(Removal Instructions) - Free Guide Removal Guide

What is is a phishing site that seeks to exfoliate personal data from its visitors is a malicious website that uses phishing in order to make users believe that they received an Easter greeting card is a redirect virus that users may encounter on their web browsers via Google Chrome, Mozilla Firefox, Safari, MS Edge, or another web browser, after clicking on a link via social media platforms. At first glance, the site looks relatively harmless, as it displays Easter greetings card to users. However, is used in a phishing scheme that is designed to steal sensitive information from victims, including their credentials of emails, Facebook, and much more.

As soon as users click on a malicious message link, they will be redirected to another malicious site and will be asked to provide sensitive information, such as Facebook account login details. Do not enter this data, or you can have your personal security compromised – it can be later sold to cybercriminals or used for phishing campaigns. According to Cyber Security Philippines – Computer Emergency Response Team, is a part of a broader campaign that includes,, and others.

Type Redirect virus, malware
Activities Injects processes into built-in Windows APIs in order to repopulate the scam message to everybody in the user's friend list and steals sensitive information
Goal To steal sensitive information from victims, such as their account credentials, passwords, emails, and other data
Distribution Social media platforms (messengers) like WhatsApp, Facebook, etc.
Remedy Delete the phishing message that was sent to you via the social media platform, change all your passwords and scan the machine with anti-malware software
Additional precautions If you clicked on the malicious link, you should inform your social media friends about the event. Also, enable two-factor authentication for all accounts that it is available on. If your computer is slow, lagging, or displaying errors, employ FortectIntego to fix system damage

Seasonal scams are very prevalent, as users are looking for ways to celebrate and deliver greetings cards to their family members, co-workers, and friends. The emergence of before Easter holiday season does not come as a surprise, as similar scams used occasions like Christmas, Father's Day, New Year, and others.

Nonetheless, all these “greeting cards” were made in just as few minutes, using dated animations, cheesy texts, and simply feel dated. If you are looking for a greeting card service, is not the one, as not only does it looks disappointing, but it might also result in malware infections or personal information compromise.

As previously noted, such platforms like Facebook Messenger or WhatsApp can be used to deliver malicious links to users. Quite often, the link is delivered from somebody in the friend list, providing a false sense of security, since users think that the link is safe. It also shows a small picture that includes a red dot saying “Touch This Red Dot” and the following message text:

I am send you a surprise message. Open this

Once the message is opened, users are prompted to enter information such as a name and then press “Go” allegedly to create a greeting card. However, performs a variety of malicious processes in the background, such as using the built-in Windows APIs in order to inject code into the machine (a technique known as hooking),[1] providing temporary access to pre-programmed functions. As a result, those who click on links can have their personal information stolen and send the same message via social media platforms to their friends, proliferating malware further.

If you clicked on a malicious link, you should remove virus by deleting the message from the social media and scanning the machine with anti-malware. Additionally, you should change all your passwords of your email, Facebook, and other accounts, as well as enable two-factor authentication where possible. Also, if you open, your friends might start receiving the same message on social media from you, so you should warn them immediately. is a dangerous URL that is propagated via social media messenger platforms, including Facebook, WhatsApp, and others is just one of many cheaply-made greetings card sites that are closely related to malicious activities. According to Philippines cybersecurity body CERT, is a part of a broader operation that includes many more sites incorporating a similar greeting card theme, including:[2]

  •, and many more.

Since the attack is performed by using built-in APIs and background scripts, nothing is technically installed on the system, so removal should consist only of a phishing message elimination, as well as the immediate password change. For security reasons, however, we advise you to scan your machine with reputable anti-malware and then fix system damage with FortectIntego.

Ways to avoid getting scammed on social media platforms

Computer threats like Facebook virus, Discord virus, or WhatsApp virus are typically propagated with the help of communications platforms and usually involves some form of phishing. Phishing takes all forms and sizes, as it is often employed in malware distribution and data-stealing campaigns by many, including state-sponsored cybercriminal groups, tech support scammers, and of unfair individuals.

In the case of social media scams, user accounts often get compromised in order to propagate a malicious message further, infecting others with malware or redirecting to spoofing, scam, and similar sites. The message is usually brief and often implies that there is something interesting behind the link, such a video about the individual who is being targeted. Since such scam message often comes from users' friends, no suspicions are experienced, and victims simply proceed with clicking the link.

Therefore, you should also be wary of links that are suddenly sent to you – especially those that come from unknown individuals. Never click on them immediately without finding out that they are legitimate. To make matters easier, you can always scan links with online tools like Virus Total. Keep in mind that, under certain circumstances (when your browser or another program has a vulnerability),[3] malware can be downloaded and installed automatically as soon as you click a suspicious link. background initiates background processes to steal personal information from users, so it is important to change all passwords after clicking on a link

Secure your safety after encountering

The so-called virus, which is actually an online cyberattack, is something that all users who encountered it should be concerned about. As previously mentioned, there is no need to actually remove per se, as there is most likely nothing installed on your system, and the activities are performed as long as the victim stays on the site. However, you should still employ anti-malware software and perform a full system scan to ensure that your computer is not infected with something more sinister.

