There’s an email purporting to be from Federal Express, claiming that a parcel was sent to your home address and it will arrive within 5 business days. There’s an attachment in the email for the recipient to obtain more information and the parcels tracking number.
This email is not from FedEx and do not open the attachment named (FedEx mail.zip). The attached zip file is a Trojan that will install itself without the knowledge or consent from the user. This Trojan will launch pop ups alerting the user that their computer is infected with viruses.
The Trojan installs a fake antivirus program that will automatically launch and scan the computer for viruses. The fake antivirus program will report false and or exaggerated threats on the computer. In order to remove the false threats from the computer, the user will need to purchase the full license version of the fake antivirus program.
This is a very popular scam that tricks people into paying for a program that is a fake. If you were infected by this attachment, please follow the instructions below to remove the FedEx Trojan.
How to Remove Fake Antivirus Programs
- Reboot your PC and hit F8 to run your computer in Safe Mode with Networking.
- Download MalwareBytes to your desktop and rename it to Explorer.exe as Windows Security 2011 blocks the program named MalwareBytes. If you can’t download files, try using another machine that’s not infected and saving the files to a flash drive or other storage device.
- Download and Run RKILL to stop all background processes related to Windows Security 2011.
- Launch MalwareBytes and run a (Full Scan) to remove infections.
- Delete the file called “Hosts” in C:\Windows\System32\Drivers\etc\HOSTS and add the default Hosts file (below) for your operating system in C:\Windows\System32\Drivers\etc\
- Reboot your computer.
Your computer should be clean and working normal again.