you to be infected with a virus.
 
3. While this warning message is a hoax, the things it describes could be

accomplished with a Trojan horse program. That Trojan horse could then
be attached to an e-mail message and if the reader downloads and
executes the Trojan horse program, it could do the damage described
in this message. In fact, someone has done that as is explained below. 

CIAC ALWAYS recommends that software downloaded onto a computer from any 
source (BBS, e-mail attachment, floppy, web) be scanned with anti-virus software 
prior to being run. Note that most anti-virus software does not detect Trojans, so it
is important to know where your software came from before executing it. 
 
 

Blue Mountain Cards

Recently Blue Mountain Cards was the target of false warnings that opening a 
greeting card on their website would cause systems to crash. Below is a statement 
from the Executive Director of Blue Mountain Cards. 

  Jared Schutz, Executive Director
  Blue Mountain Arts
  "It is very frustrating and difficult for us to dispel these rumors, but
  please help us in doing so by passing this e-mail along to your friends and
  spreading the word that there is no way that bluemountain.com can spread a
  virus. Our electronic greeting cards are simply web pages that you view
  with your browser. Our e-mail notifications are only text messages without
  any attached files. When someone sends or receives cards from our site,
  they do not actually download to their computer any file that might contain
  a virus. We are worried that these rumors are hurting our free card
  efforts, and hope that you can help us set the record straight."

  http://www1.bluemountain.com/home/hoax.html

It Takes Guts to Say 'Jesus'

The original e-mail titled "It Takes Guts to Say 'Jesus'" is a poor rewrite of several old 
hoaxes. Now that hoax has been rewritten as an aftermath of the 'Melissa' virus 
outbreak. 

Here is the newest version circulating the internet. 

  If you receive an e-mail titled "It Takes Guts to Say 'Jesus' DO NOT
  OPEN IT. It will erase everything on your hard drive.  This
  information was announced yesterday morning from IBM; AOL states that
  this is a very dangerous virus, much worse than "Melissa", 
  and that there is NO remedy for it at this time. Some very sick individual 
  has succeeded in using the re-format function from Norton Utilities 
  causing it to completely erase all documents on the hard drive.It has 
  been designed to work with Netscape Navigator and Microsoft Internet 
  Explorer.It destroys Macintosh and IBM compatible computers.  This is a 
  new, very malicious virus and not many people know about it. Pass this 
  warning along to EVERYONE in your address book and please share it with 
  all your online friends ASAP so that this threat may be stopped. Please 
  practice cautionary measures and tell anyone that may have access to your
  computer. Forward this warning to everyone that might access the
  internet. 

Elf Bowling and Frogapult Hoax Chain Letter

Nstorm (http://www.nstorm.com ) has become the victim of a hoax chain letter 
stating that two of their games being distributed over the internet are infected 
with a virus. The chain letter does not state what the malicious code is. Listed 
below is a statement from Nick Schoeneberger of Nvision Design, Inc., the developer 
of the game. CIAC recommends that you check with vendors or other reliable sources 
before forwarding warnings that may be bogus. "Our company has produced a number 
of freely e-mailed and downloadable computer games which have been the subject of 
a hoax virus warning. We have contacted Symantec (makers of Norton Anti-Virus) 
and they have certified all of our games virus-free on this web page: http://www.symantec.com/avcenter/venc/data/y2kgame.hoax.html" 

Keep in mind that while the games available from Nstorm's web page are virus free, 
copies that are being e-mailed around the network could be infected with a virus or 
could be a Trojan program with the same name as the original game. To be safe, 
you should never run executables that are sent to you by an unknown/distrusted 
source but get an original copy directly from the manufacturer's website or from a 
trusted downloading site. 
 
