Jump to content

Welcome to Geeks to Go
Geeks to Go Welcome
Create Account Login to Account

Removal instructions for Hallmark Card TSS

- - - - - (855) 518-8366

  • Please log in to reply
No replies to this topic



    Spyware Veteran

  • GeekU Moderator
  • 32,025 posts
Content is republished with permission from Malwarebytes.

What is Hallmark Card TSS?

The Malwarebytes research team has determined that Hallmark Card TSS is a Tech Support Scam. These so-called "Tech Support Scammers" try to trick you into calling their phone number for various reasons, all of which turn out to be fraudulent in the end.

How do I know if my computer is affected by Hallmark Card TSS?

You will see this screen as soon as the executable is run:


which will go away if you click the "Exit" button, but this screen will appear after a reboot:


How did Hallmark Card TSS get on my computer?

Tech Support Scammers use different methods for distributing themselves. This particular one was installed by a trojan.

How do I remove Hallmark Card TSS?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted application, but due to the nature of the infection this will require a few extra steps.
  • Reboot the computer into Safe Mode with Networking.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-{version}.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to:
    Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • Once the program has loaded, select Scan Now. Or select the Threat Scan from the Scan menu.
  • If an update is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer back into normal mode.
Thanks to @TheWack0lian we have the codes to unlock the Tech Support lockscreen.
"13544687" hides it for 10 minutes and "642358497351" uninstalls the software.

Is there anything else I need to do to get rid of Hallmark Card TSS?
  • No, Malwarebytes' Anti-Malware removes Hallmark Card TSS completely.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the Tech Supprt Scam.


Technical details for experts

You may see these entries in FRST logs:

 HKCU\...\Run: [Windows Authorization] => C:\Users\{username}\AppData\Roaming\WinErr\WinErr.exe [214016 2016-11-01] (Microsoft)
Alterations made by the installer:
File system details [View: All details] (Selection)
    Adds the folder C:\Users\{username}\AppData\Roaming\WinErr
       Adds the file WinErr.exe"="11/1/2016 9:11 AM, 214016 bytes, A

Registry details [View: All details] (Selection)
       "Windows Authorization"="REG_SZ", "C:\Users\{username}\AppData\Roaming\WinErr\WinErr.exe"
Malwarebytes Anti-Malware log:
Malwarebytes Anti-Malware

Scan Date: 11/1/2016
Scan Time: 11:09 AM
Logfile: mbamHallmarkTSS.txt
Administrator: Yes

Malware Database: v2016.11.01.05
Rootkit Database: v2016.10.31.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: {username}

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326864
Time Elapsed: 8 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Rogue.TechSupportScam, HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Windows Authorization, C:\Users\{username}\AppData\Roaming\WinErr\WinErr.exe, Quarantined, [e336a813acee52e4ab54a54d05ff3fc1]

Registry Data: 0
(No malicious items detected)

Folders: 1
Rogue.TechSupportScam, C:\Users\{username}\AppData\Roaming\WinErr, Quarantined, [0c0df8c3009acf678f7301f2a75d5ba5], 

Files: 2
Rogue.TechSupportScam, C:\Users\{username}\AppData\Roaming\WinErr\WinErr.exe, Quarantined, [e336a813acee52e4ab54a54d05ff3fc1], 
Rogue.TechSupportScam, C:\Users\{username}\Desktop\Card.exe, Quarantined, [33e6605b5545e25456a912e0fd07cb35], 

Physical Sectors: 0
(No malicious items detected)

As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.
We use different ways of protecting your computer(s):
  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
  • 0


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Malware Removal How to Guides Windows 7 System Building Download Files Register welcome

Never used a forum? Learn how.