Name: Friend Greeting Category: Browser Plug-in Alias: FriendGreeting E-Card, Friend Greeting, Permissioned Media, Flooder.MailSpam.Friendgreetings, WORM_F Advice: Remove Risk: Moderate Risk Moderate threats may profile users online habits or broadcast data back to a server with 'opt-out' permission. In most cases this type of threat is more along the lines of commercial type adware that offer a premium service in exchange for tracking your user online performance. Description: An electronic greeting card (e-card) that has the characteristics of a worm. The e-card has the following characteristics: Subject: %recipient% you have an E-Card from %sender%. Message: Greetings! %sender% has sent you an E-Card -- a virtual postcard from FriendGreetings.com. You can pickup your E-Card at the FriendGreetings.com by clicking on the link below. ... Message: ------------------------------------------------------------ %recipient% I sent you a greeting card. Please pick it up. %sender% ------------------------------------------------------------ If you click the link, you are asked whether you want to download software so that you can view the e-card. The installer package requires that you accept two End User License Agreements (EULA) to complete the installation. The following EULA explicitly states that, by accepting the agreement, you are authorizing the software to send an email to all the contacts in the Microsoft Outlook contact list. If you do not accept the agreement, the software is not installed, and an e-card is not sent. If you accept the agreement, the software is installed, and it sends the previously described e-card to all the contacts in the Microsoft Outlook contact list. Signatures: process: friendcard.exe: MD5 Hash: 80889a14fe064ee30f9... process: otms.exe: MD5 Hash: ... process: otupdate.exe: MD5 Hash: ... process: friendcard.exe: MD5 Hash: ... process: winsrvc.exe: MD5 Hash: ... process: friendcard.exe: MD5 Hash: ... process: NewBinary4.exe: MD5 Hash: ... process: NewBinary3.exe : MD5 Hash: ... process: NewBinary2.exe: MD5 Hash: .. Type: Browser Plug-in - Spyware's primary purpose is to collect demographic and usage information from your computer, usually for advertising purposes. Spyware usually that 'sneaks' onto a system or performs other activities hidden to the user. Spyware programs are usually bundled as a hidden component and downloaded from the Internet. These modules are almost always installed on the system secretively and try to run secretively as well.