I am infected with scour.com redirect virus. My McAfee is not finding and addressing it. How do I get rid of the scour.com redirect virus?
When I do a google search, I get a bunch of results. However, when I click on a link, it goes to a different webpage - not the one shown on the search page. Sometimes it comes up at scour.com.
I looked up scour.com on Wikipedia, which states that there is a "redirect virus" that is infecting my computer. It cited "Mozilla Support." So, I am asking the Mozilla Forum - How do I get rid of the virus? McAfee is not finding and removing it, and neither is Malware Bytes anti-malware software. Any suggestions?
Modified by hetchhetchy
Additional System Details
A few times a week
This started when...
I do a google search
- npmnqmp 989898989877
- Office Plugin for Netscape Navigator
- Coupons, Inc. Coupon Printer DLL
- The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site.
- Adobe PDF Plug-In For Firefox and Netscape "9.3.3"
- NPRuntime Script Plug-in Library for Java(TM) Deploy
- Default Plug-in
- Shockwave Flash 10.1 r53
- Adobe Shockwave for Director Netscape plug-in, version 11.0
- iTunes Detector Plug-in
- Next Generation Java Plug-in 1.6.0_21 for Mozilla browsers
- McAfee Virtual Technician plugin for Mozilla (Gecko Version: 1.8b1)
- BlackBerry WebSL Browser Plug-In
- Google Update
- User Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:126.96.36.199) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)
I ran a full scan using McAfee and Malware Bytes anti-malware, but I still have the virus.
Perhaps it could be one of your add-ons.
First, make a backup of your computer for safekeeping. To back up Firefox, see Backing up your information.
Next, try starting Firefox in Firefox Safe Mode. Be careful not to "reset" anything permanently if you didn't back up.
Does that fix it? If not, try creating a new (blank) profile: Managing profiles.
If none of that helps, then most likely it is an external program.
computing.net suggests that this set of redirects are caused by hosts file poisoning. You can read more and find instructions to fix by reading that post.
I was infected with it too. Hitman Pro 3 fixed the problem for me. You can download a trial version at http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html
I had a similar problem with a computer I was repairing. Browsing would be hijacked to scour.com and even some porn sites. Turns out it was a rootkit - Win32.TDSS (Alureon). I found it with TDSSKiller from Kaspersky Labs, but TDSSKiller couldn't get id of it. I was able to successfully remove it with ComboFix (http://www.combofix.org/download.php). Be careful with it's use, though. It is a very powerful program. Cheers,
I have been experiencing this same problem for a couple of months now (started December 2010) and just simply ignored the redirect (and refreshed the page) as a workaround.
Browsers affected: Internet Explorer 8 (32-bit, 64-bit, and 'no add-ons' versions), Mozilla Firefox 3.6.13, and Google Chrome 9.0.597.98
- Make sure your Windows updates are up to date!
- Download/Install "ComboFix" from the following link: http://www.bleepingcomputer.com/downl.../combofix
- Save the file to your desktop (or where ever you prefer to save temp files).
- Close ALL APPLICATIONS (browsers, chat programs, email, etc)
- Run ComboFix. It may look like the application has frozen at launch, this is expected behavior, let it run! It will eventually launch a DOS command-prompt (blue background) and run through a series of steps (25-ish if I remember correctly) which take about 10 minutes (time may vary based on the specs of your machine).
- Once the steps are complete, it will automatically reboot your machine.
- Once your machine boots back up DO NOT OPEN ANY APPLICATIONS. The ComboFix application will automatically launch itself again (blue background DOS window), and run through a few steps.
Once this finishes - you're all set!
Follow-Up/Review: I performed this fix one two machines. One Dell laptop (xps x16) running Windows 7 Home Premium, and a custom-built desktop running Windows XP Professional SP3. I have not experienced the problem AT ALL since running the fix.
There may be other applications out there that can solve your problem, but this has been the best one for 'easy of use' and keeps the user (you) from having to do anything but click on a link, save a file, and run said file.
I give ComboFix a 5-star review!
Hope this helps!
Modified by wr3kka
ZoneAlarm is reporting this (combofix) as a malicious file. Is this right?
