Severity scale:  

Remove (Removal Instructions) - Free Guide

removal by Alice Woods - - | Type: Malware is a phishing site that seeks to exfoliate personal data from its visitors is a malicious website that uses phishing in order to make users believe that they received an Easter greeting card is a redirect virus that users may encounter on their web browsers via Google Chrome, Mozilla Firefox, Safari, MS Edge, or another web browser, after clicking on a link via social media platforms. At first glance, the site looks relatively harmless, as it displays Easter greetings card to users. However, is used in a phishing scheme that is designed to steal sensitive information from victims, including their credentials of emails, Facebook, and much more.

As soon as users click on a malicious message link, they will be redirected to another malicious site and will be asked to provide sensitive information, such as Facebook account login details. Do not enter this data, or you can have your personal security compromised – it can be later sold to cybercriminals or used for phishing campaigns. According to Cyber Security Philippines – Computer Emergency Response Team, is a part of a broader campaign that includes,, and others.

Type Redirect virus, malware
Activities Injects processes into built-in Windows APIs in order to repopulate the scam message to everybody in the user's friend list and steals sensitive information
Goal To steal sensitive information from victims, such as their account credentials, passwords, emails, and other data 
Distribution Social media platforms (messengers) like WhatsApp, Facebook, etc.
Remedy Delete the phishing message that was sent to you via the social media platform, change all your passwords and scan the machine with anti-malware software
Additional precautions If you clicked on the malicious link, you should inform your social media friends about the event. Also, enable two-factor authentication for all accounts that it is available on. If your computer is slow, lagging, or displaying errors, employ Reimage Reimage Cleaner Intego to fix system damage

Seasonal scams are very prevalent, as users are looking for ways to celebrate and deliver greetings cards to their family members, co-workers, and friends. The emergence of before Easter holiday season does not come as a surprise, as similar scams used occasions like Christmas, Father's Day, New Year, and others.

Nonetheless, all these “greeting cards” were made in just as few minutes, using dated animations, cheesy texts, and simply feel dated. If you are looking for a greeting card service, is not the one, as not only does it looks disappointing, but it might also result in malware infections or personal information compromise.

As previously noted, such platforms like Facebook Messenger or WhatsApp can be used to deliver malicious links to users. Quite often, the link is delivered from somebody in the friend list, providing a false sense of security, since users think that the link is safe. It also shows a small picture that includes a red dot saying “Touch This Red Dot” and the following message text:

I am send you a surprise message. Open this

Once the message is opened, users are prompted to enter information such as a name and then press “Go” allegedly to create a greeting card. However, performs a variety of malicious processes in the background, such as using the built-in Windows APIs in order to inject code into the machine (a technique known as hooking),[1] providing temporary access to pre-programmed functions. As a result, those who click on links can have their personal information stolen and send the same message via social media platforms to their friends, proliferating malware further.

If you clicked on a malicious link, you should remove virus by deleting the message from the social media and scanning the machine with anti-malware. Additionally, you should change all your passwords of your email, Facebook, and other accounts, as well as enable two-factor authentication where possible. Also, if you open, your friends might start receiving the same message on social media from you, so you should warn them immediately. is a dangerous URL that is propagated via social media messenger platforms, including Facebook, WhatsApp, and others is just one of many cheaply-made greetings card sites that are closely related to malicious activities. According to Philippines cybersecurity body CERT, is a part of a broader operation that includes many more sites incorporating a similar greeting card theme, including:[2]

  •, and many more.

Since the attack is performed by using built-in APIs and background scripts, nothing is technically installed on the system, so removal should consist only of a phishing message elimination, as well as the immediate password change. For security reasons, however, we advise you to scan your machine with reputable anti-malware and then fix system damage with Reimage Reimage Cleaner Intego.

Ways to avoid getting scammed on social media platforms

Computer threats like Facebook virus, Discord virus, or WhatsApp virus are typically propagated with the help of communications platforms and usually involves some form of phishing. Phishing takes all forms and sizes, as it is often employed in malware distribution and data-stealing campaigns by many, including state-sponsored cybercriminal groups, tech support scammers, and of unfair individuals.

