Hallmark E-Card Phishing Alert

I just received an email (look at picture below)
First look, it seem like a legit email from Hallmark. However, there are a few things a miss:
1. Normally hallmark will put the name of the person sending the ecard, however, in this email, there is no mention of the person that sent it.

2. From email address will be the email of the person sending the email and not some hallmark email address

3. When you mouse over the link, you should note that a real e-card from hallmark will contain "http://hallmark.com/" followed by some characters linking to the webpage where you can view your ecard. You see that in the picture above, when i mouse over, the link is actually an exe file. (http://halmarks[dot]info/hallmark[dot]gif[dot]exe) Notice the spelling of hallmark is wrong, also note the file is an executable and it is always a security thread to run exe off the internet.

For more about hallmark e-card fraud alert. You can check out this link

Home Antivirus 2010 - Scareware - removal

Oh no, another fake antivirus software. There are so many fake computer security application out there that there is now a collective term for them - Scareware. Appropriately name for application that scare you with false security alert!

Some scareware that have been highlighted here before are:
Advanced Virus Remover
Malware Bell
and a website that works the same way.
Get Paid To Advertise Online

I did a search online and found the way to remove this rouge application.
1. Download The Avenger. Fearing that this itself is a malicious application, I did a search on Google and found that many forums and site on removal of rootkit refers to this application. So i guess it is probably safe to use. Google search for "The Avenger"

2. Check "Scan for rootkit" and "Automatically disable any rootkit found"

3. Registry values to delete:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Home Antivirus 2010

4. Folders to delete:
%ProgramFiles%\HomeAntivirus2010

5. Download Malwarebytes' Anti-Malware from cnet download.com. As per "The Avenger" i did a google search to make sure that this is not a rouge application. Found that it is actually reviewed in PC Mag.

6. Perform a quick scan after Malwarebytes Anti Malware is installed.

7. For the list of infected items, select all items for removal.

That's about all. Additional information about Home Anitvirus 2010 are below.

Home Antivirus 2010 creates the following files and folders:
C:\Program Files\HomeAntivirus2010
C:\Program Files\HomeAntivirus2010\HomeAntivirus2010.exe
C:\Program Files\HomeAntivirus2010\htmlayout.dll
C:\WINDOWS\system32\cepapyx.com
C:\WINDOWS\syromeni.bat
C:\Program Files\Common Files\ywukynota.com
C:\Program Files\Common Files\vivifabyx.dll
C:\Documents and Settings\All Users\Application Data\ciqudehyri.dll
C:\WINDOWS\system32\_scui.cpl


Home Antivirus 2010 creates the following registry keys and values
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Home Antivirus 2010
HKEY_CURRENT_USER\Control Panel\don’t load\scui.cpl
HKEY_CURRENT_USER\Control Panel\don’t load\wscui.cpl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel

Instructions here are summarized and take from the site below:
For more information and reference, you can check out http://www.myantispyware.com/2009/07/19/how-to-remove-home-antivirus-2010-uninstall-instructions/

Get Paid To Advertise Online - Leads you to a malicious site!!!

I found this search trend in google "Get Paid To Advertise Online"

Curios to find out what it is, i clicked on some search result from Google. One of the organic search result brings me to this site.
Notice the link that i highlighted. This link will bring you to a site that i strongly suspect is malicious. Here are the screen shoots of what i captured when i was at the site.
If you click "OK" it will install some "Security Anti-virus" on your computer. However, this itself is a malicious software. If you click "Cancel" it repeatedly ask you to install "System Security Antivirus"


In order to terminate it. You will have to kill the task of your web browser.

These are malicious sites are likely to install applications such as Malware Bell Fake Anti Spyware and Advanced Virus Remover Another Fake Removal Software

Be warned and stay away from the malicious site!

Advanced Virus Remover - Another fake removal software

Recently, there is another fake Virus removal software out in the wild. It is called "Advanced Virus Remover".

What is does is that it gives out false warning that your computer is infected with many different, spyware, malware and viruses (for explanation of spyware, malware and viruses)

Trying to make the user purchase their full version to "remove" the spyware, malware and viruses that do not actually exist!

This program in itself is a malware. If you are unfortunate enough to have installed it. Here is a list of manual instructions for you taken off 2-spyware.com website.

Advanced Virus Remover manual removal:
Kill processes:
PAVRM.exe

Delete registry values:
HKEY_CURRENT_USER\software\avr lastd
HKEY_CURRENT_USER\software\avr lastscan
HKEY_CURRENT_USER\software\avr lastvfc
HKEY_CURRENT_USER\software\avr virlist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_CURRENT_USER\Software\AVR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU

Delete files:
PAVRM.exe Advanced Virus Remover.lnk

Delete directories:
%program_files%\advancedvirusremover

Metabolism Miracle - Metabolism B

Check list from metabolism Mircacle site to check if we have Metabolism B. And some excerpt of text from the site.

____ You tire easily and frequently feel fatigued, even upon awaking.

____ You feel mildly depressed.

____ You feel an energy slump in the late afternoon.

____ You frequently feel anxious.

____ You crave carbohydrate foods, such as bread, chips, sweets, or pasta.

____ Your midsection has a roll of fat.

____ You gain weight easily and find it difficult to lose weight.

____ You have racing thoughts.

____ Your sexual drive has declined.

____ You find it difficult to focus and concentrate and are easily distracted.

____ You are irritable and have a "short fuse".

____ You feel slightly dizzy, flushed, or "weak in the knees" after even a little bit of alcohol.

The Metabolism Miracle takes the whole package of symptoms into account, stops the weight-gain train in its tracks, and even helps to reverse some of the health consequences of this metabolism.

Individuals with Metabolism B will never succeed at following a traditional weight-loss diet because their alternative metabolism follows a different set of rules than those of the standard metabolism. In fact, attempting to lose weight using a traditional approach can set off the downward spiral of unchecked Metabolism B.

Take heart. You do not lack willpower! You are not a lazy dieter! You have not imagined impossible obstacles! Your body simply responds differently. Once you understand your body and your alternative metabolism, you can work with your unique metabolism instead of against it.

Visit http://themetabolismmiracle.com/