BufferKey (Removal Instructions) - Free Guide

BufferKey Removal Guide

What is BufferKey?

BufferKey is a Mac virus variant that targets users' personal data

BufferKeyBufferKey is a malicious application that targets Mac users

BufferKey is a potentially unwanted application that belongs to the Adload malware family, which mostly spreads via software bundle packages and fake Flash Player updates. As a result, Mac users allow the malicious app to access their devices after they type in their Apple login information into a warning prompt. Essentially, the BufferKey virus is a Trojan[1] when it comes to its distribution, as users never intend to install the app in the first place.

Once inside the system, BufferKey adware would establish a new profile and install a new browser extension on Safari, Google Chrome, or another web browser. Most of the users would also notice homepage and search engine changes that are most commonly set to Safe Finder or similar useless tools. All searches perfumed by such a hijacked browser would also cause several akamaihd.net redirects to unknown sites.

Name BufferKey
Type Adware, Mac virus
Danger level Medium. Can be associated with malware infection
Distribution Cybercriminals use software bundle packages on pirated software websites or fake Flash Player updates to deliver malicious app to users
  • An unknown browser extension installed on the web browser
  • Homepage and new tab address altered to Safe Finder or similar untrustworthy search provider
  • All searches are redirected several times though akamaihd.net
  • Random browser redirects lead to scam, malware-laden, or similar sites
  • Popups, banners, in-text links, offers, deals, and other ads show up on most visited pages
Termination To completely get rid of malware/adware from your macOS, perform a full system scan with powerful anti-malware software – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes
Optimization After you eliminate the infection, we recommend using FortectIntego for best results

BufferKey is just one of many Adload apps that attack Mac users regularly – ArchimedesLookup, SectionBrowser, AgileHelp, ProductEvent, and many others, are just a few clones that operate in the exact same way. All the apps can be recognized by a blue/green/red magnifying glass icon that is presented next to the browser extension and the installed program. However, similarities do not end there.

By using misleading and deceptive distribution tactics, the BufferKey virus manages to trick many users into downloading this malicious app. Once installed, the app can establish several persistence components within the macOS by abusing the built-in AppleScript. For example, while checking various locations on the computer, users might find new login items, profiles, or malicious .plist files. These changes can greatly diminish the chances of successful BufferKey removal.

There are more malicious traits of the BufferKey adware. Since the app is installed with elevated permissions, it can grant itself access to various information that is located on the computer. For example, the extension that is clipped to the browser is capable of reading all types of sensitive data that you type while using the internet – the description states:

Permissions for “BufferKey 1.0”

Webpage contents
Can read sensitive information from webpages, including passwords, phone numbers, and credit cards on: all webpages

Browsing History
Can see when you visit: all webpages

As you can see, BufferKey acts a lot like malware, and, according to research, can often be associated with more serious malware infections such as Shlayer Trojan (security experts from Kaspersky found[2] that the malware is present on 10% of Macs worldwide). Thus, it is not uncommon for infected individuals to find more malicious extensions and apps installed on their computers.

BufferKey virusBufferKey is a Mac virus that installs browser extension without permission and sets homepage to Safe Finder

Since the main goal of BufferKey is to remain on the system for as long as possible and operate as adware, those infected can experience a variety of bothersome browser behavior while infected. Adware specializes in displaying users plenty of intrusive commercial content that the malicious actors monetize on. Thus, expect to see a lot of popups, redirects, hyperlinks, altered search results, and other ads during your browsing sessions.

You might not be able to uninstall BufferKey until you find and delete all the components that the malicious app placed on your system. However, this might be very time consuming and difficult, so you should instead trust security applications to do the job for you. If you experience lag or slowdowns after malware termination, you can delete junk and speed up your Mac with tools such as FortectIntego.

Macs are secure machines, as long as you don't let malware in

A myth that Macs don't get infected with malware has been around for years. While it is true that macOS is immune to some types of parasites (for example, worms), cybercriminals have been focusing on this platform much more and created malicious apps designed to exploit users. Macs offer a variety of built-in defenses, including Gatekeeper or XProtect. However, these built-in security options are not unbreakable, as users can be tricked into letting the infection in.

If you download an app from an unapproved source, macOS will ask you to enter your credentials. Of course, if it is a malicious app, you would never do it. However, if you believe that the app is legitimate (for example, you are installing a pirated version of MS Office suite, or you were told that your Flash Player is out of date),[3] you will allow it to gain access to your device.

Hence, you should not visit high-risk websites such as torrents, as they are often filled with malware-laden installs. Besides, Flash Player is an outdated plugin that is no longer required to play multimedia on websites. Another important point is keeping your macOS up to date, as cybercriminals might use exploits to break in.

BufferKey detectionBufferKey is detected by multiple security vendors

Remove BufferKey and all its components at once

Changed browser settings typically do not indicate a serious security threat. Nonetheless, any unapproved action on your computer should be investigated, as it can be related to malicious applications that might download and install other malware and compromise the system further. That is why timely BufferKey removal is very important. However, many users found that the process can be much more difficult than anticipated.

As previously mentioned, the BufferKey virus might set persistence mechanisms on your Mac. Therefore, moving it to Trash as you do with legitimate apps might not be enough. If you want to get rid of all the threat's components manually, you should check the following locations and delete all the related items:

  • System Preferences > Accounts> Login Items
  • System Preferences > Users&Groups > Profiles
  • ~/Library/LaunchAgents
  • ~/Library/Application Support
  • ~/Library/LaunchDaemons

If this process seems too complicated for you or you wish to remove BufferKey quickly, you should instead rely on powerful anti-malware instead. Besides, you can also reset your browsers if the extension is still present after a full computer scan.