 

2400 Baud Modem Virus

Since 1988, computer virus hoaxes have been circulating the Internet. In October of 
that year, according to Ferbrache ("A pathology of Computer Viruses" Springer, London, 
1992) one of the first virus hoaxes was the 2400 baud modem virus: 

  SUBJ: Really Nasty Virus
  AREA: GENERAL (1)

  I've just discovered probably the world's worst computer virus
  yet. I had just finished a late night session of BBS'ing and file
  treading when I exited Telix 3 and attempted to run pkxarc to
  unarc the software I had downloaded. Next thing I knew my hard
  disk was seeking all over and it was apparently writing random
  sectors. Thank god for strong coffee and a recent backup.
  Everything was back to normal, so I called the BBS again and
  downloaded a file. When I went to use dir to list the directory,
  my hard disk was getting trashed again. I tried Procomm Plus TD
  and also PC Talk 3. Same results every time. Something was up so I
  hooked up to my test equipment and different modems (I do research
  and development for a local computer telecommunications company
  and have an in-house lab at my disposal). After another hour of
  corrupted hard drives I found what I think is the world's worst
  computer virus yet. The virus distributes itself on the modem sub-
  carrier present in all 2400 baud and up modems. The sub-carrier is
  used for ROM and register debugging purposes only, and otherwise
  serves no other (sp) purpose. The virus sets a bit pattern in one
  of the internal modem registers, but it seemed to screw up the
  other registers on my USR. A modem that has been "infected" with
  this virus will then transmit the virus to other modems that use a
  sub-carrier (I suppose those who use 300 and 1200 baud modems
  should be immune). The virus then attaches itself to all binary
  incoming data and infects the host computer's hard disk. The only
  way to get rid of this virus is to completely reset all the modem
  registers by hand, but I haven't found a way to vaccinate a modem
  against the virus, but there is the possibility of building a
  sub-carrier filter. I am calling on a 1200 baud modem to enter this
  message, and have advised the Sysops of the two other boards
  (names withheld). I don't know how this virus originated, but I'm
  sure it is the work of someone in the computer telecommunications
  field such as myself. Probably the best thing to do now is to
  stick to 1200 baud until we figure this thing out.

  Mike Rochenle

2400 Baud Modem Virus spoof

The 2400 Baud Modem Virus spawned a humorous alert by Robert Morris III : 

  Date: 11-31-88 (24:60)        Number: 32769
  To: ALL Refer#: NONE
  From: ROBERT MORRIS III Read: (N/A)
  Subj: VIRUS ALERT     Status: PUBLIC MESSAGE

  Warning: There's a new virus on the loose that's worse than
  anything I've seen before! It gets in through the power line,
  riding on the powerline 60 Hz sub-carrier. It works by changing the
  serial port pin outs, and by reversing the direction one's disks
  spin. Over 300,000 systems have been hit by it here in Murphy,
  West Dakota alone! And that's just in the last 12 minutes.

  It attacks DOS, Unix, TOPS-20, Apple-II, VMS, MVS, Multics, Mac,
  RSX-11, ITS, TRS-80, and VHS systems.

  To prevent the spread of the worm:

   1) Don't use the powerline.
   2) Don't use batteries either, since there are rumors that this
      virus has invaded most major battery plants and is infecting the
      positive poles of the batteries. (You might try hooking up just
      the negative pole.)
  3) Don't upload or download files.
  4) Don't store files on floppy disks or hard disks.
  5) Don't read messages. Not even this one!
  6) Don't use serial ports, modems, or phone lines.
  7) Don't use keyboards, screens, or printers.
  8) Don't use switches, CPUs, memories, microprocessors, or
     mainframes.
  9) Don't use electric lights, electric or gas heat or
     air conditioning, running water, writing, fire, clothing or the
     wheel.

  I'm sure if we are all careful to follow these 9 easy steps, this
  virus can be eradicated, and the precious electronic flui9ds of
  our computers can be kept pure.

