I’ve gotten this infected email four times, including one from my sister, and one from my sister-in-law. All four came from Hotmail or MSN accounts so I assume it’s a Hotmail/MSN virus.

The message looks like this or something similiar.  This is the one from my sister:

And the one from my sister-in-law was even more sophisticated because it put my name in the message:

If you click on it you will get the virus too and it will send messages to everyone in your Hotmail or MSN account. What I don’t know if it infects your computer or if it just infects your account on Microsoft’s servers. I don’t want to click and find out, unless I do it on a junk computer.  Until I have time to do that, I traced one email back to Spain.

I sent an email to the address in Spain of the internet provider to warn them, to this address: abuse@orange.es.

The other came from Turkey.

If you’ve received this email and clicked on it, I recommend that you run Malwarebytes. If that doesn’t fix it, then call Ducktoes Computer Repair and Calgary IT support to help you. We can even fix your computer over the internet remotely, anywhere in the world.

According to the LA Times, victims of the Winfixer, Drive Cleaner and Antivirus XP scam are entitled to a refund.  See here.  http://latimesblogs.latimes.com/money_co/2011/12/scam-watch-computer-virus-warning-ponzi-scheme-fake-bbb-email.html.

If you fall for any other anti-virus scams or have a Rogue Anti-virus or Rogue Anti-Spyware, we can help at our Calgary Virus Removal lab.

Here’s a youtube video from Sophos that shows how you can get infected from a Google Ad advertising Norton.  Note how on the fake Norton website the colors are yellow like Norton Antivirus or Symantec, but there’s no real name, only the word “Anti-virus,” a clue you’re not getting the real deal, but a rogue antivirus. Be aware when going to unfamiliar sites. In the meantime, I’ll try to let Google know this is a fraudulent website. We call that a phish website. Try not to go phishing, the phish ARE biting, but are biting right in the ol kazoo, meaning where it hurts most: your wallet and computer.

If you did buy the fake Norton from the phish website, it wouldn’t work, and would infect your computer with more viruses and spyware.

Many new Ducktoes clients have been victims of a phone scam where a caller from outside of Canada claims to be from Microsoft. The friendly and helpful caller convinces the client their computer is infected with viruses.  He sympathizes  and earns their trust.  And then persuades them to give him access to their computer and even (yes, even!) payment with their credit card number.  He remotely controls the computer and “fixes” it.  After hanging up, the client gets that hair-prickling-the-back-of- your-neck, you been compromised feeling and calls Ducktoes to ask if this was a legitimate repair service by Microsoft.  I don’t even have time to tut-tut, instead I say, yikes, or the stronger language “omg,” hang up immediately and call your bank or credit card company to turn off the credit card!  They are lucky if the purchase price is the only amount withdrawn.  It’s often too late to get the $200 – $300 back of the dubious virus removal and computer repair costs, but often prevents even larger amounts from being stolen.

Then at the shop we remove the keyloggers: software that records every keystroke you make, also known as the “betrayed lover” software because many people use it to catch a straying partner in an affair by reading their emails and instant chats to other man or woman.  But the fraudsters don’t care if you’re stepping out, they’re out for cold cash, and oodles of it they must be making off Calgarians alone, not to speak of others all over North America.

In Winnipeg the police have issued a warning about the same fraudsters. Here’s the link to the CTV News story. And here’s another story about the same scam.

Microsoft doesn’t call people to tell them they have viruses or computer problems. They never do unsolicited computer repair. So if you get a call telling you this, hang up. If you’ve fallen for the scam, bring in your computer to Ducktoes Computer Repair or let us check it out remotely. You may have a keylogger or other spyware. Also speak immediately to your bank about the credit card purchase. You’ll have to get a new card and number.

I like AVG…no bones about it. And I recommend it to my clients because it’s easy to use and it’s reliable and now with version 9.0 it’s also faster again. On the comparative tests at Virus.gr, AVG Free removed 97% of the viruses. I have clients–with teenage sons— who used to hire me every six months to clean their computers of malware, I convinced them to try AVG and voila, two years later, and they still haven’t needed me to clean viruses again. I know, amazing!! And so much easier on the budget than computer repair bills.

