The holiday has past, but there are a slew of spam e-greeting cards showing up in many inboxes. The subject line in the email may have the following messages;
- Happy Belated Holidays!
- Belated Christmas Wishes
- Happy Belated New Years
Users who click on any links in the e-card are redirected to domains that attempt to dupe users into installing a fake Flash player.
The Flash Player comes with more than just flash; it is loaded with malware and other malicious code. In some cases, like the one that showed up in one of my spam email accounts had the security tool virus.
My wife received an e-card yesterday and again in order to view the e-card, she had to download the flash player. I was a bit curious to see what this puppy had in store and it had plenty of tricks. I forwarded the email to my inbox and opened it on my test system. I downloaded the fake flash player and with it came another rogue antivirus program.
It looks like there are a few variations of rogue antivirus programs attached to this fake flash player download.
Users should be careful when downloading any programs prompted by an email in order to view content. If you are unaware of the sender, delete the email immediately.
If you are infected by the Security Tool or System Tool, I have included 6 steps on how to remove these Rogue Security Programs.
MalwareBytes – AntiMalware is a malware removal program.
RKill is a program developed at BleepingComputer.com that kills processes related to Security Tool.
hosts-perm.bat – Security Tool changes the permissions of the HOSTS file so you can’t edit or delete it.
How to Remove System Tool or Security Tool
- Download MalwareBytes to your desktop and rename it to Explorer.exe as Security Tool blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
- Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
- Run RKILL to stop all background processes related to Security Tool.
- Launch MalwareBytes and run a (Full Scan) to remove infections.
- Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\
- Reboot your computer.
Your computer should be clean and working normal again.
For more detailed instructions, visit http://www.bleepingcomputer.com/virus-removal/remove-security-tool
Security Tool Downloads Via Fake Firefox Block Page
Security Tool Virus Spreads Via Fake Adobe Update
Security Tool Installs as a Firefox and Flash Update
Security Tool Virus Update and Removal
How to Remove Security Tool Virus