Home Guides Remove wish4u.co/wish-you.co/my-love.co/open-fast.co messenger virus

Remove wish4u.co/wish-you.co/my-love.co/open-fast.co messenger virus

By Will Wisser
Posted on January 5, 2020
3 min read
0
53,161
Beware of the wish-you.co / my-love.co messenger scam harnessing the New Year festivities theme to dupe users into handing over their personal information.
  1. What is the wish-you.co / my-love.co messenger virus?
  2. Automated removal of wish-you.co / my-love.co messenger virus
  3. Restore web browser settings to their original defaults


What is the wish4u.co / wish-you.co / my-love.co / open-fast.co messenger virus?

Users in Southeast Asia and other parts of the world found themselves in the epicenter of a massive e-fraud at the turning point of two decades. At the end of last year, numerous people received eye-catching messages over Facebook, WhatsApp, and other popular messengers. Most would-be victims are in the Philippines. Disguised as New Year 2020 greetings from the recipients’ contacts: “I am send you a surprise message. Open this”, these messages try to fool people into clicking a booby-trapped link that leads to a malicious website such as wish4u.co/2020, wish-you.co/2020, my-love.co/2020, open-fast.co/2020 etc. Next, the landing page asks the unsuspecting user to enter their name to get the greetings, which is actually a red herring. In the meanwhile, a harmful script is triggered behind the scenes to pilfer the victim’s account credentials. This way, the scam keeps doing the rounds as more trojanized messages are sent on behalf of the user to all of their friends enrolled in the compromised contacts list.

Wish-you.co, one of the fake greeting pages involved in the messenger virus scam

When on one of the linked-to sites (see table below for additional URLs involved), the user is prompted to enter their personal details. However, this is a relatively benign part of the hoax that smokescreens a much more serious threat. What happens in the background is the execution of a sketchy script that fulfills a sort of reconnaissance on the host computer. Among other things, the harmful code collects usernames and passwords for the victim’s online accounts. Once this data is stolen, the virus invokes a self-replication routine by submitting similar messages to the user’s contacts on social networks and messengers. This stratagem looks trustworthy because the greetings look like they were sent by one’s real friend or acquaintance. It goes on and on as people click the links without a second thought, only to be redirected to wish-you.co, my-love.co, or other unsafe landing pages form the same array.

Threat details:
Name wish-you.co / my-love.co / open-fast.co messenger virus
Threat Category Phishing scam, info-stealing malware
Domains involved wish4u.co, my-msg.co, look-me.co, surprise4u.me, hookupgist.com, see-magic.co, mera-style.com, whatsapp-style.co, open-fast.co
Symptoms Annoying popup ads with greetings, fraudulent data requests, browser slowdown
Distribution techniques Messenger spam
Severity High
Damage Internet activity tracking, identity theft, e-banking fraud, unauthorized changes of browsing preferences, malicious ads
Removal Scan your PC with Spyhunter to detect all files related to
Segueazo virus. Free scan determines if your system is
infected. To get rid of the threat, you need to purchase the full
version of the anti-malware tool:
Download

An additional concern about this spam-based quandary is that the victim’s default browser undergoes a number of unwanted effects. Aside from the credentials harvesting, the virus may modify web preferences in order to reroute the traffic to affiliated malicious sites and junk pages that deliver no value while engaging in unauthorized rotation of sponsored content. The user is likely to also bump into popup ads, in-text links, and a plethora of e-commerce information that doesn’t belong on the visited resources. The latter includes coupons, comparison shopping objects, and banners that eclipse the original materials presented on websites. Furthermore, the browser’s performance tends to be deteriorated and it may even crash off and on due to corrupt add-ons being embedded without the victim’s approval and knowledge.

An important fact to realize is that even visiting wish-you.co, my-love.co, or any associated web page once could be enough to set malware activity in motion. The perpetrating processes are immediately executed and won’t stop running on their own, the only fix being to detect and eliminate the underlying infection. An extra recommendation is to change the passwords for all the online banking, social networking, and other personal accounts without delay. Resetting the affected web browser is yet another element of the cleanup done right.