If a client calls and asks me how to get AVG for their computer, I tell them to search for AVG on Google, but this week a client named Anna accidentally downloaded a virus from Google instead. Among all the legitimate links for AVG in her Google search results, she managed to click on a link that lead to Antivirus 2010, a rogue anti-virus which I remove several times a week from other clients’ computers.

Here’s where she clicked:

Don't download this one!

All the rest of the links are good. Look for http://avg.com or http://free.avg.com. Or you can use the one I use from CNET’s download.com: http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html Since it’s Cnet, you know it’s safe. Just scroll down further in the Google search results for AVG.

Be careful out there, it’s a wild web!!

The worst virus I’ve ever seen is now making its way through Bit Torrent and Limewire and other file sharing programs. It’s called Virut. And once you have it it’s pretty much game over and time for a clean install. You’re done. At least you’re operating system is kaput. So if I were you I’d make sure your anti-virus is working and updating regularly. And stay away from P2Ps until this settles down. Lots of people are losing everything on their computers. What makes Virut so nasty is that it patches itself to every executable, so everything time you run an anti-virus, it “patches itself” onto the anti-virus. Also it changes system files, so if you “delete” instead of “cure” or “heal” them, you’ll be facing at least a Repair install.

Some fixes for Virut run in Safe Mode, but on my client’s computer, Safe Mode isn’t working. I’m right now trying a method I saw on the Internet that uses Dr. Web. Cure-it.

Ms. Ducktoes is really busy removing spyware and replacing power supplies today, but I’ve noticed an influx of this new worm. So I thought I should warn you. It’s called the Downandup/Conficker worm. Millions of computers are infected. To avoid getting it, turn off Autoruns on your computer. Click here to learn how to turn off Autoruns.

To fix or remove Downandup or Conficker worm, there are these free removal tools:
ftp://ftp.f-secure.com/anti-virus/tools/beta/fsmrt.zip
ftp://ftp.f-secure.com/anti-virus/tools/beta/f-downadup.zip

Then run the usual Malwarebytes et al as in this post on Free Anti-spyware just to get rid of any remaining spyware. More later, my chickadees.

Ms. Ducktoes really feels for the readers whose computers have the Hallmark card virus. So many of you are still coming to this blog for a fix. This has been going on for months.

Since so many of you are still getting infected, today I went on-line to do a more research. I was wondering if there were any new variants etc.

What I found troubled me:

The links lead to a Youtube video which pretends to be a Tutorial but really is an ad for AntispywareOn.com, a rogue anti-virus site that will give you–you guessed it–more spyware and viruses. You can play the video without getting infected but don’t go to AntivirusOn.com. The video’s not much to see; it’s mostly obscured by big letters telling you to go to AntivirusOn.com. Click here to see the video.

Now here’s a video that’s more interesting. The video maker “Video search engine” infects a virtual machine with what you get on AntivirusOn.com and makes a video of the result. And, oh dear, the result looks surprisingly familiar: like another variant of the Windows XP Antivirus 2008/2009!

Ms. Ducktoes wants to stamp her (web) foot, she’s so sick of the Hallmark card virus and the Windows XP Anti-virus!!!

If you have the Hallmark virus, don’t go to AntivirusOn.com and even get more spyware and viruses. I’m sure some of you have already.

If you need to remove the Hallmark Card virus, the Windows Xp Anti-virus 2008/2009 or any other spyware, try this first.

If you already have bad spyware problems and can’t download the anti-spyware abovego here for a fix.

Good luck and as always your comments are most welcome.

I’m concerned. Today while researching the Hallmark card and postcard.exe virus, I got these results on Google.

Image of Google Results

The highlighted result in the middle leads to a download site for Windows XP Antivirus 2008/2009, a rogue Antivirus that is really a deadly virus for your computer. I mean a nasty.

So this is the dramatic scenario, my innocent ducklings, you receive a Hallmark card or other e-card e-mail. You know you are not supposed to open attachments on e-mails especially those ending with .exe or .dll but on this e-mail there are none. So you feel safe. There is a link, however, for you to see the Hallmark card (or other e-card) someone sent you. You click the link. Instead of an ecard, your computer fills with the Hallmark card virus, and depending on what variant you download, a pretty bad virus.

Your computer is now looking and acting strange. You’re worried. You search online for solutions. You search for “Hallmark card virus removal”. You get results such as the ones above. You may luck out and click Ducktoes or another legitimate antispyware site or you may click a link to the fraudulent rogue anti-virus Windows XP Antivirus 2008/2009 above. Immediately your computer starts to fill with an even more lethal virus. So now you have one bad virus and one very bad virus.

The fraudulent website looks like this:

Bogus Antivirus Site

Now Ms. Ducktoes has to go to her day job fixing computers and get back to this later. Please be careful until then. Let me know what’s happening to your computer right now, so I have more information on what new variants there are and the type of frustation and problems you’re having, so I can help you more effectively.

Click on the Comment or No comment tag below. Or e-mail me at admin@ducktoes.com.

And the virus removal techniques in yesterday’s post about How to Fix Vundo in Safe Mode should also be quite effective agains the Hallmark Card and Windows XP Anti-virus. Give them a try. Until later.

Also I’m curious. What spyware or virus are you struggling with right now? Or if you don’t know, what symptoms do you have? I invite your comments. Comment here.

Many, many people are coming to this blog site looking for a fix for the Hallmark card virus. So it’s not a hoax!!! (The hoax part is that the virus will wipe out your hard drive. It doesn’t. But it does make a mess.) The e-mails going out purport to be a link to Hallmark card, read more here (see this post), and if you click that link, you’ll get a direct download of a virus.

If you already have the Hallmark Card virus, there is a fix, or several of them. Usually, normal virus software will remove it. Here are some free anti-virus software that will do the trick. Make sure your software is updated first, after you install and before you run the scan. Without virus definitions, it’s impossible to catch anything.

First to get rid of the virus use one on these antivirus software:

AVG 8 Free for Personal Use
Avast!
Dr. Web CureIt

Then use this antispyware:
SuperAntiSpyware

Virus software is not enough. You’ll also need an excellent anti-spyware tool. Call me at 403-483-0105, if you have any questions. (Please, not in the middle of the night in Canada, however!)

Now if your computer is so bad already it won’t allow you to download anything, you’ll need to go into safe mode.
1. Restart your computer and tap the F8 key repeatedly. Soon you’ll get to a screen that has many different options.

2. Pick the one (use your up and down arrows to move) that says Safe Mode with Networking.

3. A long list of drivers will scroll down the screen. Then you’ll be given and option of Yes or No. Pick Yes, you do want to go into Safe Mode.

4. Now open your browser such as Internet Explorer or Firefox. And type in http://ducktoes.com/blog. Find this post Hallmark Card Fix. And click this link to download Malwarebytes Antispyware.

5. Run and update the program. Make sure you update it first. If your computer (actually the virus or malware) won’t let you update it, run it anyway. Do the quick scan first. Remove the malware it finds and restart the computer and then run it again. If you can update it on the second time, update it and run it again, this time do the full scan.

Then go to the top of this blog post and install one of the antiviruses and the SuperAntispyware.

Good luck and let me know what works or doesn’t for you. Also let me know if it’s hard to download the antispyware. How bad is the virus? Click here to comment.

Ms. Ducktoes now has eat her words, and take back what she said about Grisoft’s free AVG 8 in her last blog. AVG has proved to be a real trooper (a State Trooper even or an RCMP Mountie!) against the criminal and fraudulent Ad Agent BN.

This week the malware has been extremely difficutl to get rid of. Ad Agent BN has been one of the worst.

Ad Agent BN was on a client’s computer, along with several other related Trojans. The client, a friendly twenty-something young man named Matt, had somehow gotten this rogue anti-spyware on his computer. At first the rogue program ran fake warning pop-ups on his desktop saying the computer had spyware. But much worse it then locked up the Matt’s Control Panel, Start menu, and Windows Explorer. Also Run and Search were not accessible.

Matt, a student, needed to turn in his assignments. They were not backed up. The computer was going down fast along with Matt’s marks. I took out the hard drive of his computer and connected it to another computer and ran Spy Sweeper, Avira, and Avast! on the mounted disk. They found several viruses and trojan horses. I also ran regedit by mounting the hive of the harddrive and deleted some infected keys. However when I reconnected the hard drive to Matt’s computer, the spyware and viruses were still there. And they were active!!

Ms. Ducktoes, now in a tizzy about Matt’s marks, not to mention his photos and music, had to do something more. Ducktoes to the rescue!

