Interimo Posted September 21, 2012 Alright, so, apparently I've picked up a browser hijacker somewhere, and my attempts at finding a solution to get rid of it isn't working out too well. So I was wondering if any of you know how to manually destroy this thing, and could explain it to me, stepp-by-step, in such a way that even a moron could understand. Many thanks, Interimo. Quote Share this post Link to post Share on other sites
dr_bowtie Posted September 21, 2012 Google Search maybe? Quote Share this post Link to post Share on other sites
Interimo Posted September 21, 2012 If I understood them, I wouldn't be here... Quote Share this post Link to post Share on other sites
Lackadaisical Posted September 21, 2012 Try running a scan with Malwarebytes, you can grab the free version from here: http://www.malwarebytes.org/ Quote Share this post Link to post Share on other sites
wevsspot Posted September 21, 2012 Interimo - what browser do you use? Chrome, Firefox or IE? Lack pointed you to the first step; download Malwarebytes to a flash drive from a clean PC if possible boot the infected machine into windows safe mode install Mbytes from the flash drive run Mbytes The process will run faster if you clean up all the temporary files including temp internet files. You can use the windows disk clean up tool, or an even better option is CCleaner. Let Mbytes do it's thing. If it finds any infections follow the prompts and it will attempt to clean them up. A reboot may be required once or more for Mbytes to kill the process, remove files and clean the registry. Once MBytes is finished reboot the PC into regular mode and check the running apps and services list to see if the btscour.exe is still running. If so it's time to move onto a little more complicated procedure for removal. Lets cross that bridge if we come to it. Quote Share this post Link to post Share on other sites
IVIYTH0S Posted September 22, 2012 Interimo - what browser do you use? Chrome, Firefox or IE? Lack pointed you to the first step; download Malwarebytes to a flash drive from a clean PC if possible boot the infected machine into windows safe mode install Mbytes from the flash drive run Mbytes The process will run faster if you clean up all the temporary files including temp internet files. You can use the windows disk clean up tool, or an even better option is CCleaner. Let Mbytes do it's thing. If it finds any infections follow the prompts and it will attempt to clean them up. A reboot may be required once or more for Mbytes to kill the process, remove files and clean the registry. Once MBytes is finished reboot the PC into regular mode and check the running apps and services list to see if the btscour.exe is still running. If so it's time to move onto a little more complicated procedure for removal. Lets cross that bridge if we come to it. Why not take it a step further and run a bootable environment like Hiren's 15.1's Mini-XP where they have Malwarebytes ready to go. It'd probably take about the same time setting up a CD or USB to boot from and it's just such a great set of tools for working on fixing the sofrware side of things once in a while. I can't speak highly enough about Hirens BootCD!! Quote Share this post Link to post Share on other sites
d6bmg Posted September 22, 2012 If malwarebytes scan doesn't solve the problem, then only you may try to use Hirens BootCD. Once I've similar kind of adware problem and solved just by a complete system scan done by malwarebytes. Quote Share this post Link to post Share on other sites
Guest Trankop Posted September 23, 2012 (edited) I would Edited November 5, 2012 by Trankop Quote Share this post Link to post Share on other sites
wevsspot Posted September 24, 2012 Hiren's Ultimate Boot CD is certainly a great toolkit and highly recommended. Just didn't think about going there, but I guess it's an alternative. Either way, the main point is to try MBytes first. I'm not familiar with either of the options recommended by Trankop so use at your own risk. For me, if Mbytes doesn't clear it up I'll give Ad-Aware Pro a shot at it. If I'm still in full fail mode then I move on to more involved removal including the use of Hijack This from Trend MIcro or OTL by Old Timer. HJT and OTL are very advanced tool and should be used with caution. OTL is like Hijack This on steroids. Quote Share this post Link to post Share on other sites
Guest Trankop Posted September 24, 2012 (edited) To clear things Edited November 5, 2012 by Trankop Quote Share this post Link to post Share on other sites
Interimo Posted September 28, 2012 Alright, so here's what I did. I ran a complete scan with MB, which didn't find anything. I then used TDSSKiller, which didn't find anything either. I ran Fix-It Utilities professional, which caught a couple of trojans and deleted them. I then ran MB, TDSS, and FIU again, none of which caught anything. My browsers (FF and IE9) aren't redirecting anymore, so until further notice, This problem is probably solved. Thanks for all the input, and I'll be sure to fav this thread, as it may come in handy in the future. Quote Share this post Link to post Share on other sites
Fragsman Posted October 3, 2012 I used HiJack this but you got to have a sense of what might be suspicious. The program doesn't do anything for itself. I could say it was useful the 40-50% of my cases. Perhaps because I don't fully how to use it. HiJack this + a search on google or "research" might give good hints. ps: only I got one virus Sirefef. That was the only virus I couldn't remove, it was absolutely strong. I had to format. I got it fora second time. I did an uber clean (without format) and got rid of it but is really a headache.. Quote Share this post Link to post Share on other sites