Automated removal of wish4u.co / wish-you.co / my-love.co / open-fast.co messenger virus

Owing to an up-to-date database of malware signatures and intelligent behavioral detection, the recommended software can quickly locate the infection, eradicate it and remediate all harmful changes. So go ahead and do the following:

1. Download and install the antimalware tool. Open the solution and have it check your PC for PUPs and other types of malicious software by clicking the Start Computer Scan button

Download wish-you.co / my-love.co messenger virus remover

2. Rest assured the scan report will list all items that may harm your operating system. Select the detected entries and click Fix Threats to get the troubleshooting completed.

Use Control Panel to get rid of the wish-you (wish4u, my-love, open-fast, my-msg)  messenger virus

• Open up the Control Panel from your Start menu in Windows and select Uninstall a program
Access program uninstall screen on Windows
• To facilitate the process of locating the threat, sort the programs list by date to get the latest ones displayed at the very top. Find an unfamiliar, suspicious entry under the Name column, click Uninstall and follow further directions to get the removal done.
Uninstall unwanted program

Restore web browser settings to their original defaults

In the circumstances of a complex browser hijack like this, executing a reset makes the most sense despite a few obvious downsides. Customizations such as saved passwords, bookmarked pages etc. will be gone, but so will all the changes made by the potentially unwanted program. The instructions below address the workflow for the web browsers most targeted by the wish-you.co / my-love.co messenger virus.

Reset Google Chrome

• Open Chrome, expand the Customize and control Google Chrome menu and choose Settings
Go to Settings in Chrome
• Scroll down the settings screen and click Advanced down at the bottom
Advanced settings in Chrome
• Move on to the Reset and clean up sub-section and select the option that says Restore settings to their original defaults
Restore Chrome settings to their original default
• Finally, confirm the restoration by clicking Reset settings on the warning message
Reset Chrome settings
• Restart Chrome.

Reset Mozilla Firefox

• Open Firefox, type about:support in the URL area and press Enter. Alternatively, you can click on the Open menu icon in the top right-hand part of the browser window, then select the Help option and proceed to Troubleshooting Information
Access Troubleshooting Information page in Firefox
• On the Troubleshooting Information screen, spot the Refresh Firefox button and click on it
Refresh Firefox button
• Follow subsequent directions to reset Firefox to its original settings
Complete refreshing Firefox
• Restart the browser.

Reset Internet Explorer

• Select Internet options under IE’s Tools (Alt+X)
Open up Internet options in Internet Explorer
• Proceed by clicking on Advanced tab, then select Reset
Locate and click the Reset button in IE
• To confirm the intended changes, click Reset on the Reset Internet Explorer Settings screen after ascertaining that the Delete personal settings checkbox is enabled
IE reset confirmation
• Reboot the machine to fully implement the fix.

Reset Safari

• Go to the Safari menu and select Preferences
Go to Safari Preferences
• When on the Preferences screen, select the Privacy tab and hit the Remove All Website Data button if you are up to erasing all website data stored on your Mac. Otherwise, you can use a site-specific removal option described below
Remove All Website Data button
• A dialog will appear, asking you to validate your choice. Click the Remove Now button if you are sure. Be advised this will log you out of online services and undo personalized web browser settings such as saved passwords, etc.
Confirm website data removal
• Safari also allows deleting data for specific sites rather than all sites in general. To use this option, click the Details button under Privacy tab
Details button under Privacy tab
• Select the websites for which you would like to erase data and click the Remove button
Removing data for selected sites in Safari
• Click the Done button to confirm and exit. You can also select the Remove All option to remove all data stored by the listed websites.

Revise your security status

Post-factum assessment of the accuracy component in malware removal scenarios is a great habit that prevents the comeback of harmful code or replication of its unattended fractions. Make sure you are good to go by running an additional safety checkup.

Download wish-you.co / my-love.co messenger virus removal tool

Rate article

No rating result yet
Click To Comment

Leave a Reply

Your email address will not be published. Required fields are marked *