Home Malware Programs Adware E-Buyer Ads

E-Buyer Ads

Posted: January 25, 2016

Threat Metric

Ranking: 17,242
Threat Level: 2/10
Infected PCs: 705
First Seen: November 13, 2015
Last Seen: August 31, 2023
OS(es) Affected: Windows

E-Buyer is an adware extension that may insert various commercial materials in Google Chrome, Mozilla Firefox and Internet Explorer. This plugin may enter without your knowledge when you install some cost-free applications. These cost-free applications may promote E-Buyer as a free and recommended addition towards the main program. However, the 'Quick' menu may install all components simultaneously without informing you properly about their features. It will not take you too long to detect various changes in the Web clients. As soon as you go online, you may notice that your homepage is different. E-Buyer may change the starting site to a manipulated search engine, which may redirect the users to third-party affiliate pages. E-Buyer may accomplish this goal by showing relevant links at the first positions. This adware also may generate additional pop-ups, banners, transitional ads, in-text ads and interstitial ads. These new ads may substitute those commercial materials that are part of the pages. E-Buyer introduces itself as a shopping assistant. Allegedly, its coupons and discounts should let you purchase the products that you want at a more reasonable price. Sometimes the ads by E-Buyer may transfer you to legit shopping sites. However, according to the majority of PC users, keeping E-Buyer is not worth it because of the effects of the marketing elements. They may irritate you with their quantity. At the same time, they may consume system resources, which may lead to functionality issues with the Web clients such as freezes and crashes. What is more, nothing can guarantee that all ads will open safe sites. In some cases, you may be brought to potentially threatening parts of the Web. If you are not able to delete the adware manually, which would not be a surprise, you should use a dedicated security product.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



582b997d7520b88e9c796943ff4918b003f01dd0c5666aafbbc6ec34ee29b0f4.exe File name: 582b997d7520b88e9c796943ff4918b003f01dd0c5666aafbbc6ec34ee29b0f4.exe
Size: 896.51 KB (896512 bytes)
MD5: a1c3b5e85a0059e2b974bd8342f90813
Detection count: 17
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: November 13, 2015
C:\Program Files\ebuyer\ebuyer\1.4.2.5\ebuyer.exe File name: C:\Program Files\ebuyer\ebuyer\1.4.2.5\ebuyer.exe
MD5: 735cfc7b84daba9170aae587e903e486
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
ebuyerup.exe File name: ebuyerup.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
kBmelZnc.dll File name: kBmelZnc.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
res.dll File name: res.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
6ajhac4o.dll File name: 6ajhac4o.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
liFJefmk.dll File name: liFJefmk.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
ThlHZlmp.dll File name: ThlHZlmp.dll
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
"C:\Users\<username>\appdata\Local\ebuyer\ebuyer\1.4.2.5\ebuyerup.exe" /uninstl File name: "C:\Users\<username>\appdata\Local\ebuyer\ebuyer\1.4.2.5\ebuyerup.exe" /uninstl
Mime Type: unknown/exe" /uninstl
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%WINDIR%\System32\Tasks\e-Buyer Updater

Additional Information

The following directories were created:
%PROGRAMFILES%\ebuyer\ebuyer%PROGRAMFILES(x86)%\ebuyer\ebuyer
Loading...