In the case of social media scams, user accounts often get compromised in order to propagate a malicious message further, infecting others with malware or redirecting to spoofing, scam, and similar sites. The message is usually brief and often implies that there is something interesting behind the link, such a video about the individual who is being targeted. Since such scam message often comes from users' friends, no suspicions are experienced, and victims simply proceed with clicking the link.

Therefore, you should also be wary of links that are suddenly sent to you – especially those that come from unknown individuals. Never click on them immediately without finding out that they are legitimate. To make matters easier, you can always scan links with online tools like Virus Total. Keep in mind that, under certain circumstances (when your browser or another program has a vulnerability),[3] malware can be downloaded and installed automatically as soon as you click a suspicious link. background initiates background processes to steal personal information from users, so it is important to change all passwords after clicking on a link

Secure your safety after encountering

The so-called virus, which is actually an online cyberattack, is something that all users who encountered it should be concerned about. As previously mentioned, there is no need to actually remove per se, as there is most likely nothing installed on your system, and the activities are performed as long as the victim stays on the site. However, you should still employ anti-malware software and perform a full system scan to ensure that your computer is not infected with something more sinister.

Thus, removal consists of immediately deleting the social media message from the platform and informing the affected users, as your account might have sent out similar messages without your knowledge. Remember, receiving the message will not harm you, and all your personal information will remain safe. As soon as you click on phishing link, however, you should treat the event as a sensitive data compromise, and immediately change passwords of your accounts and enable two-factor authentication.

You may remove virus damage with a help of Reimage Reimage Cleaner Intego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove, follow these steps:

Remove from Windows systems

  1. Click Start Control Panel Programs and Features (if you are Windows XP user, click on Add/Remove Programs). Click 'Start -> Control Panel -> Programs and Features' (if you are 'Windows XP' user, click on 'Add/Remove Programs').
  2. If you are Windows 10 / Windows 8 user, then right-click in the lower left corner of the screen. Once Quick Access Menu shows up, select Control Panel and Uninstall a Program. If you are 'Windows 10 / Windows 8' user, then right-click in the lower left corner of the screen. Once 'Quick Access Menu' shows up, select 'Control Panel' and 'Uninstall a Program'.
  3. Uninstall and related programs
    Here, look for or any other recently installed suspicious programs.
  4. Uninstall them and click OK to save these changes. Right click on each of suspicious entries and select 'Uninstall'

Delete from Mac OS X system

  1. If you are using OS X, click Go button at the top left of the screen and select Applications. Cick 'Go' and select 'Applications'
  2. Wait until you see Applications folder and look for or any other suspicious programs on it. Now right click on every of such entries and select Move to Trash. Click on every malicious entry and select 'Move to Trash'

Erase from Internet Explorer (IE)

  1. Remove dangerous add-ons
    Open Internet Explorer, click on the Gear icon (IE menu) on the top right corner of the browser and choose Manage Add-ons. Click on menu icon and select 'Manage add-ons'
  2. You will see a Manage Add-ons window. Here, look for and other suspicious plugins. Disable these entries by clicking Disable: Right click on each of malicious entries and select 'Disable'
  3. Change your homepage if it was altered by virus:
    Click on the gear icon (menu) on the top right corner of the browser and select Internet Options. Stay in General tab.
  4. Here, remove malicious URL and enter preferable domain name. Click Apply to save changes. Delete malicious URL, enter your desired domain name and click 'Apply' to save changes
  5. Reset Internet Explorer
    Click on the gear icon (menu) again and select Internet options. Go to Advanced tab.
  6. Here, select Reset.
  7. When in the new window, check Delete personal settings and select Reset again to complete removal. Go to 'Advanced' tab and click on 'Reset' button. Now select 'Delete personal settings' and click on 'Reset' button again

Eliminate from Microsoft Edge

Reset Microsoft Edge settings (Method 1):

  1. Launch Microsoft Edge app and click More (three dots at the top right corner of the screen).
  2. Click Settings to open more options.
  3. Once Settings window shows up, click Choose what to clear button under Clear browsing data option. Go to Settings and select 'Choose what to clear'
  4. Here, select all what you want to remove and click Clear. Select 'Clear' button
  5. Now you should right-click on the Start button (Windows logo). Here, select Task Manager. Open the start menu and select 'Task Manager'
  6. When in Processes tab, search for Microsoft Edge.
  7. Right-click on it and choose Go to details option. If can’t see Go to details option, click More details and repeat previous steps. Right-click 'Microsoft Edge' and select 'Go to details' Select 'More details' if 'Go to details' option fails to show up
  8. When Details tab shows up, find every entry with Microsoft Edge name in it. Right click on each of them and select End Task to end these entries. Find Microsoft Edge entries and select 'End Task'

Resetting Microsoft Edge browser (Method 2):

If Method 1 failed to help you, you need to use an advanced Edge reset method.

