Mac Virus

What is SurfBuyer? (Mac Removal) Dec. 2019 Update

Parasite may reinstall itself multiple times if you don't delete its core files. We recommend downloading ComboCleaner to scan for malicious programs installed with it. This may save you hours and cut down your time to about 15 minutes. 

Download ComboCleaner Anti-Malware

More information about ComboCleaner and steps to uninstall. Please review ComboCleaner's EULA and Privacy Policy. Keep in mind, only ComboCleaner’s scanner is free. If it detects a malware, you'll need to purchase its full version to remove it.


The program the following article is going to focus on, SurfBuyer, is a program, whose only purpose is to display numerous ads inside your default browser (whatever it is: Firefox, Chrome or Explorer) varying in their form (pop-ups, banners, tabs, boxes), shape and color. What these ads have in common is that they are not web-page-hosted ones and the intensity of their appearance may start bothering some users.

What is SurfBuyer?

SurfBuyer belongs to the Adware category of software. All Adware-based products do exactly what SurfBuyer normally does: they generate pop-ups, banners and other advertisements. That’s probably why the image of this kind of software is not that positive. Many users may still mistake them for viruses, because they can be incredibly annoying and intrusive. To be completely precise, they are far from any form of malicious software in terms of their behavior and the consequences for the infected user. Malware typically does some harm to your PC – it may either lock some files up, it sometimes even blackmails the affected users in case of an infection with a Ransomware virus. Other types of malicious software might be capable of stealing all your personal data, including bank account details. What SurfBuyer might do is track your browsing and based on the acquired data storm your browser only with ads that fit your interest profile. Some of the advertisements could in fact redirect you to pages that contain a variety of cyber threats, including Ransomware, Trojans, etc. Still, there is really no proof to back up such implications.

SurfBuyer might appear particularly shady and questionable because of the way it gets installed on your PC. On the one hand, many of the affected users are not really aware of the presence of such Adware programs in the software they agree to incorporate in their systems. On the other hand, given the Adware’s inability to infiltrate any machine on its own, it is the users who let it in, knowingly or unknowingly. Usually you might end up suffering from ad-generating software when you download program bundles. Such bundles may consist of some newly-developed programs, browser hijackers, Adware-type products and others. Often such software combos are available for free. The thing you should remember about software bundles is how to install them properly. Performing an excellent installation in terms of safety will give you the chance to access the EUCA and thus, have all the necessary information about a given bundle. The only possible installation feature in case you want to be free from the irritating ads and you want to surf the Internet undisturbed is the ADVANCED one. By selecting it you will ensure that no program sneaks into your system without you knowingly agreeing to that. Other places where Adware and SurfBuyer could be found are all spam emails, all free stream-video websites, some shareware and torrent-sharing webpages, as well as any infected page that you visit.

Why so many ads?

You are already aware of all the typical features that SurfBuyer may have. You may be interested in the reason for the production of such a great number of pop-ups, boxes, banners and new browser tabs. The answer is that the developers who agree to spread ad-displaying software actually earn money for that. The amount of money is usually based on the number of generated ads and sometimes on the number of the ones you have (accidentally or nor) clicked on. That’s how more and more programmers are financially motivated to distribute Adware and browser hijackers, as by doing so they ensure some additional profit for themselves. This is a well-known strategy, which the marketing industry successfully exploits, called pay-per-clicк.

To remove SurfBuyer or not to remove it?

The answer of this question strongly depends on the patience and endurance that you possess. Some users might find that such ad campaigns as far too annoying. For others this may not be the case and they may be able to stand the ads. However, our advice is to always uninstall such ad-producing programs, as they are rarely of any actual use. Of course, you may find some great deals in the ads but this is not the normal case. Normally, you just find your browsing experiences disturbed or made impossible. We have developed our removal guide below to help you cope with this ad-related issue once and for all. We are just asking you to go over it extremely carefully, so that afterwards you can be able to implement the steps there successfully.


Name SurfBuyer
Type Adware
Danger Level Medium (nowhere near threats like Ransomware, but still a security risk)
Symptoms  A number of pop-ups, banners and box ads that might disturb your surfing activities.
Distribution Method Normally inside program bundles, however, shareware websites, torrents and spam are also possible sources.
Detection Tool

SurfBuyer Removal


We get asked this a lot, so we are putting it here: Removing parasite manually may take hours and damage your system in the process. We recommend downloading ComboCleaner to see if it can detect parasite files for you.

The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.



To remove parasite on your own, you may have to meddle with system files and registries. If you were to do this, you need to be extremely careful, because you may damage your system.

If you want to avoid the risk, we recommend downloading ComboCleaner
a professional malware removal tool.

More information on ComboCleaner, steps to uninstallEULA, and Privacy Policy.

Start Activity Monitor by opening up Finder, then proceed to activity-monitor

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:


Now click on Sample at the bottom:


Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Drag and Drop Files Here to Scan
Maximum file size: 128MB.

This scanner is free and will always remain free for our website's users. You can find its full-page version at:

Scan Results

Virus Scanner Result


The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

First, Force Quit Safari again.

Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.


Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

Preferences in Safari

and then again on the Extensions tab,

extensions in safari

Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.

The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
Privacy in Safari

Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

Still in the Preferences menu, hit the General tab

General Tab in Safari

Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
Default Home Page

Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

firefox-512 How to Remove SurfBuyer From Firefox in OSX:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

pic 6

The problem should be lurking somewhere around here –  Remove it. Then Refresh Your Firefox Settings.

chrome-logo-transparent-backgroundHow to Remove SurfBuyer From Chrome in OSX:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon.

pic 8

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

Leave a Comment