A step-by-step removal guide for affected devices. Follow the verified procedure below — most readers complete it in under 10 minutes.
Alice Woods· Likes to teach users about virus prevention
Motherfirstcopy.xyz uses Google's name to gain people's trust in a fake giveaway
Motherfirstcopy.xyz is a bogus website created by crooks to take advantage of Internet users. It displays a fake message to convince people that they have been chosen by Google as the lucky visitors. We previously discussed this phishing[1] attempt in “You’ve made the 16.39-billionth search!” scam article.
NAME
Motherfirstcopy.xyz
TYPE
Phishing attempt; adware
SYMPTOMS
A page appears informing users that they have been supposedly chosen by Google as the lucky winners
DISTRIBUTION
Shady websites; deceptive ads; bundled software
DANGERS
Users could be tricked into providing personal information and suffer from monetary losses or even identity theft
ELIMINATION
Scan your system with professional security tools
FURTHER STEPS
Use a repair tool FortectIntego to optimize the machine and clear the browsers
Motherfirstcopy.xyz in detail
The full message displayed by Motherfirstcopy.xyz reads as follows:
You've made the 16.39-billionth search!
Congratulations! You are today's lucky user!
Every 10 millionth search is reached worldwide, we will proclaim a lucky user to send out a thank-you gift.
Please select your reward below and claim it by following the instruction.
Crooks use social engineering[2] methods to trick users into thinking that they have been chosen by Google. The site may also ask people to fill out a form to supposedly be able to claim the gift. They could ask for the name, phone number, address, email, bank card details, etc.
This can result in monetary losses or even identity theft.[3] You should always be careful about giving out your personal details. Make sure to provide your data only to parties you absolutely trust. It is absolutely clear that Google has nothing to do with this fraudulent campaign and that crooks are only using their name to appear legitimate.
Fraudsters have done a decent job of making the website look like a notification from Google. At the bottom of the page, you may also see fake testimonies of people who supposedly claimed the gift successfully and are thanking Google for it. Always be wary of online giveaways that say you won an iPhone, a holiday on a cruise ship, a gift card, or anything else. If it is too good to be true – it probably is so think twice before entering very sensitive data onto a website you do not know.
Distribution methods
Usually, scam pages like Motherfirstcopy.xyz are not found in the search results. Most of the time, they hide in other shady pages. Websites that engage in illegal activities are unregulated and full of deceptive ads and sneaky redirects so there is a big chance that you clicked on the wrong link, ad, or a fake button that redirected you to the site.
Another possibility is that the page appeared without any user input. This could happen if there is a potentially unwanted program[4] hiding on the machine. That could be a malicious browser extension or adware – advertising-supported software. Some plugins are capable of hijacking the browser. They can start causing an increased amount of commercial content, like pop-ups, banners, and redirects.
Adware, on the other hand, can operate in the background of the machine without the users' knowledge. Generally, users download PUPs from unofficial pages that distribute freeware.[5] They include additional programs in the installers that monetize user activity. If users rush through the installation process and do not notice this, they install the PUA unknowingly.
To avoid this, next time go through all the installation steps. Choose the “Custom” or “Advanced” installation method, read the Terms of Use and the Privacy Policy. Most importantly, check the files up for installation. If you see any suspicious apps that look totally unrelated, untick the boxes next to their names.
Remove suspicious extensions
Because users reported that the redirect disappeared when they removed third-party extensions they have installed, let's try and do just that. You have to do this manually by going to your browser settings:
Google Chrome
Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove.
MS Edge:
Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
From the list, pick the extension and click on the Gear icon.
Click on Uninstall at the bottom.
MS Edge (Chromium)
Open Edge and click select Settings > Extensions.
Delete unwanted extensions by clicking Remove.
Mozilla Firefox
Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
Select Add-ons.
In here, select unwanted plugin and click Remove.
Safari
Click Safari > Preferences…
In the new window, pick Extensions.
Select the unwanted extension and select Uninstall.
Delete cookies and cache
Cookies are small pieces of data that are used to include all sorts of settings. While they are not malicious by themselves, they can be stolen by third parties and used for malicious purposes. Therefore, security experts advise cleaning web browsers regularly. You can employ automatic cleaning tools such as FortectIntego, although you can also refer to the manual instructions below.
Google Chrome
Click on Menu and pick Settings.
Under Privacy and security, select Clear browsing data.
Select Browsing history, Cookies and other site data, as well as Cached images and files.
Click Clear data.
Mozilla Firefox
Click Menu and pick Options.
Go to Privacy & Security section.
Scroll down to locate Cookies and Site Data.
Click on Clear Data…
Select Cookies and Site Data, as well as Cached Web Content and press Clear.
MS Edge
Click on Menu and go to Settings.
Select Privacy and services.
Under Clear browsing data, pick Choose what to clear.
Under Time range, pick All time.
Select Clear now.
Safari
Click Safari > Clear History…
From the drop-down menu under Clear, pick all history.
Confirm with Clear History.
Scan your machine for adware
If the previous removal method did not get rid of the hijacker, that means that you might have a PUA installed in your system. In this case, if you try to change the homepage or other settings to the way they were before, or remove the add-on, the PUP will just keep messing up with the settings until it is eliminated from the machine.
The program that is causing settings changes could have any name or icon, so if you are not sure what to do and you do not want to risk deleting the wrong files, we suggest using SpyHunterCombo Cleaner or MalwarebytesMalwarebytes anti-malware tools that will scan your machine, eliminate it, and prevent such infections in the future by giving you a warning before a PUP can make any changes. If manual removal is what you still prefer, we have instructions for Windows and Mac machines:
Windows 10/8:
Enter Control Panel into Windows search box and hit Enter or click on the search result.
Under Programs, select Uninstall a program.
From the list, find the entry of the suspicious program.
Right-click on the application and select Uninstall.
If User Account Control shows up, click Yes.
Wait till uninstallation process is complete and click OK.
Windows 7/XP:
Click on Windows Start >Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
In Control Panel, select Programs > Uninstall a program.
Pick the unwanted application by clicking on it once.
At the top, click Uninstall/Change.
In the confirmation prompt, pick Yes.
Click OK once the removal process is finished.
Mac:
From the menu bar, select Go > Applications.
In the Applications folder, look for all related entries.
Click on the app and drag it to Trash (or right-click and pick Move to Trash)
To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:
Select Go > Go to Folder.
Enter /Library/Application Support and click Go or press Enter.
In the Application Support folder, look for any dubious entries and then delete them.
Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files.
Was this guide helpful?
Be the first to comment
Editor's pick · tested 2026
FortectIntego
9.4 / 109.6 / 10Best overall pick
Real-time ransomware shield
Free 14-day trial, no card
Cleans the threats listed above
Ad — we may earn a commission if you buy via this link.
Be the first to comment