This page aims to help you remove Buff.ly “Virus” links. These Buff.ly “Virus” links removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.
Users have recently been puzzled with the mystery of the ‘buff.ly virus’ and there has been much guessing and misunderstanding revolving around this topic. This article is dedicated to help clear some of the misunderstanding and shed some light on this enigmatic occurrence, which has been plaguing people all over the internet.
What is buff.ly?
First of all, let us be clear on one thing: buff.ly is by no means a virus. Viruses are malicious pieces of programming, like Trojans and ransomware, which are specifically designed to inflict terrible harm onto you and your computer alike. They steal data, wreck files and their evil practices range even beyond that. So, now that that’s out of the way, let us talk about what this strange thing ‘buff.ly’ is. Actually, it’s about as the most harmless thing you can imagine. It’s nothing but an innocent URL shortener. To those who are unfamiliar with the concept, it’s pretty simple. The point of a URL shortener is to convert given URL addresses, which are otherwise too long and take up too much space, to shorter addresses that lead to the exact same page. This is a very convenient tool, especially for fans of social media, as it enables people to quickly and efficiently share different webpages, without taking up tons of space with unnecessarily large numbers of characters. There are other popular examples of URL shorteners and they are all commonly used on a day to day basis for the purpose of sharing information in a neater and more compact way.
So, where does the concept of this innocent online tool being a virus come from? It comes from being misused by dishonest developers and cyber criminals. They took a good thing and gave it a bad name. Buff.ly has been sometimes used by browser hijackers to disguise links to potentially harmful and malicious webpages or even for the purpose of distributing viruses. We cannot exactly pinpoint a single browser hijacker responsible for giving buff.ly a bad reputation, because it could literally be any one, especially given the rate at which these programs evolve and are updated. So, the bottom line is that the issue lies within the browser hijacker, which has managed to infect your system. You might at this point be asking yourself what exactly a hijacker is and how to get rid of it, which is exactly the purpose of the current guide. We will explain what you’re dealing with and the guide below will show you how to remove this annoying and risky program from your computer.
What is a browser hijacker?
To put it simply, it’s a type of software that is developed to take over your browser, implementing its own settings and influencing what you see, when you surf the web. Basically, it has the capacity of changing all the default settings within the most popular browsers including Chrome, Mozilla and IE. You can undoubtedly suspect the presence of a browser hijacker when you open your browser to find that the homepage is no longer what it used to be, your search engine could as well have possibly be changed and you might also find yourself bombarded with various advertisements in the form of popups, banners, box messages, etc. You will also find that the default page of a new tab will be set to a different one than what you’re used to or what you had set yourself.
NOTE: If you are unsure of what exact browser hijacker you are dealing with, the name of the newly set search engine and/or homepage could give you a good hint. But whichever it is, our removal guide will help you successfully uninstall any type of hijacker out there.
How did it get on your PC?
Most often browser hijackers are distributed via program bundles. This is a sneaky, but legal technique, which enables developers to bundle a specific piece of software together with another, usually some freeware or shareware. These are often found on torrent websites or other share sites that distribute free content. Once you have downloaded the main program, you then proceed to set it up with the help of the installation wizard. Most of the time people go for the easy and quick-looking default setup option, which is actually a big mistake. You will not be able to see the bundled in software, unless you choose the advanced or custom settings. This will enable you not only to see it, but to decide whether or not it will be installed alongside the main program. Additionally, being more careful with the sources you choose to download content from will also ensure a safer browsing experience. Naturally, you should always have a reliable antivirus program running and a proven anti-malware tool would definitely boost the security level on your machine.
|Name||Buff.ly (a collection of threats using the buff.ly shortener)|
|Danger Level||Medium (nowhere near threats like Ransomware, but still a security risk)|
|Symptoms||Changed homepage and/or default search engine; possible bombardment with various advertisements in the form of popups, banners, etc.|
|Distribution Method||Program bundles are arguably the most effective distribution method, but also possible through spam emails.|
|Detection Tool||Buff.ly may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.|
Buff.ly “Virus” Removal
Readers are interested in:
Reboot in Safe Mode (use this guide if you don’t know how to do it).
This was the first preparation.
To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.
If you want to avoid the risk, we recommend downloading SpyHunter - a professional malware removal tool - to see whether it will find malicious programs on your PC.
- Do not skip this – Buff.ly may have hidden some of its files.
Hold together the Start Key and R. Type appwiz.cpl –> OK.
You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.
Type msconfig in the search field and hit enter. A window will pop-up:
Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.
- Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.
Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.
- Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click Properties.
- The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
- Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.
Right click on the browser’s shortcut —> Properties.
NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).
Properties —–> Shortcut. In Target, remove everything after .exe.
Remove Buff.ly from Internet Explorer:
Open IE, click —–> Manage Add-ons.
Find the threat —> Disable. Go to —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.
Remove Buff.ly from Firefox:
Open Firefox, click ——-> Add-ons —-> Extensions.
Find the adware/malware —> Remove.
Remove Buff.ly from Chrome:
Close Chrome. Navigate to:
C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:
Rename it to Backup Default. Restart Chrome.
- At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.
Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
Right click on each of the problematic processes separately and select Open File Location. End the process after you open the folder, then delete the directories you were sent to.
Type Regedit in the windows search field and press Enter.
Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:
- HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random
Remember to leave us a comment if you run into any trouble!