IBuddy Virus

The IBuddy Virus

The IBuddy virus is an executable service responsible for infecting Windows 10 users with adware. The IBuddy virus is an alternative name for Idle Buddy and Bridlebuddles, but operates in an identical way to them. All currently known infections target Windows 10, with no reported cases on Windows 7 or earlier and macOS. While it exhibits symptoms of adware, in reality, it much more closely resembles a trojan infection that hobbles resources on the victim’s machine to mine cryptocurrencies.

ibuddy virus

The ibuddy virus is just Idle Buddy under another name.

General guidance on how to deal with IBuddy

When talking about computer malware, understanding the nature of a given cyber threat is half the battle. The other half is successfully applying the acquired knowledge in the fight against malware and keeping your computer safe from it. Now, this might sound easy but, of course, things are not as they seem, and keeping your computer well-protected at all times against different cyber threats might not always be possible. Even the most experienced and knowledgeable users might still make a mistake and have their machines attacked by some scary and malicious virus such as the recently detected IBuddy. 

In the next lines, we will tell you about what it might do to your machine, how it might infect/ have infected it, and what things you must keep an eye out for in the future in order to make sure that it never comes back after you uninstall it. Of course, we will also help you with the actual removal of the infection with our guide that you can read further down this page. But before we give you the guide, let us tell you something about…

…what a Trojan horse might do to your PC

The bad fame of these viruses partially comes from their ability to cause different kinds of harm once they manage to get inside the targeted computer. You can, of course, expect severe system damage, corruption of the PC Registry, deletion and corruption of important files but also the distribution of ransomware, rootkits and other nasty threats, espionage over your activities on the computer, and even remote control over the processes of your machine by the hackers who control the malware piece. Therefore, removing the infection ASAP is really your best (and only option)…

Do not underestimate Trojans

Malicious pieces of malware like IBuddy are also really stealthy and in many of the cases where they infect a given computer, they wouldn’t really show any symptoms. On some separate occasions, the user might notice an unusual increase in the RAM and CPU that are being used and there might also be occasional errors or frequent crashes but not all Trojans are known for that and even the ones that are might not always trigger such symptoms.

Also, the very infection is likely to happen with little to no visible red flags. In most cases, the malware would be presented to the user under the disguise of something that is supposed to look harmless – an online (spam) message, a downloadable file, a (fake) update request, or something else. Though suspicious and potentially unsafe content is usually easy to spot and avoid, some Trojans hide better than others so this, combined with the general lack of symptoms, should be enough to convince you to get an antivirus program to keep your PC protected for those occasions when your vigilance might not be enough. And, if you already have an antivirus, then make sure to always update it when a new version is available.

As stated in the first part of this post, the only targeted OS thus far is Windows 10, particularly running the latest updates. You may disable IBuddy if you enter into safe mode or in a legacy environment that breaks Ibuddy’s native registries.

SUMMARY:

Name IBuddy
Type Trojan
Detection Tool

Uninstall IBuddy from Windows 10

You can try to uninstall IBuddy from your Control Panel with the help of the following instructions:

  1. First, tap on the Windows Start button at the bottom left.
  2. Next, find the Control Panel and open it.
  3. Navigate to Programs and Features and select the option that says Uninstall a Program.
  4. Once you are inside, search for questionable entries.
  5. If you find IBuddy in the list of programs Uninstall it.
  6. Also, remove any other suspicious programs by uninstalling them.

These instructions may help you uninstall IBuddy to some extent, but Trojans like this one may often add some helper components in other system locations. For the complete removal of the infection, please follow the step-by-step instructions in the guide below:


Step1

Bookmarking this page is highly recommended if you want to complete the entire guide as there may be steps below where you may be required to exit your browser. 

Rebooting your computer in Safe Mode is also recommended in order to easily detect and uninstall the Trojan from some system locations.

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

The removal process of IBuddy begins with opening the Windows Task Manager (CTRL + SHIFT + ESC key combination from the keyboard) and heading to the Processes Tab. Once you get there, take the time to carefully search for suspicious and dangerous processes. 

malware-start-taskbar

As soon as you detect a process that looks questionable or appears to be operated by IBuddy, right-click on it and go for the first option in the pop-up menu that says Open File Location. After that, scan the files from that location with the free online virus scanner that is available here:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Loading
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.


    Wait for the scan results and if the scanned files turn out to be harmful, end their processes from the Processes tab and delete their folders from their file location. 

    Step3

    After you are done with that, open a Run window on the screen (press Start Key and R from the keyboard) and type appwiz.cpl in it. Don’t forget to click OK to run the command.

    appwiz

    Once you do it, you will enter the Control Panel. Just as it was explained in the quick instructions at the very beginning of this guide, look for suspicious entries related to IBuddy and Uninstall them. An “are you sure” screen may pop-up when you click the Uninstall option. If you see such a screen, choose NO:

    virus-removal1

    Step4

    When you are sure there are no Trojan-related entries in Control Panel, close it down and type msconfig in the Windows search field. Press Enter from the keyboard and you should immediately see the System Configuration window on your screen:

    msconfig_opt

    Select the Startup tab and search for entries that look unfamiliar or have “Unknown” as Manufacturer. Remove the checkmark before the questionable entries and click OK.

    Step5

    Finally, open the Registry Editor. The quickest way to do that is to simply type Regedit in the windows search field and press Enter.

    With the Editor opened, press CTRL and F together and type the Name of the virus in the Find box that appears on the screen. Then, perform a search with the Find function and delete any entries that show up in the results.

    If no entries show up this way, go manually to the directories listed below and delete them:

    • HKEY_CURRENT_USER-Software-Random Directory. 
    • HKEY_CURRENT_USER-Software-Microsoft-Windows-CurrentVersion-Run-Random
    • HKEY_CURRENT_USER-Software-Microsoft-Internet Explorer-Main-Random

    If you have questions or aren’t quite sure what exactly needs to be deleted, better don’t risk corrupting your system involuntarily but use a professional removal tool. Also, you can leave us a comment below in case you need more help.

    Attention! Trojans like IBuddy are known to introduce other malware (ransomware, spyware, etc.) in the system. If you suspect that another threat is hiding on your PC, please follow these steps:

    Press the Start and R keys from the keyboard together. You will see a new Run window where you need to copy the following command:

    notepad %windir%/system32/Drivers/etc/hosts

    Once you do that, press Enter, to run the command and a file named Hosts should appear on your screen. Scroll through the text and find Localhost. If you are hacked, there will be a number of questionable IPs under Localhost just as is explained in the image below: 

    hosts_opt (1)

    In case there are suspicious IPs below “Localhost” in your Hosts file, please write to us in the comments so we can advise on your next actions.


    About the author

    blank

    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    4 Comments

    Leave a Comment