  ---RTM III

America Online Upgrade Warning

  Attention Friends 

  Another scam on the lurch on the AOL net....   BEWARE !!!!!!
  If you receive an e-mail that is titled "Fwd: America Online 4.0
  Upgrade" or has an attached file called "Setup40.EXE" Do not download
  the program it  is NOT AOL 4.0 it is a program that will e-mail your
  SCREEN NAME and your PASSWORD to two or more people during two blackouts
  of your computer screen.  DO NOT DOWNLOAD DELETE IT!!!
  Please E-Mail this letter to as many people as possible  to avoid
  damage....thanks !!!

WIN A HOLIDAY Hoax 

  VIRUS WARNING !!!!!!

  If you receive an e-mail titled "WIN A HOLIDAY" DO NOT open it. It
  will erase everything on your hard drive. Forward this letter out
  as many people as you can. This is a new, very malicious virus and
  not many people know about it. This information was announced
  yesterday morning from Microsoft; please share it with everyone
  that might access the Internet. Once again, pass this along to
  EVERYONE in our address book so that this may be stopped. Also, do
  not open or even look at any mail that says "RETURNED OR UNABLE TO
  DELIVER" This virus will attach itself to your computer components
  and render them useless. Immediately delete any mail items that
  say this. AOL has said that this is a very dangerous virus and
  that there is NO remedy for it at this time. Please practice
  cautionary measures and forward this to all your online friends
  ASAP.

Cat Colonic Hoax

Why would you want to give a cat a colonic anyway. This is a hoax.

  If you receive an e-mail entitled, "How to Give a Cat a Colonic," DO NOT
  open  it. It will erase everything on your hard drive.  Forward this letter
  out to as many people as you can. This is a new, very malicious virus and 
  not many people know about it. This information was announced yesterday 
  morning from IBM. Please share it with everyone that might access the 
  Internet.  Once again, pass this along to EVERYONE in your address book 
  so that this may be stopped. AOL has said that this is a very dangerous 
  virus and that there is NO remedy for it at this time.  

Mobile Phone Virus Hoax

And now a virus that attacks a mobile phone just by dialing in and listening.

  Subject: GSM mobile phones Virus!
  Date: Wed, 19 May 1999 10:39:00 -0400

  BEWARE!!!

  Dear all mobile phone's owners,

  ATTENTION!!!

  NOW THERE IS A VIRUS ON MOBILE PHONE SYSTEM.
  All mobile phone in DIGITAL system can be infected by this virus. If
  you receive a phone call and your phone display "UNAVAILABLE" on the
  screen (for most of digital mobile phones with a function to display
  in-coming call telephone number), DON'T ANSWER THE CALL.
  END THE CALL IMMEDIATELY!!! BECAUSE IF YOU ANSWER THE CALL, YOUR 
  PHONE WILL BE INFECTED BY THIS VIRUS.

  This virus will erase all IMIE and IMSI information from both your phone
  and your SIM card which will make your phone unable to connect with the
  telephone network.  You will have to buy a new phone.

  This information has been confirmed by both Motorola and Nokia. For
  more information, please visit Motorola or Nokia web sites:
  http://www.mot.comor http://www.nokia.com  There are over 3 million
  mobile phone being infected by this virus in USA now.  You can also 
  check this news in CNN web site: http://www.cnn.com 

  Please forward this information to all your friends who have digital mobile
  phones.

Wobbler and California Virus Hoax

The Wobbler virus was supposed to be in a file named California. Both the virus and 
the file are a hoax. There is a report from IBM on Wobbler but like this page, it says 
that wobbler is a hoax.

  Subject: FW: New Virus Warning 
    Dear ALL 

  Thought you might be interested in this message. If you receive an e-mail 
  with a file called "California" do not open the file. The file 
  contains the "WOBBLER" virus. 

