How to Remove the Greeting Card Virus

Adam and I first mentioned this nasty little virus earlier this spring on our radio show. The email that spreads it poses as an electronic greeting card from your friend or relative. Because the email is so poorly constructed, is never from a known address, and the link it displays in the body of the message is a number (NEVER, EVER Click a link that is constructed of a number, ex: http://91.188.176.15/) we didn’t put much credence in how much damage it could do.

Unfortunately, we underestimated the sentimentality of many computer users. Many saw the words “greeting card”, “friend”, and/or “relative” and common sense and computer safety went out the window. They clicked on the link which then installs the virus, and a greeting card never is seen. If you have done this, and your Internet and computer seem much slower than normal, you have the greeting card virus infection. One reason for the slowness is that part of the infection involves using your computer to send out thousands of spam messages!

Here’s how to remove the virus and restore order to your computer:

  1. Download either CCleaner or CleanUp 
  2. Update your anti-virus program (hopefully you are using AVG Antivirus) 
  3. Disconnect from the Internet
  4. Run which ever tool you downloaded in Step 1 
  5. Disable System Restore  
  6. Restart the computer in Safe Mode
  7. Search for and delete the tcpip.sys file found in the Windows folder (usually C:\Windows\System32\Drivers)
  8. Search for another tcpip.sys file on your computer (usually there is at least one backup somewhere)
  9. Copy and paste this file back into:  C:\Windows\System32\Drivers
  10. Search for and delete spooldr.exe and spooldr.sys (usually found in the Windows folder or sometimes the desktop)
  11. Run which ever tool you downloaded in Step 1 AGAIN
  12. Run a full system scan with your antivirus program
  13. Restart your computer normally
  14. Connect back to the Internet
  15. Update and run an anti-spyware program like AVG Anti-spyware, Super Anti-Spyware, SpyBot Search & Destory, etc. All these tools can be found in our Links & Resources section
  16. After all scans have finished, turn System Restore back on again.
  17. STOP Clicking on links in goofy emails…pay attention and be more discerning.

 

Print Friendly