How to get rid of apps designed to promote scams like MailEx survey scam?
Written by Tomas Meskauskas on (updated)
What is MailEx scam?
Scammers behind this phishing campaign use email to trick users into providing personal information. They send emails offering users to participate in a fake survey and get a certain prize in return.
After completing a survey, visitors are asked to enter personal information to claim their "reward". It is important to mention that such scams can be used to trick users into providing financial information, paying "transaction", "processing" fees as well.
Either way, it is strongly recommended to ignore emails of this type and not to trust websites that they promote/enter any personal information on them.
The email that scammers use to trick recipients into opening a survey scam is disguised as a letter regarding confirmation of a pending parcel. It claims that some package is ready for delivery and encourages recipients to confirm information about that package via the provided website.
This email promotes a deceptive website that offers to participate in a survey and get a promo reward worth at least $90 in return. The main purpose of this scam survey is to trick recipients into believing that after answering a few questions and entering personal information on one of the websites will receive a chosen reward.
At the time of the research, this website offered to select one of the following rewards: iPad Pro, cognitive pills, cannabidiol gummies, keto weight-loss pills, and anti-aging cream. In all cases, once a reward is chosen, a deceptive website asking to provide information such as first name, last name, address, city, state, ZIP code, phone number, and email address gets opened.
It is likely that after providing the aforementioned details, visitors are asked to enter credit card details (such as cardholder name, credit card number, CVV code, expiry date) and (or) to pay a "shipping", "processing," or some other fee. In conclusion, this phishing email (a website that it promotes) is used to trick recipients into believing that they will get a certain prize in return for participating in a survey and some personal information.
It is common that scammers behind such emails/fake survey scams target information that could be used to steal identities, make fraudulent purchases, transactions, or for other purposes. A couple of examples of other channels that can be used to promote survey scams and other deceptive pages are deceptive advertisements and potentially unwanted applications (PUAs).
Quite often, PUAs are designed to make browsers open shady websites. It is noteworthy that most of the times, users do not download and install PUAs intentionally.
Another detail about PUAs is that they can be designed to generate unwanted advertisements (e.g., pop-up ads, coupons, banners, surveys) and collect browsing data and even personal sensitive information. Therefore, it is recommended to be sure not to have any PUAs installed on a browser or the operating system.
| Name | MailEx phishing scam |
| Threat Type | Phishing, Scam, Social Engineering, Fraud |
| Fake Claim | Scam claims that users will receive a reward (worth at least $90) if they complete a short survey. |
| Related Domains | ggshooter[.]com |
| Serving IP Address (ggshooter[.]com) | 172.67.181.98 |
| Symptoms | Fake error messages, fake system warnings, pop-up errors, hoax computer scan. |
| Distribution methods | Compromised websites, rogue online pop-up ads, potentially unwanted applications. |
| Damage | Loss of sensitive private information, monetary loss, identity theft, possible malware infections. |
| Malware Removal (Windows) | To eliminate possible malware infections, scan your computer with legitimate antivirus software. Our security researchers recommend using Combo Cleaner. |
"Shipping Survey Reward", "Shopper Survey", and "USPS Rewards" are a couple of examples of other virtually identical phishing campaigns/survey scams used to extract personal information. It is common that scammers behind phishing emails (or fake surveys) attempt to monetize them by asking to transfer a small amount of money as a "shipping" or another fee.
In one way or another, users who fall for these scams do not win/receive any rewards. On the contrary, they become victims of identity theft, lose money, or encounter other issues.
As mentioned in the previous paragraph, survey scams (and other scams) can be promoted not only through email. It is common that users end up on untrustworthy websites because some installed PUA opens those pages for them.
How did potentially unwanted applications install on my computer?
Very often, potentially unwanted apps are distributed by including them in downloaders or installers for other programs as extra offers. This distribution method is known as "bundling".
It is used with the purpose to trick users into downloading or installing PUAs together with other programs (usually, freeware). Typically, unwanted offers can be declined/opted out via "Custom", "Advanced", "Manual" or other settings, or by unticking checkboxes that downloaders or installers for those programs have.
When users do not check and change those settings, they agree to download or install offered applications alongside the desired programs. Deceptive advertisements can be used to trick users into causing unwanted downloads and installations too.
In such cases, users download or install unwanted apps by clicking on ads that are designed to execute certain scripts.
How to avoid installation of potentially unwanted applications?
Unwanted downloads, installations can be avoided by declining unwanted offers that certain downloaders, installers include. As mentioned in the previous paragraph, PUAs can be opted out via "Custom", "Advanced" or other settings before finishing downloads or installations.
Another way to avoid unwanted downloads (or installations) is to use official websites and direct links as sources for downloading files and programs. Other sources like Peer-to-Peer networks like torrent clients, eMule, third-party downloaders (and installers), unofficial pages can be used to distribute potentially malicious apps.
Additionally, it is recommended not to click on ads that appear on shady pages - it is common that by clicking on such ads, users open questionable websites or cause unwanted downloads, installations. Unwanted extensions, plug-ins, or add-ons installed on a browser or programs of this kind installed on the operating system should be uninstalled/removed as soon as possible.
If your computer is already infected with PUAs, we recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate them.
Appearance of the MailEx survey scam website (GIF):
Text in the MailEx survey scam website:
Over $4,000,000 in Offers given out so far!
April 21, 2021
Limited Timed Offer Get a $90 promo reward
Congratulations!
Complete this short 30-second survey about your shipping experience to select one of our exclusive reward offers (minimum value $90).This offer is available for today only: April 21, 2021.