  This information was announced yesterday morning by IBM. The report says 
  ..."this is a very dangerous virus, much worse than "Melissa" 
  and there is NO remedy for it at this time. Some very sick individual 
  has succeeded in using the reformat function from Norton Utilities 
  causing it to completely erase all documents on the hard drive. It has 
  been designed to work with Netscape Navigator and Microsoft Internet 
  Explorer. destroys Macintosh and IBM compatible computers. This is a 
  new, very malicious virus and not many people know about it at this 
  time. Please pass this warning to everyone in your address book and share 
  it all your online friends ASAP so that the destruction it can cause 
  may be minimized" 
  
  All the best 
       Dan  

  Dans le cas ou l'information suivante puisse vous servir un jour je vous la
  transmet.

  J'ai été informe par mail d'un nouveau virus-WOBBLER. Il est transmis par un
  mail intitule CALIFORNIA. IBM et AOL ont annonce qu'il serait très puissant,
  encore plus que Melissa (connaît pas pour ma  part!), et il n'y a pas de
  remède (plus embêtant!). Il dévorerait toutes les informations situées sur
  votre disque dur et détruirait également Netscape Navigator et Microsoft
  Internet Explorer. N'ouvrez pas de mail intitule ainsi et transmettez ce
  message a tous vos contacts.

Lump of Coal Virus Hoax

Whomever wrote the Lump of Coal hoax should get some lumps for starting this 
around.

  Warning on December 25, 1999 you may receive an e-mail called, Lump of
  Coal...do not open it, it contains a deadly virus...it will erase your
  windows along with many other program files.  Pass this on as soon as
  you can to get the WORD out!!! This is not a hoax....this was reported 
  on the CBS morning news August 20,1999

BUDDYLST.SIP Virus Hoax

The BUDDYLST hoax even comes in French.

 
  Objet: Fw: Danger - Virus - Danger

  This is not a joke
 
  This information came from Microsoft.
  Please pass it on to anyone you know who has access to the Internet.
 
  You may receive an apparently harmless Budweiser screen saver,
  entitled BUDDYLST.SIP.
 
      If you do -DO NOT OPEN IT UNDER ANY CIRCUMSTANCES,
      but delete it immediately.
  
  Once opened, you will lose EVERYTHING on your PC.
  Your hard disc will be completely destroyed and the person who sent
  you the message will have access to your name and password via the
  Internet.
 
      As far as we know, the virus was circulated yesterday morning.
      It's a new virus, and extremely dangerous.
  
  Please copy this information and e-mail it to everyone in your
  address book. We need to do all we can to block this virus.
 
  AOL has confirmed how dangerous it is, and there is no anti-virus
  program yet, which is capable of destroying it.
  
  Please take all the necessary precautions and pass this information
  on to your friends, acquaintances and work colleagues.

  Microsoft nous a communiqué le message qui suit.
  SVP le transmettre à toute personne que vous connaissez qui a accès
  à l'Internet.
 
  Vous recevrez peut-être un écran de veille (" screen saver ") de
  Budweiser qui à prime abord vous paraîtra inoffensif.
     Le message est intitulé BUDDYLST.SIP.
 
  Si vous le recevez, NE L'OUVREZ PAS EN AUCUN CAS - annulez-le
  immédiatement.
 
  En l'ouvrant, vous allez perdre TOUTES LES DONNÉES de votre
  ordinateur et votre disque dur sera totalement détruit.  De plus, la
  personne qui vous aura envoyé ce message aura accès à votre nom et votre
  mot de passe via l'Internet.
 
  Tout ce que nous savons c'est que le virus a été circulé hier matin.
 
     Il s'agit d'un tout nouveau virus qui est extrêmement dangereux.
     Veuillez communiquer ces renseignements par courriel à toutes les
     adresses dans votre carnet d'adresses.
  Nous devons tout faire pour le bloquer.
 
  AOL a confirmé jusqu'à quel point ce virus est dangereux.
  Aucun programme actuel ne peut le détruire.
  Veuillez prendre toutes les précautions nécessaires, et communiquer
  ce message à vos amis, connaissances et collègues de travail.

