Jump to content
Sign in to follow this  
Interimo

bts.scour.com

Recommended Posts

Alright, so, apparently I've picked up a browser hijacker somewhere, and my attempts at finding a solution to get rid of it isn't working out too well. So I was wondering if any of you know how to manually destroy this thing, and could explain it to me, stepp-by-step, in such a way that even a moron could understand.

 

Many thanks, Interimo.

Share this post


Link to post
Share on other sites

Interimo - what browser do you use? Chrome, Firefox or IE?

 

Lack pointed you to the first step;

 

download Malwarebytes to a flash drive from a clean PC if possible

boot the infected machine into windows safe mode

install Mbytes from the flash drive

run Mbytes

 

The process will run faster if you clean up all the temporary files including temp internet files. You can use the windows disk clean up tool, or an even better option is CCleaner.

 

Let Mbytes do it's thing. If it finds any infections follow the prompts and it will attempt to clean them up. A reboot may be required once or more for Mbytes to kill the process, remove files and clean the registry. Once MBytes is finished reboot the PC into regular mode and check the running apps and services list to see if the btscour.exe is still running. If so it's time to move onto a little more complicated procedure for removal. Lets cross that bridge if we come to it.

Share this post


Link to post
Share on other sites

Interimo - what browser do you use? Chrome, Firefox or IE?

 

Lack pointed you to the first step;

 

download Malwarebytes to a flash drive from a clean PC if possible

boot the infected machine into windows safe mode

install Mbytes from the flash drive

run Mbytes

 

The process will run faster if you clean up all the temporary files including temp internet files. You can use the windows disk clean up tool, or an even better option is CCleaner.

 

Let Mbytes do it's thing. If it finds any infections follow the prompts and it will attempt to clean them up. A reboot may be required once or more for Mbytes to kill the process, remove files and clean the registry. Once MBytes is finished reboot the PC into regular mode and check the running apps and services list to see if the btscour.exe is still running. If so it's time to move onto a little more complicated procedure for removal. Lets cross that bridge if we come to it.

Why not take it a step further and run a bootable environment like Hiren's 15.1's Mini-XP where they have Malwarebytes ready to go. It'd probably take about the same time setting up a CD or USB to boot from and it's just such a great set of tools for working on fixing the sofrware side of things once in a while.

 

I can't speak highly enough about Hirens BootCD!!

Share this post


Link to post
Share on other sites

If malwarebytes scan doesn't solve the problem, then only you may try to use Hirens BootCD.

Once I've similar kind of adware problem and solved just by a complete system scan done by malwarebytes.

Share this post


Link to post
Share on other sites

Hiren's Ultimate Boot CD is certainly a great toolkit and highly recommended. Just didn't think about going there, but I guess it's an alternative. Either way, the main point is to try MBytes first. I'm not familiar with either of the options recommended by Trankop so use at your own risk. For me, if Mbytes doesn't clear it up I'll give Ad-Aware Pro a shot at it. If I'm still in full fail mode then I move on to more involved removal including the use of Hijack This from Trend MIcro or OTL by Old Timer. HJT and OTL are very advanced tool and should be used with caution. OTL is like Hijack This on steroids.

Share this post


Link to post
Share on other sites

Alright, so here's what I did. I ran a complete scan with MB, which didn't find anything. I then used TDSSKiller, which didn't find anything either. I ran Fix-It Utilities professional, which caught a couple of trojans and deleted them. I then ran MB, TDSS, and FIU again, none of which caught anything. My browsers (FF and IE9) aren't redirecting anymore, so until further notice, This problem is probably solved. Thanks for all the input, and I'll be sure to fav this thread, as it may come in handy in the future.

Share this post


Link to post
Share on other sites

I used HiJack this but you got to have a sense of what might be suspicious. The program doesn't do anything for itself.

 

I could say it was useful the 40-50% of my cases. Perhaps because I don't fully how to use it. HiJack this + a search on google or "research" might give good hints.

 

ps: only I got one virus Sirefef. That was the only virus I couldn't remove, it was absolutely strong. I had to format. I got it fora second time. I did an uber clean (without format) and got rid of it but is really a headache..

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×