Take Survey Now
Screenshot of the email used to promote MailEx survey scam:
Text in this email:
Subject: Response Needed
PENDING PARCELS
Hello ********
You have a PARCEL
Information about your package
Status: Ready for delivery
Your tracking number: 650000840689
Delivered by: FedEx
Shipping fees: € 1,00
Accept your package
TO CONFIRMIf you wish to unsubscribe, Click here
Screenshots of websites used to collect personal information:
Instant automatic malware removal:
Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it by clicking the button below:
▼ DOWNLOAD Combo Cleaner
By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.
Quick menu:
- What is MailEx scam?
- STEP 1. Uninstall deceptive applications using Control Panel.
- STEP 2. Remove rogue extensions from Google Chrome.
- STEP 3. Remove potentially unwanted plug-ins from Mozilla Firefox.
- STEP 4. Remove rogue extensions from Safari.
- STEP 5. Remove rogue plug-ins from Microsoft Edge.
- STEP 6. Remove adware from Internet Explorer.
Removal of potentially unwanted applications:
Windows 11 users:
Right-click on the Start icon, select Apps and Features. In the opened window search for the application you want to uninstall, after locating it, click on the three vertical dots and select Uninstall.
Windows 10 users:
Right-click in the lower left corner of the screen, in the Quick Access Menu select Control Panel. In the opened window choose Programs and Features.
Windows 7 users:
Click Start (Windows Logo at the bottom left corner of your desktop), choose Control Panel. Locate Programs and click Uninstall a program.
macOS (OSX) users:
Click Finder, in the opened screen select Applications. Drag the app from the Applications folder to the Trash (located in your Dock), then right click the Trash icon and select Empty Trash.
In the uninstall programs window, look for any suspicious/recently-installed applications, select these entries and click "Uninstall" or "Remove".
After uninstalling the potentially unwanted application, scan your computer for any remaining unwanted components or possible malware infections. To scan your computer, use recommended malware removal software.
Remove rogue extensions from Internet browsers:
Video showing how to remove potentially unwanted browser add-ons:
Remove malicious extensions from Google Chrome:
Click the Chrome menu icon 
(at the top right corner of Google Chrome), select "More tools" and click "Extensions". Locate all recently-installed suspicious browser add-ons and remove them.
Optional method:
If you continue to have problems with removal of the mailex phishing scam, reset your Google Chrome browser settings. Click the Chrome menu icon (at the top right corner of Google Chrome) and select Settings. Scroll down to the bottom of the screen. Click the Advanced… link.
After scrolling to the bottom of the screen, click the Reset (Restore settings to their original defaults) button.
In the opened window, confirm that you wish to reset Google Chrome settings to default by clicking the Reset button.
Remove malicious plugins from Mozilla Firefox:
Click the Firefox menu 
(at the top right corner of the main window), select "Add-ons". Click on "Extensions", in the opened window remove all recently-installed suspicious browser plug-ins.
Optional method:
Computer users who have problems with mailex phishing scam removal can reset their Mozilla Firefox settings.
Open Mozilla Firefox, at the top right corner of the main window, click the Firefox menu, in the opened menu, click Help.
Select Troubleshooting Information.
In the opened window, click the Refresh Firefox button.
In the opened window, confirm that you wish to reset Mozilla Firefox settings to default by clicking the Refresh Firefox button.
Remove malicious extensions from Safari:
Make sure your Safari browser is active, click Safari menu, and select Preferences....
In the opened window click Extensions, locate any recently installed suspicious extension, select it and click Uninstall.
Optional method:
Make sure your Safari browser is active and click on Safari menu. From the drop down menu select Clear History and Website Data...
In the opened window select all history and click the Clear History button.
Remove malicious extensions from Microsoft Edge:
Click the Edge menu icon 
(at the upper-right corner of Microsoft Edge), select "Extensions". Locate all recently-installed suspicious browser add-ons and click "Remove" below their names.
Optional method:
If you continue to have problems with removal of the mailex phishing scam, reset your Microsoft Edge browser settings. Click the Edge menu icon (at the top right corner of Microsoft Edge) and select Settings.
In the opened settings menu select Reset settings.
Select Restore settings to their default values. In the opened window, confirm that you wish to reset Microsoft Edge settings to default by clicking the Reset button.
- If this did not help, follow these alternative instructions explaining how to reset the Microsoft Edge browser.
Remove malicious add-ons from Internet Explorer:
Click the "gear" icon 
(at the top right corner of Internet Explorer), select "Manage Add-ons". Look for any recently-installed suspicious browser extensions, select these entries and click "Remove".
Optional method:
If you continue to have problems with removal of the mailex phishing scam, reset your Internet Explorer settings to default.
Windows XP users: Click Start, click Run, in the opened window type inetcpl.cpl In the opened window click the Advanced tab, then click Reset.
Windows Vista and Windows 7 users: Click the Windows logo, in the start search box type inetcpl.cpl and click enter. In the opened window click the Advanced tab, then click Reset.
Windows 8 users: Open Internet Explorer and click the gear icon. Select Internet Options.
In the opened window, select the Advanced tab.
Click the Reset button.
Confirm that you wish to reset Internet Explorer settings to default by clicking the Reset button.
Summary:
Commonly, adware or potentially unwanted applications infiltrate Internet browsers through free software downloads. Note that the safest source for downloading free software is via developers' websites only. To avoid installation of adware, be very attentive when downloading and installing free software. When installing previously-downloaded free programs, choose the custom or advanced installation options – this step will reveal any potentially unwanted applications listed for installation together with your chosen free program.
Post a comment:
If you have additional information on mailex phishing scam or it's removal please share your knowledge in the comments section below.
Outstanding!
▼ Show Discussion