Family Pictures Hoax

This must have been put out by someone who is tired of looking at other people's 
picture albums. 

 Subject: Virus to look out for

DO NOT OPEN "NEW PICTURES OF FAMILY" It is a virus that will erase your
whole "C" drive. It will come to you in the form of an E-mail from a 
familiar person. I repeat a friend sent it to me, but called & warned 
me before I opened it. He was not so lucky and now he can't even start 
his computer! Forward this to everyone in your address book. I would 
rather receive this 25 times than not at all. 

Also: Intel announced that a new and very destructive virus was 
discovered recently. If you receive an e-mail called "FAMILY PICTURES," 
do not open it. Delete it right away! This virus removes all dynamic 
link from your computer. Your computer will not be able to boot up.

WTC Survivor Virus Hoax

This warning is just another variant of the Family Pictures Hoax.

To: friends 
Sent: Thursday, December 13, 2001 9:11 PM 
Subject: Troubles with Virus WTC Survivor 

HOPE THIS GETS TO YOU IN TIME 
BIG TROUBLE !!!! DO NOT OPEN "WTC Survivor" 

It is a virus that will erase your whole "C" drive. It will come to you in 
the form of an E-Mail from a familiar person. I repeat a friend sent it to 
me, but called and warned me before I opened it. He was not so lucky and 
now he can't even start his computer! Forward this to everyone in 
your address book. I would rather receive this 25 times than not at 
all. If you receive an e-mail called "WTC Survivor" do not open it. 
Delete it right away! This virus removes all dynamic link libraries 
(.dll files) from your computer. 

This is a serious one. 

  

intifadah.cjb.net Hoax

This particular hoax probably has a political motive. A web site cannot do what is 
indicated in the message without your help. If a website can get you to download 
and run an application then it can do anything to your system but without that help 
it can do little more than open a bunch of windows. Opening a bunch of windows might 
make your system unusable until you quit your browser or rebooted your system but 
would do no permanent damage. 

I actually went to this site and looked around. I did not find anything malicious. If you 
click on the about box, it takes you to a page that acknowledges that the hoax message 
is out there and makes the statements: 

• Your hard disk will not crash at this web site. 
• This web site is not maintained by Zionists. 
• The warning wasn't an attempt to draw attention to this web site

(this web site didn't exist until the warning was sent). 

Subject;  Warning!

I don't know how true the following is, I am
forwarding it just in case!

Warning:


Do NOT enter this website: (intifadah.cjb.net)
or any other web sites that ends up with CJB.net.

These are Zionist web sites.  Th Intifada
website has been constructed by the Zionists
to attract Arabs and Muslims who browse the
net.  If you enter the website, your hard-drive
crashes at once.

SULFNBK.EXE Hoax

This warning is a hoax. It was originally issued in Portuguese but some nice person 
translated it into English. The real sulfnbk.EXE program is a Windows program that 
is used to restore long file names. You will find it in the \Windows\Command folder. 
Keep in mind that sulfnbk.EXE, like any executable program, could be infected with 
a virus. You should regularly scan all the files on your system using a current 
anti-virus scanner to insure that none of them contains a virus. 

Information on how to replace the sulfnbk.EXE program, in case you deleted it, is 
available at the Symantic and other anti-virus web sites. 

Subject: BAD virus - act quickly!!
Date: Tues, 29 May 2001 21:57:22 -0400

Subject: Please Act Urgently
VIRUS COULD BE IN YOUR COMPUTER
It will become activate on June 1st and will delete all files and folders on
the hard drive.
No Anti-Virus software can detect it because it doesn't become a VIRUS
until 1/6/2001.
It travels through the e-mail and migrate to your computer.
To find it please follow the following directions:
Go To "START" button
Go to "Find" or "Search"
Go to files and folders
Make sure to search in drive C
Type in; SULFNBK.EXE
Begin Search
If it finds it, highlight it and delete it
Close the dialogue box
Open the Recycle Bin
Find the file and delete it from the Recycle Bin
You should be safe.
The bad part is you need to contact everyone you sent ANY e-mail to in the
past few months.
Many major companies have found this virus on their computers.
Whatever you do, DO NOT open the file.  

