E-Card Spam Loaded with Rogue Antivirus

by on 01/04/2011 in Fake Antivirus, Scams & Hoaxes, Security

The holiday has past, but there are a slew of spam e-greeting cards showing up in many inboxes. The subject line in the email may have the following messages;

  • Happy Belated Holidays!
  • Belated Christmas Wishes
  • Happy Belated New Years

Users who click on any links in the e-card are redirected to domains that attempt to dupe users into installing a fake Flash player.

Example E-Card

E-Card Scam

The Flash Player comes with more than just flash; it is loaded with malware and other malicious code. In some cases, like the one that showed up in one of my spam email accounts had the security tool virus.

My wife received an e-card yesterday and again in order to view the e-card, she had to download the flash player. I was a bit curious to see what this puppy had in store and it had plenty of tricks. I forwarded the email to my inbox and opened it on my test system. I downloaded the fake flash player and with it came another rogue antivirus program.

It looks like there are a few variations of rogue antivirus programs attached to this fake flash player download.

Users should be careful when downloading any programs prompted by an email in order to view content. If you are unaware of the sender, delete the email immediately.

If you are infected by the Security Tool or System Tool, I have included 6 steps on how to remove these Rogue Security Programs.

Tools needed

MalwareBytes – AntiMalware is a malware removal program.
RKill is a program developed at BleepingComputer.com that kills processes related to Security Tool.
hosts-perm.bat – Security Tool changes the permissions of the HOSTS file so you can’t edit or delete it.

How to Remove System Tool or Security Tool

  1. Download MalwareBytes to your desktop and rename it to Explorer.exe as Security Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
  2. Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
  3. Run RKILL to stop all background processes related to Security Tool.
  4. Launch MalwareBytes and run a (Full Scan) to remove infections.
  5. Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\
  6. a.      Windows XP HOSTS File Download Link
    b.      Windows 7 HOSTS File Download Link

  7. Reboot your computer.

Your computer should be clean and working normal again.

For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-security-tool

Related Articles
Security Tool Downloads Via Fake Firefox Block Page
Security Tool Virus Spreads Via Fake Adobe Update
Security Tool Installs as a Firefox and Flash Update
Security Tool Virus Update and Removal
How to Remove Security Tool Virus

4 Responses to “E-Card Spam Loaded with Rogue Antivirus”

  1. Bunnygotblog

    Jan 4th, 2011

    This is one problem I haven’t had. Seriously fighting with the ex. Since he is in Stuttgart now it seems very funny.

    • Frank Jovine

      Jan 4th, 2011


      Hang in there, it all dissolves sooner than later.

  2. Ech0 Derby

    Jan 8th, 2011

    Its now at the point where I don’t open any of these type of emails. The risk is too great.

    Bit of a problem, because my mother in law is addicted to sending them and then gets offended when you don’t reciprocate :-)

  3. Mr Ghaz

    Jan 8th, 2011

    useful share as always..recommended :) ping done