Bargain Buddy Removal

Bargain Buddy (or Cashback) by eXact Advertising is a piece of spyware known as a browser hijacker. Normally it comes bundled with freeware programs such as LimeWire or Net2Phone as well as many others. Bargain Buddy loads when you open Internet Explorer and will bypass security software because it acts as a part of the Web browser. How it works is that it monitors search terms for matches and reports the keywords to a list of advertisers on the originating servers. Then relevant ads are shown as popups by the Bullseye Network part of the software.

Other things Bargain Buddy can do is redirect your web browser to other sites when you are performing a search, add sites to your favorites or bookmarks, modify your home page, and install toolbars in your web browser. You can try an anti-spyware program or two to get rid of Bargain Buddy but you may have to do a manual removal if that doesn’t work.

To manually remove Bargain Buddy the first thing you should do is check your startup items using Msconfig and disable anything related to Bargain Buddy or anything associated with it. Make sure to check out the services tab as well.

If you see any of these processes running in Task Manager you should end them:

  • bbchk.exe
  • bbi8015.exe
  • bbi8018.exe
  • bargains.exe
  • uninst.exe
  • bargainbuddy.exe
  • nnstp_bbi6009.exe
  • bbi8014.exe

Next navigate to and delete and of these files that you may find on your computer:

  • %System%instsrv.exe
  • %System%angelex.exe
  • %System%msexreg.exe
  • %System%netut80ex.vxd
  • %System%bbchk.exe
  • %System%exclean.exe
  • %System%exdl.exe
  • %System%exdl0.exe
  • %System%exdl1.exe
  • %System%exul1.exe
  • %System%javexulm.vxd
  • %System%mqexdlm.srg
  • %System%msxct.exe
  • %Widir%bbchk.exe
  • %Widir%exclean.exe
  • %Widir%exdl.exe
  • %Widir%exul.exe
  • %Widir%msbe.dll
  • %Widir%msxct.exe
  • %Widir%msxct1.ini
  • %Widir%zeta.exe

Look in your Program Files folder and delete the following folders if they are present:

  • Bargain Buddy
  • Blue Haven

Open the Windows registry editor (regedit) and navigate to the following key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun

In the right pane, delete any of the values if they are there:

"Bargains" = "%ProgramFiles%Bargain Buddybinbargains.exe"
"BullsEye" = "%ProgramFiles%BullsEye Networkbinbargains.exe"
"BullsEye Network" = "%ProgramFiles%BullsEye Networkbinbargains.exe"
"msxct" = "msxct.exe"

Navigate to and delete the following registry subkeys:

  • HKEY_LOCAL_MACHINESOFTWAREBargains
  • HKEY_LOCAL_MACHINESOFTWARECashBack
  • HKEY_LOCAL_MACHINESOFTWAREexactUtil
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallCashBack
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallBargains
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallBargainBuddy
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorer
    Browser Helper Objects{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionexplorer
    Browser Helper Objects{CE188402-6EE7-4022-8868-AB25173A3E14}
  • HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorer
    Browser Helper Objects{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
  • HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CE188402-6EE7-4022-8868-AB25173A3E14}
  • HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1}
  • HKEY_LOCAL_MACHINESOFTWAREClassesCLSID{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
  • HKEY_LOCAL_MACHINESOFTWAREClassesInterface
    {C6906A23-4717-4E1F-B6FD-F06EBED12468}
  • HKEY_LOCAL_MACHINESOFTWAREClassesInterface
    {C6906A23-4717-4E1F-B6FD-F06EBED14177}
  • HKEY_LOCAL_MACHINESOFTWAREClassesInterface
    {C6906A23-4717-4E1F-B6FD-F06EBED15678}
  • HKEY_LOCAL_MACHINESOFTWAREClassesInterface
    {8EEE58D5-130E-4CBD-9C83-35A0564E2468}
  • HKEY_LOCAL_MACHINESOFTWAREClassesInterface
    {8EEE58D5-130E-4CBD-9C83-35A0564E5678}
  • HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3}
  • HKEY_LOCAL_MACHINESOFTWAREClassesTypeLib{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3}
  • HKEY_LOCAL_MACHINESOFTWAREClassesApuc.UrlCatcher
  • HKEY_LOCAL_MACHINESOFTWAREClassesApuc.UrlCatcher.1
  • HKEY_LOCAL_MACHINESOFTWAREClassesADP.UrlCatcher
  • HKEY_LOCAL_MACHINESOFTWAREClassesADP.UrlCatcher.1
  • HKEY_LOCAL_MACHINESOFTWAREClassesCB.UrlCatcher
  • HKEY_LOCAL_MACHINESOFTWAREClassesCB.UrlCatcher.1
  • HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesZESOFT
  • HKEY_LOCAL_MACHINESECURITYPolicySecrets_SC_ZESOFT
  • HKEY_LOCAL_MACHINESOFTWARECashBack
  • HKEY_LOCAL_MACHINESOFTWARENaviSearch
  • HKEY_LOCAL_MACHINESOFTWAREeXactUtil

You should then run an anti-spyware scanner such as Malwarebytes’ or Spybot to make sure you got everything.

Related Posts

© 2022 Online Computer Tips
Website by Anvil Zephyr