Virtual Card Hoax

Granted a real virus could delete sector 0 on your hard drive but this isn't one of them. 
Also note that a knowledgeable person could put back sector 0 of a hard drive and get 
back all your files. 

URGENT ALERT
 
Please read the following carefully and send it to
EVERYONE you know.  Send it to all contacts you have, for I
agree with the message, I'd rather receive this 25  times as 
to not at all....
-------------------------------------------------------
 
A new virus has just been discovered that has been classified by 
Microsoft www.microsoft.com) and by McAfee (www.mcafee.com) as 
the most destructive ever! This virus was discovered yesterday 
afternoon by McAfee and no vaccine has yet been developed. This 
virus simply destroys Sector Zero from the hard disk, where vital 
information for its functioning are stored. This virus acts in the 
following manner: It sends itself automatically to all contacts on 
your list with the title "A Virtual Card for  You". As soon as the 
supposed virtual card is opened, the computer freezes so that the 
user has to reboot. When the ctrl+alt+del keys or the reset button 
are pressed, the virus destroys Sector Zero, thus permanently 
destroying the hard disk. Yesterday in just a few hours this virus 
caused  panic in New York, according to news broadcast by CNN 
(www.cnn.com). This alert was received by an employee of Microsoft 
itself. So don't open any mails with subject "A Virtual Card for You". 
As soon as you get the mail, delete it. Please pass on this mail to 
all your friends. Forward this to everyone in your address book. I 
would rather receive this 25 times than not at all. Also: Intel 
announced that a new and very destructive virus was discovered 
recently.  If you receive an e-mail called "An Internet Flower 
For You", do not open it. Delete it right away! This virus removes 
all dynamic link libraries(.dll files) from your computer. Your 
computer will not be able to boot up.

SEND THIS TO EVERYONE ON YOUR CONTACT LIST!!
  

!000 Hoax

I was kind of hoping that this one would die of its own accord, but no such luck. While 
not really false, this list of instructions does not really help you prevent infections 
and could fool you into being careless. For the few worms that remote control your 
Outlook application, this would tell you that you had already spammed the world 
with who knows how many worm infected e-mails. For the current crop of worms 
that spread via e-mail, which contain their own internal mailer, this would do nothing. 
Your time would be much better spent installing a good anti-virus program and 
keeping it updated. 

A variant of this says to use AAAAAAA for the user's name and 
WormAlert@somewhere.com as the address. Unfortunately, somewhere.com is a 
real domain and now they are getting hammered by every infected machine that 
uses this "Fix!" I'm sure they would like it to stop. 

Remember, don't run attachments that you were not expecting to receive, even 
those that appear to have been sent by a friend. Verify them first with the friend 
before running them (assuming you really trust the friend). 

Here is a very helpful tip concerning worm viruses you could get in an e-mail:

As you may know, if a worm virus gets into your computer, it heads straight 
for your e-mail address book and sends itself to everyone in there, thus 
infecting all your friends and associates. This tip won't keep the virus from 
getting into your computer, but it will stop it from using your address book 
to spread itself further, and it will alert you to the fact that a worm virus 
has gotten into your system.

Here's what you do:
 
1.  Open your address book and add a "New Contact" just as you would do if 
you were adding someone to your list of e-mail addresses;
 
2.  In the window where you would type your contact's first name, type !000 
(that's an exclamation mark followed by 3 zeros);
 
3.  In the box where you would enter the e-mail address, type Worm Alert;
 
4.  Click Add;
 
5.  Then, click OK.

Now, here's what you've done and why it works: The name !000 will appear at
the top of your e-mail list as entry number:
 
A. This is the first e-mail address a worm virus will find when it tries to 
send all of your friends a virus infected e-mail. But  because the 1st e-mail 
address is invalid, it will be undeliverable, and the worm virus stops any 
further attempts to access your address book.