  1. Note: you need to backup your data before using this method.
  2. Find this folder on your computer: C:\Users\%username%\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  3. Select every entry which is saved on it and right click with your mouse. Then Delete option. Go to Microsoft Edge folder on your computer, right-click every entry and click 'Delete'
  4. Click the Start button (Windows logo) and type in window power in Search my stuff line.
  5. Right-click the Windows PowerShell entry and choose Run as administrator. Find Windows PowerShell, right-click it and select 'Run as administrator'
  6. Once Administrator: Windows PowerShell window shows up, paste this command line after PS C:\WINDOWS\system32> and press Enter:
    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register $($_.InstallLocation)\AppXManifest.xml -Verbose}
    Copy and paste a required command and press 'Enter'

Once these steps are finished, should be removed from your Microsoft Edge browser.

Get rid of from Mozilla Firefox (FF)

  1. Remove dangerous extensions
    Open Mozilla Firefox, click on the menu icon (top right corner) and select Add-ons Extensions. Click on menu icon and select 'Add-ons'
  2. Here, select and other questionable plugins. Click Remove to delete these entries. Select 'Extensions' and look for malicious entries. Click 'Remove' to get rid of each of them
  3. Reset Mozilla Firefox
    Click on the Firefox menu on the top left and click on the question mark. Here, choose Troubleshooting Information. Click on menu icon and then on '?'. Select 'Troubleshooting Information'
  4. Now you will see Reset Firefox to its default state message with Reset Firefox button. Click this button for several times and complete removal. Click on 'Reset Firefox' button for a couple of times

Uninstall from Google Chrome

  1. Delete malicious plugins
    Open Google Chrome, click on the menu icon (top right corner) and select Tools Extensions. Click on menu icon. Select 'Tools' and 'Extensions'
  2. Here, select and other malicious plugins and select trash icon to delete these entries. Look for malicious entries and delete each of them by clicking on the Trash bin icon
  3. Click on menu icon again and choose Settings Manage Search engines under the Search section. When in 'Settings', select 'Manage search engines...'
  4. When in Search Engines..., remove malicious search sites. You should leave only Google or your preferred domain name. Click 'X' to remove malicious URLs
  5. Reset Google Chrome
    Click on menu icon on the top right of your Google Chrome and select Settings.
  6. Scroll down to the end of the page and click on Reset browser settings. When in 'Settings', scroll down to 'Reset browser settings' button and click on it
  7. Click Reset to confirm this action and complete removal. Click on 'Reset' button to complete your removal

Remove from Safari

  1. Remove dangerous extensions
    Open Safari web browser and click on Safari in menu at the top left of the screen. Once you do this, select Preferences. Click on 'Safari' and select 'Preferences'
  2. Here, select Extensions and look for or other suspicious entries. Click on the Uninstall button to get rid each of them. Go to 'Extensions' and uninstall malicious add-ons
  3. Reset Safari
    Open Safari browser and click on Safari in menu section at the top left of the screen. Here, select Reset Safari.... Click on 'Safari' and select 'Reset Safari...'
  4. Now you will see a detailed dialog window filled with reset options. All of those options are usually checked, but you can specify which of them you want to reset. Click the Reset button to complete removal process. Select all options and click on 'Reset' button

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer various losses due to cyber infections or their own faulty doings. Software issues created by malware or direct data loss due to encryption can lead to problems with your device or permanent damage. When you have proper up-to-date backups, you can easily recover after such an incident and get back to work.

It is crucial to create updates to your backups after any changes on the device, so you can get back to the point you were working on when malware changes anything or issues with the device causes data or performance corruption. Rely on such behavior and make file backup your daily or weekly habit.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware occurs out of nowhere. Use Data Recovery Pro for the system restoring purpose.

About the author

Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding