Remove Maxi Buy Extension (Chrome/FF/IE) Jan. 2019 Update


How irritating is this problem? (7 votes, average: 5.00)
Loading...

This page aims to help you remove Maxi Buy. Our removal instructions work for Chrome, Firefox and Internet Explorer, as well as every version of Windows.

Within the following lines of this short post, we will tell you about a piece of software that some security researchers regard as unwanted and that you may want to remove from your computer in case you have had it installed there. The app that we are referring to is called Maxi Buy and it is categorized as a PUP (a potentially unwanted program) by a number of cyber security specialists.

Maxi Buy Extension

 The main reason for this app being labeled as a PUP has to do with the way that it operates and the privileges it requires. This app is typically promoted as a online shopping assistant that is supposed to provide relevant offers that the users may find interesting. It can be installed on browsers such as Firefox, Chrome and Safari and it requires the following permissions in order to operate:

Read and change all your data on the websites you visit.

What this means is once the shopping assistant app gets installed inside your computer and with your browser, it will be able to access information such as cookies, browsing history, frequently visited sites and so on. Additionally, it will be able to affect what gets shown to you on your screen while you are browsing the internet in terms of advertising content. Now, this shouldn’t come as a surprise since the app indeed needs to be able to determine what you are typically interested in in order to later show you relevant ads. Still, some users, especially ones who have gotten Maxi Buy installed without really knowing it or wanting it (more on that later), may feel like their browser and virtual privacy have been invaded. For those of you with Maxi Buy in their systems who are not okay with the presence of this app, we have prepared an easy-to-follow instructional guide that will help you remove the browsing component.

Remove Maxi Buy Extension

If you have a Windows virus, continue with the guide below.

If you have a Mac virus, please use our How to remove Ads on Mac guide.

If you have an Android virus, please use our Android Malware Removal guide.

If you have an iPhone virus, please use our iPhone Virus Removal guide


Step1

Some of the steps will likely require you to exit the page. Bookmark it for later reference.

Reboot in Safe Mode (use this guide if you don’t know how to do it).

Was this step helpful? Please vote – we use the feedback to improve our guides.
 
Yes
No

Step2

WARNING! READ CAREFULLY BEFORE PROCEEDING!

Press CTRL + SHIFT + ESC at the same time and go to the Processes Tab (the “Details” Tab on Win 8 and 10). Try to determine which processes are dangerous. 

malware-start-taskbar

Right click on each of them and select Open File Location. Then scan the files with our free online virus scanner:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at: https://howtoremove.guide/online-virus-scanner/




Scan Results


Virus Scanner Result
ClamAV
AVG AV
Maldet


After you open their folder, end the processes that are infected, then delete their folders. 

Note: If you are sure something is part of the infection – delete it, even if the scanner doesn’t flag it. No anti-virus program can detect all infections. 

Step3

Hold together the Start Key and R. Type appwiz.cpl –> OK.

appwiz

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them.

Type msconfig in the search field and hit enter. A window will pop-up:

msconfig_opt

Startup —> Uncheck entries that have “Unknown” as Manufacturer or otherwise look suspicious.

Step4

Hold the Start Key and R –  copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

hosts_opt (1)

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the start menu and search for Network Connections (On Windows 10 you just write it after clicking the Windows button), press enter.

  1. Right-click on the Network Adapter you are using —> Properties —> Internet Protocol Version 4 (ICP/IP), click  Properties.
  2. The DNS line should be set to Obtain DNS server automatically. If it is not, set it yourself.
  3. Click on Advanced —> the DNS tab. Remove everything here (if there is something) —> OK.

DNS

Step5

  • After you complete this step, the threat will be gone from your browsers. Finish the next step as well or it may reappear on a system reboot.

Right click on the browser’s shortcut —> Properties.

NOTE: We are showing Google Chrome, but you can do this for Firefox and IE (or Edge).

browser-hijacker-taskbar-properties

Properties —–> Shortcut. In Target, remove everything after .exe.

ie9-10_512x512  Remove Maxi Buy from Internet Explorer:

Open IE, click  IE GEAR —–> Manage Add-ons.

pic 3

Find the threat —> Disable. Go to IE GEAR —–> Internet Options —> change the URL to whatever you use (if hijacked) —> Apply.

firefox-512 Remove Maxi Buy from Firefox:

Open Firefoxclick  mozilla menu  ——-> Add-ons —-> Extensions.

pic 6

Find the adware/malware —> Remove.
chrome-logo-transparent-backgroundRemove Maxi Buy from Chrome:

Close Chrome. Navigate to:

 C:/Users/!!!!USER NAME!!!!/AppData/Local/Google/Chrome/User Data. There is a Folder called “Default” inside:

Rename the Folder to Backup Default

Rename it to Backup Default. Restart Chrome.

Step6

Type Regedit in the windows search field and press Enter.

Inside, press CTRL and F together and type the threat’s Name. Right click and delete any entries you find with a similar name. If they don’t show up this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Lack of control and sneaky installation

A major issue that security experts point out regarding this kind of software applications and programs is that the ads it shows you and the online stores it may redirect your browser to are in no way guaranteed to be safe or verified as such. Furthermore, you have no control over what content this app may show on your screen meaning that if its algorithms somehow determine that it will show you ads from an unreliable source (or maybe even an illegal site with Ransomware and Trojans in it!), there’s no way you can stop that from happening (save for removing the advertising app itself). This again brings us to our guide on this page – use it if you think that you’d be better off without the shopping assistant app attached to your browser.

If you’d also like to stay away from Maxi Buy in the future, we advise you to be really cautious regarding the programs you install on your computer. In some cases, PUPs like this one may be included in other software’s installers under the guise of useful bonus elements. This is actually how many may get this type of apps on their machines without actually wanting them which is yet another reason why applications such as Maxi Buy tend to be seen as unwanted.

SUMMARY:

Name Maxi Buy
Type  PUP
Danger Level Low (the lack of control over the ads may lead to security risks)
Symptoms  If you have started seeing an increased number of adverts in your browser that seem to match your interests or be related to recently visited sites, you may have this app in your computer.
Distribution Method From its official site and possibly through installation bundles.
Detection Tool

If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


Leave a Comment