You may remove virus damage with a help of FortectIntego. SpyHunter 5Combo Cleaner and Malwarebytes are recommended to detect potentially unwanted programs and viruses with all their files and registry entries that are related to them.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

Getting rid of BufferKey. Follow these steps

Delete from macOS

To delete applications from macOS, follow these instructions:

Remove items from Applications folder:

  1. From the menu bar, select Go > Applications.
  2. In the Applications folder, look for all related entries.
  3. Click on the app and drag it to Trash (or right-click and pick Move to Trash) Uninstall from Mac 1

To fully remove an unwanted app, you need to access Application Support, LaunchAgents, and LaunchDaemons folders and delete relevant files:

  1. Select Go > Go to Folder.
  2. Enter /Library/Application Support and click Go or press Enter.
  3. In the Application Support folder, look for any dubious entries and then delete them.
  4. Now enter /Library/LaunchAgents and /Library/LaunchDaemons folders the same way and terminate all the related .plist files. Uninstall from Mac 2

Remove from Mozilla Firefox (FF)

If you can't delete BufferKey extension from your Firefox browser, follow these steps:

Remove dangerous extensions:

  1. Open Mozilla Firefox browser and click on the Menu (three horizontal lines at the top-right of the window).
  2. Select Add-ons.
  3. In here, select unwanted plugin and click Remove. Remove extensions from Firefox

Reset the homepage:

  1. Click three horizontal lines at the top right corner to open the menu.
  2. Choose Options.
  3. Under Home options, enter your preferred site that will open every time you newly open the Mozilla Firefox.

Clear cookies and site data:

  1. Click Menu and pick Settings.
  2. Go to Privacy & Security section.
  3. Scroll down to locate Cookies and Site Data.
  4. Click on Clear Data…
  5. Select Cookies and Site Data, as well as Cached Web Content and press Clear. Clear cookies and site data from Firefox

Reset Mozilla Firefox

If clearing the browser as explained above did not help, reset Mozilla Firefox:

  1. Open Mozilla Firefox browser and click the Menu.
  2. Go to Help and then choose Troubleshooting Information. Reset Firefox 1
  3. Under Give Firefox a tune up section, click on Refresh Firefox…
  4. Once the pop-up shows up, confirm the action by pressing on Refresh Firefox. Reset Firefox 2

Remove from Google Chrome

Delete malicious extensions from Google Chrome:

  1. Open Google Chrome, click on the Menu (three vertical dots at the top-right corner) and select More tools > Extensions.
  2. In the newly opened window, you will see all the installed extensions. Uninstall all the suspicious plugins that might be related to the unwanted program by clicking Remove. Remove extensions from Chrome

Clear cache and web data from Chrome:

  1. Click on Menu and pick Settings.
  2. Under Privacy and security, select Clear browsing data.
  3. Select Browsing history, Cookies and other site data, as well as Cached images and files.
  4. Click Clear data. Clear cache and web data from Chrome

Change your homepage:

  1. Click menu and choose Settings.
  2. Look for a suspicious site in the On startup section.
  3. Click on Open a specific or set of pages and click on three dots to find the Remove option.

Reset Google Chrome:

If the previous methods did not help you, reset Google Chrome to eliminate all the unwanted components:

  1. Click on Menu and select Settings.
  2. In the Settings, scroll down and click Advanced.
  3. Scroll down and locate Reset and clean up section.
  4. Now click Restore settings to their original defaults.
  5. Confirm with Reset settings. Reset Chrome 2

Delete from Safari

Reset Safari to ensure that no malicious components and settings are left on it:

Remove unwanted extensions from Safari:

  1. Click Safari > Preferences…
  2. In the new window, pick Extensions.
  3. Select the unwanted extension and select Uninstall. Remove extensions from Safari

Clear cookies and other website data from Safari:

  1. Click Safari > Clear History…
  2. From the drop-down menu under Clear, pick all history.
  3. Confirm with Clear History. Clear cookies and website data from Safari

Reset Safari if the above-mentioned steps did not help you:

  1. Click Safari > Preferences…
  2. Go to Advanced tab.
  3. Tick the Show Develop menu in menu bar.
  4. From the menu bar, click Develop, and then select Empty Caches. Reset Safari

After uninstalling this potentially unwanted program (PUP) and fixing each of your web browsers, we recommend you to scan your PC system with a reputable anti-spyware. This will help you to get rid of BufferKey registry traces and will also identify related parasites or possible malware infections on your computer. For that you can use our top-rated malware remover: FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes.

How to prevent from getting adware

Choose a proper web browser and improve your safety with a VPN tool

Online spying has got momentum in recent years and people are getting more and more interested in how to protect their privacy online. One of the basic means to add a layer of security – choose the most private and secure web browser. Although web browsers can't grant full privacy protection and security, some of them are much better at sandboxing, HTTPS upgrading, active content blocking, tracking blocking, phishing protection, and similar privacy-oriented features. However, if you want true anonymity, we suggest you employ a powerful Private Internet Access VPN – it can encrypt all the traffic that comes and goes out of your computer, preventing tracking completely.


Lost your files? Use data recovery software

While some files located on any computer are replaceable or useless, others can be extremely valuable. Family photos, work documents, school projects – these are types of files that we don't want to lose. Unfortunately, there are many ways how unexpected data loss can occur: power cuts, Blue Screen of Death errors, hardware failures, crypto-malware attack, or even accidental deletion.

To ensure that all the files remain intact, you should prepare regular data backups. You can choose cloud-based or physical copies you could restore from later in case of a disaster. If your backups were lost as well or you never bothered to prepare any, Data Recovery Pro can be your only hope to retrieve your invaluable files.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Olivia Morelli
About the company Esolutions