The IBuddy Virus
The IBuddy virus is an executable service responsible for infecting Windows 10 users with adware. The IBuddy virus is an alternative name for Idle Buddy and Bridlebuddles, but operates in an identical way to them. All currently known infections target Windows 10, with no reported cases on Windows 7 or earlier and macOS. While it exhibits symptoms of adware, in reality, it much more closely resembles a trojan infection that hobbles resources on the victim’s machine to mine cryptocurrencies.
General guidance on how to deal with IBuddy
When talking about computer malware, understanding the nature of a given cyber threat is half the battle. The other half is successfully applying the acquired knowledge in the fight against malware and keeping your computer safe from it. Now, this might sound easy but, of course, things are not as they seem, and keeping your computer well-protected at all times against different cyber threats might not always be possible. Even the most experienced and knowledgeable users might still make a mistake and have their machines attacked by some scary and malicious virus such as the recently detected IBuddy.
In the next lines, we will tell you about what it might do to your machine, how it might infect/ have infected it, and what things you must keep an eye out for in the future in order to make sure that it never comes back after you uninstall it. Of course, we will also help you with the actual removal of the infection with our guide that you can read further down this page. But before we give you the guide, let us tell you something about…
…what a Trojan horse might do to your PC
The bad fame of these viruses partially comes from their ability to cause different kinds of harm once they manage to get inside the targeted computer. You can, of course, expect severe system damage, corruption of the PC Registry, deletion and corruption of important files but also the distribution of ransomware, rootkits and other nasty threats, espionage over your activities on the computer, and even remote control over the processes of your machine by the hackers who control the malware piece. Therefore, removing the infection ASAP is really your best (and only option)…
Do not underestimate Trojans
Malicious pieces of malware like IBuddy are also really stealthy and in many of the cases where they infect a given computer, they wouldn’t really show any symptoms. On some separate occasions, the user might notice an unusual increase in the RAM and CPU that are being used and there might also be occasional errors or frequent crashes but not all Trojans are known for that and even the ones that are might not always trigger such symptoms.
Also, the very infection is likely to happen with little to no visible red flags. In most cases, the malware would be presented to the user under the disguise of something that is supposed to look harmless – an online (spam) message, a downloadable file, a (fake) update request, or something else. Though suspicious and potentially unsafe content is usually easy to spot and avoid, some Trojans hide better than others so this, combined with the general lack of symptoms, should be enough to convince you to get an antivirus program to keep your PC protected for those occasions when your vigilance might not be enough. And, if you already have an antivirus, then make sure to always update it when a new version is available.
As stated in the first part of this post, the only targeted OS thus far is Windows 10, particularly running the latest updates. You may disable IBuddy if you enter into safe mode or in a legacy environment that breaks Ibuddy’s native registries.
SUMMARY:
Name | IBuddy |
Type | Trojan |
Detection Tool |
Uninstall IBuddy from Windows 10
You can try to uninstall IBuddy from your Control Panel with the help of the following instructions:
- First, tap on the Windows Start button at the bottom left.
- Next, find the Control Panel and open it.
- Navigate to Programs and Features and select the option that says Uninstall a Program.
- Once you are inside, search for questionable entries.
- If you find IBuddy in the list of programs Uninstall it.
- Also, remove any other suspicious programs by uninstalling them.
These instructions may help you uninstall IBuddy to some extent, but Trojans like this one may often add some helper components in other system locations. For the complete removal of the infection, please follow the step-by-step instructions in the guide below:
Bookmarking this page is highly recommended if you want to complete the entire guide as there may be steps below where you may be required to exit your browser.
Rebooting your computer in Safe Mode is also recommended in order to easily detect and uninstall the Trojan from some system locations.
WARNING! READ CAREFULLY BEFORE PROCEEDING!
The removal process of IBuddy begins with opening the Windows Task Manager (CTRL + SHIFT + ESC key combination from the keyboard) and heading to the Processes Tab. Once you get there, take the time to carefully search for suspicious and dangerous processes.
As soon as you detect a process that looks questionable or appears to be operated by IBuddy, right-click on it and go for the first option in the pop-up menu that says Open File Location. After that, scan the files from that location with the free online virus scanner that is available here:
Wait for the scan results and if the scanned files turn out to be harmful, end their processes from the Processes tab and delete their folders from their file location.
After you are done with that, open a Run window on the screen (press Start Key and R from the keyboard) and type appwiz.cpl in it. Don’t forget to click OK to run the command.
Once you do it, you will enter the Control Panel. Just as it was explained in the quick instructions at the very beginning of this guide, look for suspicious entries related to IBuddy and Uninstall them. An “are you sure” screen may pop-up when you click the Uninstall option. If you see such a screen, choose NO:
When you are sure there are no Trojan-related entries in Control Panel, close it down and type msconfig in the Windows search field. Press Enter from the keyboard and you should immediately see the System Configuration window on your screen:
Select the Startup tab and search for entries that look unfamiliar or have “Unknown” as Manufacturer. Remove the checkmark before the questionable entries and click OK.
Finally, open the Registry Editor. The quickest way to do that is to simply type Regedit in the windows search field and press Enter.
With the Editor opened, press CTRL and F together and type the Name of the virus in the Find box that appears on the screen. Then, perform a search with the Find function and delete any entries that show up in the results.
If no entries show up this way, go manually to the directories listed below and delete them:
- HKEY_CURRENT_USER-Software-Random Directory.
- HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Run-Random
- HKEY_CURRENT_USER-Software-Microsoft-Internet Explorer-Main-Random
If you have questions or aren’t quite sure what exactly needs to be deleted, better don’t risk corrupting your system involuntarily but use a professional removal tool. Also, you can leave us a comment below in case you need more help.
Attention! Trojans like IBuddy are known to introduce other malware (ransomware, spyware, etc.) in the system. If you suspect that another threat is hiding on your PC, please follow these steps:
Press the Start and R keys from the keyboard together. You will see a new Run window where you need to copy the following command:
notepad %windir%/system32/Drivers/etc/hosts
Once you do that, press Enter, to run the command and a file named Hosts should appear on your screen. Scroll through the text and find Localhost. If you are hacked, there will be a number of questionable IPs under Localhost just as is explained in the image below:
In case there are suspicious IPs below “Localhost” in your Hosts file, please write to us in the comments so we can advise on your next actions.
About the step 5, where you can find the ips. There is no text at all. But when i use my mouse to light up the text, its invisible, is something wrong?
Hello Paekae, it is possible your hosts file has been corrupted, you can try to reset it to default by following the steps here.
I am unable to get rid of the program, it brings me to a screen to uninstall it but it asks for a code similar to CAPTCHA codes, and says it was unsuccessful
Hi Luke, are you trying to delete the program from Safe Mode on Windows?