Buff.ly “Virus” Links Removal

Buff.ly “Virus” Links RemovalBuff.ly “Virus” Links RemovalBuff.ly “Virus” Links Removal

This page aims to help you remove Buff.ly “Virus” links. These Buff.ly “Virus” links removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

Users have recently been puzzled with the mystery of the ‘buff.ly virus’ and there has been much guessing and misunderstanding revolving around this topic. This article is dedicated to help clear some of the misunderstanding and shed some light on this enigmatic occurrence, which has been plaguing people all over the internet.

What is buff.ly?

First of all, let us be clear on one thing: buff.ly is by no means a virus. Viruses are malicious pieces of programming, like Trojans and ransomware, which are specifically designed to inflict terrible harm onto you and your computer alike. They steal data, wreck files and their evil practices range even beyond that. So, now that that’s out of the way, let us talk about what this strange thing ‘buff.ly’ is. Actually, it’s about as the most harmless thing you can imagine. It’s nothing but an innocent URL shortener. To those who are unfamiliar with the concept, it’s pretty simple. The point of a URL shortener is to convert given URL addresses, which are otherwise too long and take up too much space, to shorter addresses that lead to the exact same page. This is a very convenient tool, especially for fans of social media, as it enables people to quickly and efficiently share different webpages, without taking up tons of space with unnecessarily large numbers of characters. There are other popular examples of URL shorteners and they are all commonly used on a day to day basis for the purpose of sharing information in a neater and more compact way.

So, where does the concept of this innocent online tool being a virus come from? It comes from being misused by dishonest developers and cyber criminals. They took a good thing and gave it a bad name. Buff.ly has been sometimes used by browser hijackers to disguise links to potentially harmful and malicious webpages or even for the purpose of distributing viruses.  We cannot exactly pinpoint a single browser hijacker responsible for giving buff.ly a bad reputation, because it could literally be any one, especially given the rate at which these programs evolve and are updated. So, the bottom line is that the issue lies within the browser hijacker, which has managed to infect your system. You might at this point be asking yourself what exactly a hijacker is and how to get rid of it, which is exactly the purpose of the current guide. We will explain what you’re dealing with and the guide below will show you how to remove this annoying and risky program from your computer.

What is a browser hijacker?

 To put it simply, it’s a type of software that is developed to take over your browser, implementing its own settings and influencing what you see, when you surf the web. Basically, it has the capacity of changing all the default settings within the most popular browsers including Chrome, Mozilla and IE. You can undoubtedly suspect the presence of a browser hijacker when you open your browser to find that the homepage is no longer what it used to be, your search engine could as well have possibly be changed and you might also find yourself bombarded with various advertisements in the form of popups, banners, box messages, etc. You will also find that the default page of a new tab will be set to a different one than what you’re used to or what you had set yourself.

NOTE: If you are unsure of what exact browser hijacker you are dealing with, the name of the newly set search engine and/or homepage could give you a good hint. But whichever it is, our removal guide will help you successfully uninstall any type of hijacker out there.

How did it get on your PC?

Most often browser hijackers are distributed via program bundles. This is a sneaky, but legal technique, which enables developers to bundle a specific piece of software together with another, usually some freeware or shareware. These are often found on torrent websites or other share sites that distribute free content. Once you have downloaded the main program, you then proceed to set it up with the help of the installation wizard. Most of the time people go for the easy and quick-looking default setup option, which is actually a big mistake. You will not be able to see the bundled in software, unless you choose the advanced or custom settings. This will enable you not only to see it, but to decide whether or not it will be installed alongside the main program. Additionally, being more careful with the sources you choose to download content from will also ensure a safer browsing experience. Naturally, you should always have a reliable antivirus program running and a proven anti-malware tool would definitely boost the security level on your machine.


Name Buff.ly (a collection of threats using the buff.ly shortener)
Type Browser Hijacker
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms Changed homepage and/or default search engine; possible bombardment with various advertisements in the form of popups, banners, etc.
Distribution Method Program bundles are arguably the most effective distribution method, but also possible through spam emails.
Detection Tool Buff.ly may be difficult to track down. Use SpyHunter – a professional parasite scanner – to make sure you find all files related to the infection.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you’ll need to purchase the full version.
More information about SpyHunter and steps to uninstall.


Buff.ly “Virus” Removal

Readers are interested in:


Buff.ly “Virus” Links Removal

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This was the first preparation.

Buff.ly “Virus” Links Removal

Reveal All Hidden Files and Folders.

  • Do not skip this  – Buff.ly may have hidden some of its files.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Buff.ly “Virus” Links Removal

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

Buff.ly “Virus” Links Removal

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

  • Remember this step – if you have reason to believe a bigger threat (like ransomware) is on your PC, check everything here.

Buff.ly “Virus” Links Removal

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

Buff.ly “Virus” Links Removal

Buff.ly “Virus” Links Removal

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

Buff.ly “Virus” Links Removal

Properties —–> Shortcut. In Target, remove everything after .exe.

Buff.ly “Virus” Links Removal

Buff.ly “Virus” Links Removal  Remove Buff.ly from Internet Explorer:

Open IE, click  Buff.ly “Virus” Links Removal —–> Manage Add-ons.

Buff.ly “Virus” Links Removal

Find the threat —> Disable. Go to Buff.ly “Virus” Links Removal —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

Buff.ly “Virus” Links Removal Remove Buff.ly from Firefox:

Open Firefoxclick  Buff.ly “Virus” Links Removal  ——-> Add-ons —-> Extensions.

Buff.ly “Virus” Links Removal

Find the adware/malware —> Remove.
Buff.ly “Virus” Links RemovalRemove Buff.ly from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Buff.ly “Virus” Links Removal

Rename it to Backup Default. Restart Chrome.

  • At this point the threat is gone from Chrome, but complete the entire guide or it may reappear on a system reboot.

Buff.ly “Virus” Links Removal

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are dangerous. Google them or ask us in the comments.


Right click on each of the problematic processes separately and select Open File LocationEnd the process after you open the folder, then delete the directories you were sent to.

Buff.ly “Virus” Links Removal

Buff.ly “Virus” Links Removal

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Remember to leave us a comment if you run into any trouble!


About the author


Violet George

Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

Leave a Comment