Thus, removal consists of immediately deleting the social media message from the platform and informing the affected users, as your account might have sent out similar messages without your knowledge. Remember, receiving the message will not harm you, and all your personal information will remain safe. As soon as you click on phishing link, however, you should treat the event as a sensitive data compromise, and immediately change passwords of your accounts and enable two-factor authentication.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of Follow these steps

Uninstall from Windows

Instructions for Windows 10/8  machines:

  1. Enter Control Panel into Windows search box and hit Enter or click on the search result.
  2. Under Programs, select Uninstall a program. Uninstall from Windows 1
  3. From the list, find the entry of the suspicious program.
  4. Right-click on the application and select Uninstall.
  5. If User Account Control shows up, click Yes.
  6. Wait till uninstallation process is complete and click OK. Uninstall from Windows 2

If you are Windows 7/XP user, proceed with the following instructions:

  1. Click on Windows Start > Control Panel located on the right pane (if you are Windows XP user, click on Add/Remove Programs).
  2. In Control Panel, select Programs > Uninstall a program. Uninstall from Windows 7/XP
  3. Pick the unwanted application by clicking on it once.
  4. At the top, click Uninstall/Change.
  5. In the confirmation prompt, pick Yes.
  6. Click OK once the removal process is finished.

Delete from macOS

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Microsoft Edge

Delete unwanted extensions from MS Edge:

  1. Select Menu (three horizontal dots at the top-right of the browser window) and pick Extensions.
  2. From the list, pick the extension and click on the Gear icon.
  3. Click on Uninstall at the bottom. Remove extensions from Edge

Clear cookies and other browser data:

  1. Click on the Menu (three horizontal dots at the top-right of the browser window) and select Privacy & security.
  2. Under Clear browsing data, pick Choose what to clear.
  3. Select everything (apart from passwords, although you might want to include Media licenses as well, if applicable) and click on Clear. Clear Edge browsing data

Restore new tab and homepage settings:

  1. Click the menu icon and choose Settings.
  2. Then find On startup section.
  3. Click Disable if you found any suspicious domain.

Reset MS Edge if the above steps did not work:

  1. Press on Ctrl + Shift + Esc to open Task Manager.
  2. Click on More details arrow at the bottom of the window.
  3. Select Details tab.
  4. Now scroll down and locate every entry with Microsoft Edge name in it. Right-click on each of them and select End Task to stop MS Edge from running. Reset MS Edge

If this solution failed to help you, you need to use an advanced Edge reset method. Note that you need to backup your data before proceeding.

  1. Find the following folder on your computer: C:\\Users\\%username%\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe.
  2. Press Ctrl + A on your keyboard to select all folders.
  3. Right-click on them and pick Delete Advanced MS Edge reset 1
  4. Now right-click on the Start button and pick Windows PowerShell (Admin).
  5. When the new window opens, copy and paste the following command, and then press Enter:

    Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\\AppXManifest.xml” -Verbose Advanced MS Edge reset 2

Instructions for Chromium-based Edge

Delete extensions from MS Edge (Chromium):

  1. Open Edge and click select Settings > Extensions.
  2. Delete unwanted extensions by clicking Remove. Remove extensions from Chromium Edge

Clear cache and site data:

  1. Click on Menu and go to Settings.
  2. Select Privacy, search and services.
  3. Under Clear browsing data, pick Choose what to clear.
  4. Under Time range, pick All time.
  5. Select Clear now. Clear browser data from Chroum Edge

Reset Chromium-based MS Edge:

  1. Click on Menu and select Settings.
  2. On the left side, pick Reset settings.
  3. Select Restore settings to their default values.
  4. Confirm with Reset. Reset Chromium Edge

Remove from Mozilla Firefox (FF)

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting malware

Stream videos without limitations, no matter where you are

There are multiple parties that could find out almost anything about you by checking your online activity. While this is highly unlikely, advertisers and tech companies are constantly tracking you online. The first step to privacy should be a secure browser that focuses on tracker reduction to a minimum.

Even if you employ a secure browser, you will not be able to access websites that are restricted due to local government laws or other reasons. In other words, you may not be able to stream Disney+ or US-based Netflix in some countries. To bypass these restrictions, you can employ a powerful Private Internet Access VPN, which provides dedicated servers for torrenting and streaming, not slowing you down in the process.

Data backups are important – recover your lost files

Ransomware is one of the biggest threats to personal data. Once it is executed on a machine, it launches a sophisticated encryption algorithm that locks all your files, although it does not destroy them. The most common misconception is that anti-malware software can return files to their previous states. This is not true, however, and data remains locked after the malicious payload is deleted.

While regular data backups are the only secure method to recover your files after a ransomware attack, tools such as Data Recovery Pro can also be effective and restore at least some of your lost data.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions