E-Buyer

We at Pcthreat.com want to make you aware that E-Buyer is a malicious application that you ought to remove as soon as possible. After doing some research, we have come to a conclusion and have classified it as adware. So as an adware-type program, it is bound to display commercial ads that may prove to be annoying. However, annoyance should not be your biggest concern at this point since the ads come from unknown entities, and thus, they can be unreliable and even malicious. Note that this program has been around for quite some time now, but has managed to slip under the radar. However, the point we are trying to make is that this adware is old and obsolete, but it is a gold mine for cyber criminals who seek to infect as many computers as possible using the cheapest distribution methods. This is only our speculation, but it should not be ruled out.

While conducting our research we have found that E-Buyer is currently being disseminated via bundled software that is put up for download on freeware distributing websites. This is a commonly used distribution method to get as many people to install an adware program as possible. E-Buyer’s developers have also got on board and made arrangements to bundle this application with other ones and put it them up for download. In most cases, additional software is not being showed to trick users into installing the whole contents of the bundle. So you should avoid websites that feature bundled software altogether. However, if you really need to install a bundled program, try opting for custom or advanced installation settings and remove this adware from the setup.

As far as we know, E-Buyer is compatible with Google Chrome, Mozilla Firefox, and Microsoft Internet Explorer. However, it is not only installed as a browser extension but as an executable program as well. Also, this program creates a Scheduled Task that performs daily checks for updates. So this program is always up to date and continuously running in the background. Note that its main files are located in folders in %PROGRAMFILES%\ebuyer and/or %PROGRAMFILES(x86)%\ebuyer (depending on whether your version of Windows is 32bit or 64bit.) However, it creates more files in other locations in addition to adding registry keys.

However, the most important aspect about this application is its ability to render advertisements. E-Buyer connects to a remote server and receives instructions on what ads to display. We have found that it is set o display pop-ups, coupons, banners, and other types of ads typical to adware. We are concerned, however, that these ads may come from unknown sources because programs such as this one are a magnet for cyber criminals. Criminals may use this program to promote illicit applications, such as spyware, keyloggers, and various other Trojans to serve their agenda.

We would also like to mention that this application can collect non-personal information about you, such as your approximate location, Internet Protocol address, device information, Internet Service Provider, browsing and search history, and so on. This information is used for marketing purposes, mainly for customizing the ads for a unique user which is unacceptable given that E-Buyer may promote malicious content. Now let us discuss where it comes from before moving to the deletion portion of this article.

This program does not have a dedicated distribution website, but it may have had one in the past. Nevertheless, pinpointing its developer is impossible since no legal documentation is usually hosted on a dedicated website that could link this program to its respective software company. Unfortunately, we do not know this program’s country of origin either, but it seems that its target audiences are user’s from the US, Canada, and other English-speaking countries. This is an indication that this program is distributed on websites intended to the locales mentioned above, but since anyone can visit any site in the world, saying that anyone in the can get E-Buyer in not an overstatement.

This is all of the information we have managed to gather since this program is old and may not be around for much longer. Nevertheless, it is still functional and is more than capable of causing all kind of trouble and wreaking havoc on your system. Therefore, we urge you to remove E-Buyer from your PC using the instructions located below.

How to get rid of this adware

Windows 10

1. Enter Control Panel in the search bar located on the Taskbar.
2. Go to Uninstall a program.
3. Find the program and double-click on it.
4. Click Uninstall.

Windows 8 & 8.1

1. Open the Charm bar.
2. Click Settings and select Control Panel.
3. Open Programs and Features.
4. Locate the adware right-click on it and click Uninstall.

Windows 7 & Vista

1. Open the Start menu and click Control Panel.
2. Select Uninstall a program.
3. Find the malicious program and right-click on it.
4. Click Uninstall.

Windows XP

1. Open the Start menu and click Control Panel.
2. Open Add or Remove Programs.
3. Find the undesirable application.
4. Click Remove.

Remove the hidden files (optional)

1. Press Windows Key+E.
2. Go to the following directories by entering them in the address box.
3. Delete the files marked in bold.

• %PROGRAMFILES%\ebuyer.
• %PROGRAMFILES(x86)%\ebuyer.
• %WINDIR%\System32\Tasks\e-Buyer Updater.
• %WINDIR%\Tasks\e-Buyer Updater.job.

Delete Registry keys (optional)

1. Press Windows Key+R to launch RUN.
2. Enter regedit and click OK.
3. Find and Delete the following registry keys.

• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ebuyer.exe. (remains after uninstalling via Control Panel)
• HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION | ebuyerup.exe.
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\ebuyer.
• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e-Buyer Updater.