B. The second advantage of this tip is that you will be notified when an 
e-mail cannot be delivered because of an invalid e-mail address. You will 
receive an e-mail telling you  that your e-mail to "Worm Alert" could
not be delivered. If you get this message, you'll know right away that you've 
got a worm virus in  your system. You can then take the appropriate steps to get 
rid of it. Just knowing that you even have a virus is half the battle.
 
This is a very helpful tip, so pass it on.

  

The Jdbgmgr Hoax (aka Teddy Bear Virus)

The jdbgmgr hoax is almost the same as the sulfnbk hoax in that it tells you to delete 
a program that was installed with Windows. jdbmgr.EXE is the Java Debugger Manager 
and does have an icon that looks like a Teddy Bear. It is not, normally, a virus. As with
all executables, it is not impossible to have a copy of jdbmgr.EXE that is infected 
by a virus but that virus will be detected by your anti-virus software. 

Microsoft has posted the article Q322993 with information on how to replace 
jdbgmgr.EXE if you have deleted it. 

Subject: IMPORTANT-VIRUS ALERT!!!
Date: Thu, 18 Apr 2002 04:01:21 +0000

Hi everybody, I just wanted to let you know you
should check your computers by following the 
procedure that's next....I don't remember 
getting an e-mail with that file attachment, but 
I found it in my system. Since I found the
dumb little bear in my computer, I'm sending 
you the info.

The virus is called jdbgmgr.EXE and it transfers
automatically through Messenger and also through 
your address book and since I have all of you in
my address book I have to send everyone this info.
I'm sorry if this causes any problems.  It 
certainly wasn't intentional.

The virus isn't detected by McAfee or Norton and it
remains in the folder for 14 days before activating 
and harming the system. It can be erased before 
it eliminates the files in your computer.  To
do so, follow these steps:

  1.- Click on "Start"
  2.- Go to find "files and folders" and write the
      name of jdbgmgr.EXE
  3.- Make sure it's looking in "C" drive.
  4.- Click on "Find now"
  5.- If the virus appears (the icon is a little bear
      that has the name of (jdbgmgr.EXE) 
      DO NOT OPEN IT FOR ANY REASON
  6.- Right click on it and delete it (it will go to
      the recycle bin)
  7.- Go to the recycle bin and either delete
      everything in the folder, or right click on 
      the little bear and delete.
      
If you find this virus in your computer, please send
this message to all the people in your address book 
before it causes any damage.
  

me llego este mail y pues me parece importante que lo lean y 
lo lleven a cabo porque yo encontre este virus en mi computador.
El motivo de este e-mail es advertir a todos los usuarios de
hotmail sobre un nuevo virus que circula por medio del MSN 
Messenger. El virus se llama jdbgmgr.EXE y se transmite 
automáticamente por medio del Messenger y tambien por la 
libreta de direcciones. El virus no es detectado por McAfee 
o Norton y permanence en letargo durante 14 días antes de 
dañar el sistema entero. Puede ser borrado antes de que elimine 
los archivos de tu computadora. Para eliminarlo, solo hay que
hacer los pasos siguientes:

  1. Ir a Inicio, pulsar "buscar"
  2.- En búsqueda "archivos o carpetas" escribir el nombre jdbgmgr.EXE
  3.- Asegurarse de que este buscando en disco "C"
  4.- Pulsar en "buscar ahora"
  5.- Si aparece el virus (el icono es un osito) que tendrá el nombre
      de jdbgmgr.EXE NO ABRIR POR NINGUN MOTIVO.
  6.- Pulsar en el botón derecho del ratón y eliminarlo (ira a la
      papelera de reciclaje).
  7.- Ir a la papelera de reciclaje y borrarlo definitivamente o bien
      vaciar la papelera entera.
SI ENCUENTRAN EN VIRUS EN SUS EQUIPOS MANDAR ESTE MENSAJE A LAS
PERSONAS QUE TENGAN EN SU LIBRETA DE DIRECCIONES ANTES DE QUE CAUSE
ALGUN DAÑO

Subject: Virus-Warnung

Auf jeden Fall durchlesen!!!

