Windows Security Tutorials - Herong's Tutorial Examples - v3.01, by Dr. Herong Yang
Removing "SurfBuddy" - sbuddy.dll
This section provides a tutorial example on remove spyware 'SurfBuddy' and related files sbuddy.dll.
Symptom: Unknown.
HijackThis Report:
O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
Quick Research: I did a Google search on "SurfBuddy remove" and located the following related message from http://www.surfapps.com/sbuddydll.html:
"sbuddy.dll" is a spyware package currently circulating the internet. It was not developed and is not included with any surfapps.com software, and it is not part of surfapps.com's SurfBuddy Surf Companion software. Please view our Privacy Policy for more information about Surfapps.com's policies on spyware.
What I Did:
1. Looked at c:\program files\SurfBuddy, found the file, and failed to delete it directly:
>dir c:\program files\SurfBuddy sbuddy.dll ... >rmdir c:\program files\SurfBuddy sbuddy.dll in use
2. Run HijackThis > "Open the Misc Tools section" > "Delete a file on reboot", select c:\program files\SurfBuddy\sbuddy.dll, and reboot the system.
Result: SurfBuddy is gone.
Table of Contents
About This Windows Security Book
Windows 8: System Security Review
Windows 8: System Security Protection
Windows 8 Defender for Real-Time Protection
Windows 7: System Security Review
Windows 7: System Security Protection
Windows 7 Forefront Client Security
Norton Power Eraser - Anti-Virus Scan Tool
McAfee Virus and Malware Protection Tools
Spybot - Spyware Blocker, Detection and Removal
Keeping IE (Internet Explorer) Secure
Malware (Adware, Spyware, Trojan, Worm, and Virus)
HijackThis - Browser Hijacker Diagnosis Tool
IE Add-on Program Listing and Removal
"Conduit Search" - Malware Detection and Removal
"Tube Dimmer", "Scorpion Saver" or "Adpeak" Malware
►Malware Manual Removal Experience
Removing Malware "Social Privacy DNS"
Removing "WebBar" - htwtb.bin and bar.dll
►Removing "SurfBuddy" - sbuddy.dll
Removing "WebSpecials" - webspec.dll
Removing "DSSAgent" - DSSAgent.exe
Removing "Best Offer" - farmmext.exe
Removing "dinst.exe" - dsr.dll
Removing "deSrcAs.dll" - MyWay Search Assistant
WinAntiVirusPRO 2006 Faked Security Popup
WinFixer 2006 Faked Security Popup
Removing "WinFixer" - Rogue Security Popups
Vundo (VirtuMonde/VirtuMundo) - vtsts.dll Removal
Trojan and Malware "Puper" Description and Removal
VSToolbar (VSAdd-in.dll) - Description and Removal
PWS (Password Stealer) Trojan Infection Removal