This is what worked. You can do it too:

1. Boot into Safe Mode with Networking. To do this: Restart the computer. Tap the the F8 key several times while the computer boots up. When you get to the screen with several booting options select Safe Mode with Networking.

2. After Windows starts, then download PC Tools Spyware Doctor, purchase, update it, and run the scan.

3. Restart the computer, let it boot into regular mode several times, restart it after each scan as Spyware Doctor recommends.

4. Boot back into Safe Mode with Networking. Download AVG free. Download AVG 8 free for home users.

5. AVG doesn’t update in Safe Mode. So restart the computer into regular mode. Update AVG. Now run Spyware Doctor. While Spyware Doctor is running the Avg Shields will kick into effect and remove the processes. Using the two programs together will get rid of the Ad Agent BN.

I know that the programs during install tell you that it’s not good to have two anti-viruses running at the same time but it worked!!

So I’m now using free AVG 8 again for all my clients.

Let me know–click the Comments link below– if this works for you.

Ms. Ducktoes is in a flap and a flutter because right now there is a new type of spyware danger that is so new it is causing a bit of havoc and making all of us anti-spyware professionals work overtime. Thousands of computers are infected. Phoney e-mails that purport to be from friends or legitimate businesses encourage the victims to click a link. This will initiate a download of a most dangerous group of spyware and viruses. One is a trojan horse that lets the criminal hacker take over your computer and control it remotely. Others will install a back door in your computer that gives hackers access to do even more damage or add even more spyware. Still others tell you, in a warning on your desktop, that you have spyware, and try to get you to buy a rogue anti-spyware, that will give you even more malware.

I have received three of these phoney, dangerous e-mails. One told me a friend had sent me a Hallmark card that linked to a nasty download of binary code (trojan). I already wrote a blog about that one. Read it here.

Another, my cousin Jack warned his friends and family about, a postcard e-mail that links to a virus download. Here is his e-mail:

Please be careful of the upcoming virus.

Big Virus coming

http://www.snopes.com/computer/virus/postcard.asp

Hi All, I checked with Norton Anti-Virus, and they are gearing up for this virus!

I checked Snopes (URL above:), and it is for real!!

Get this E-mail message sent around to your contacts ASAP.

PLEASE FORWARD THIS WARNING AMONG FRIENDS, FAMILY AND CONTACTS!

You should be alert during the next few days. Do not open any message with an attachment entitled ‘POSTCARD,’ regardless of who sent it to you. It
Is a virus which opens A POSTCARD IMAGE, which ‘burns’ the whole hard disc C of your computer.

This virus will be received from someone who has your e-mail address in his/her contact list. This is the reason why you need to send this e-mail to all your contacts It is better to receive this message 25 times than to receive the virus and open it.

If you receive a mail called’ POSTCARD,’ even though sent to you by a friend, do not open it! Shut down your computer immediately.

This is the worst virus announced by CNN. It has been classified by Microsoft as the most destructive virus ever. This virus was discovered by McAfee yesterday, and there is no repair yet for this kind of virus.
This virus simply destroys the Zero Sector of the Hard Disc, where the vital
Nformation is kept.

COPY THIS E-MAIL, AND SEND IT TO YOUR FRIENDS. REMEMBER: IF YOU SEND IT
TO THEM, YOU WILL BENEFIT ALL OF US. “

While the e-mail is incorrect that the virus will burn a hole in your hard drive, it may cause you to have to get your hard drive reformatted, which will indeed burn all your data, which is essentially the same thing. Also it lets the attackers take control your computer. The trojan is very difficult to remove. The e-mail is confusing a few viruses and hoaxes but is a good warning nevertheless, since it lets everyone know not to open the postcard e-mails. I did receive one this week so it’s definitely making the rounds.

The third one I received–today–was supposedly from Paypal. It said my account had been limited. But the link to fix the account limitation problem was—again, you guessed it—a link to a download of nasty virus code.

So the Phishers and Hackers have stepped up their attacks with a new method. Instead of just getting your passwords and account numbers and credit card numbers as they do in regular phish e-mails and websites, now they give you an immediate download of binary code.

Readmy guide to preventing spyware. Or the Self-Help tutorials here.

Please feel free to comment. I invite all comments. Or let me know what your experience is with e-card viruses. I’d really like to find out what is going on in the larger world.