DRINGEND!!!

Nach einer Virus-Warnung von einem Freund habe ich den Virus tatsächlich
auch bei mir gefunden. Dieser breitet sich über mein Adressbuch aus. Und
Sie/Ihr steht auch alle in meinem Adressbuch. Es ist wirklich ein
Ernstfall! Bitte schaut umgehend nach!!!

Ausschnitt aus der bei mir eingetroffenen Warnung:

Das Virus verbreitet sich von Adressbuch zu Adressbuch, also bitte
gleich nachschauen. Es ist in der Tat von Norton und McAfee (und AntiVir
9x) nicht auffindbar. Es schlummert etwa 14 Tage auf dem Rechner,
aktiviert sich dann selbst und löscht sämtliche Daten auf der
Festplatte.

Die Anweisung zu seiner Entfernung ist recht einfach:
1. Auf "Start" klicken, dann auf "Suchen", dann auf Dateien/Ordner.
2. In der Suchmaske "jdbgmgr.EXE" eintippen - so heisst die Virusdatein
3. Bei "Suchen in" muss die Festplatte drin stehen, in der Regel C:
4. Suche starten
5. Wenn diese Datei auftaucht (sie hat einen kleinen Teddybär)

AUF KEINEN FALL ÖFFNEN

6. Mit der rechten Maustaste den Dateinamen anklicken, dann löschen
drücken
7. Bei der Rückfrage ob die Anwendung tatsächlich in den Papierkorb
verschoben werden soll, Ja drücken
8. Auf den Desktop gehen und den Papierkorb öffnen
9. Die Datei "jdbgmgr.EXE" im Papierkorb suchen und mit der rechten
Maustaste löchen.

Wenn Du/Sie die Datei auf dem Rechner gefunden hast/haben, bitte diese
e-Mail an alle Kontakte im Adressbuch versenden, weil der Virus über das
Adressbuch verbreitet wird. Danke!

Life Is Beautiful Hoax

Another watch out for this file hoax. This time it is a Power Point presentation. Now, 
a power point presentation could contain a virus, just like Word and Excel so always 
check them with an anti-virus program before opening a downloaded file and turn off 
auto-execution of included macros. 

This information arrived this morning, from Microsoft and Norton. 
Please send it to everybody you know who accesses the Internet. You may 
receive an apparently harmless e-mail with a Power Point presentation 
called "Life is beautiful.pps." 
If you receive it DO NOT OPEN THE FILE UNDER ANY CIRCUMSTANCES, and 
delete it immediately. If you open this file, a message will appear on 
your screen saying: 
"It is too late now, your life is no longer beautiful", subsequently you 
will LOSE EVERYTHING IN YOUR PC and the person who sent it to you will 
gain access to your name, e-mail and password. 
This is a new virus which started to circulate on Saturday afternoon. 
WE NEED TO DO EVERYTHING POSSIBLE TO STOP THIS VIRUS. AOL has already 
confirmed its dangerousness, and the anti-virus Softs are not capable of 
destroying it. The virus has been created by a hacker who calls himself 
"life owner", and who aims to destroying domestic PCs and who also fights 
Microsoft in court! 
That's why it comes disguised with extension pps. He fights in court for 
the Windows-XP patent. 

MAKE A COPY OF THIS EMAIL TO ALL YOUR FRIENDS.