Thank you! I downloaded and ran Combofix, and it took care of my scour hijack problem
Had the same problem. Couldn't run bleepingcomputer.com 's ComboFix tool as I had AVG installed and could not get AVG uninstalled.
Tried a number of virus scans but none picked up the cause of this.
My Fix: 1. Download and run the latest version of sysinternals.com autoruns. 2. Click on 'Options - Verify Code Signatures'. 3. Close and restart autoruns. 4. Goto the 'Everything' tab. 5. Go down the list and deselect all entries where the Publisher is listed as 'Not verified. 6. Reboot pc and test IE - search for 'IE redirect scour'. The link for this site should be near the top. If still infected with the scour bug, this link will not work. 7. From the list that you deselected, re-enable them one by one and reboot after each one and retest IE. 8. Foe me - this process identified the 'Canon BJ Language Monitor MP250 series' as the cause of the redirects. It is listed under 'HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors'. The file is 'cnmlm9w.dll' located in 'c:\windows\system32\'. The Publisher was listed as 'CANON INC.' - this is a misspelling as other Canon software is listed as 'Canon Inc.' Hence the 'Not Verified' status of the Publisher. 9. Remove affected file, reboot and retest again.
Hope this helps some of you.
I've had to use combofix twice recenty, because of the scour redirect. The first time it worked like a charm. I set it aside for future use if necessary, and i'm glad i did. Last night I was hit with the Windows XP Repair virus. It hid my files and locked up everything. It even locked my ol' Inspiron 6000 in safe mode. Im glad to say that i was able to delete every last trace of the virus i could find, but my program directory in the start menu still came up empty. Well i googled it to see if i could find a fix and BAM!! Scour was back.
I ran Combofix again, to get rid of it, and it worked! again! only this time it had the added effect of restoring my programs to their proper place. I'm definitely thankful for this suggestion and will spread the good word.
ComboFix took care of it for me.
At least for now. I'd hold on to it for a while just in case.
Careful, my research indicates this "combofix" download may be a scam or virus/malware. All these new posters pushing it makes me even more suspicious.
I had good luck resetting my Internet Explorer settings. I don't know about Mozilla Firefox but it worked for IE.
I have no idea if it will work for anyone else or if I just got lucky but if you're out of other options and don't want to download any sketchy programs, this might be worth a shot.
First back up any Bookmarks or anything in your browser settings you don't want to lose. Click Internet Explorer Tools button (next to the star/favorites in upper right corner). Click on Internet Options. Click Advanced. Click Reset... (at very bottom) It says only do this if computer is in unusable state.
Modified by tips
I tried ComboFix and it did a number on my computer, rendering all shortcuts and virtually all executable files useless. For example, when I tried to run FireFox after using ComboFix it told me FireFox was a virus and slated for deletion, as was every other program except Windows Explorer when launched from Windows Key + E. I can only use that laptop in safe mode now, and I cannot roll back as System Restore is a virus and slated for deletion. I'm double checking my back up before completely wiping the computer and reloading all the software.
We all know you're trying to cash in off unsuspecting users, but what we don't know is ARE YOU THE ONE BEHIND THE VIRUS? Propabably, because if you're not part of the solution you're part of the problem.
Edited for language - Forum rules and guidelines
Modified by Shawn
Well, I have the same problem for some months already and I haven't found a way. Now I come in here for help and it's confusing because some of you recommended ComboFix, and a few have doubts... Are there any other solutions?
You won't know for sure until you try it. IF you don't want to try ComboFix (as suggested by many users in this thread), try the following:
-> Is my Firefox problem a result of MALWARE ??
- Popups Not Blocked - http://kb.mozillazine.org/Popups_not_blocked
-> Do a MALWARE check with these Malware Scanning programs. You need to scan with all programs because each program detects different malware. Make sure that you UPDATE each program to get the latest version of their Databases before doing a Scan. Also, Close All other Applications (softwares) before Starting to Run Scans.
- Malwarebytes' Anti-Malware - http://www.malwarebytes.org/mbam.php
- SuperAntispyware - http://www.superantispyware.com/
- Windows Defender Home Page - http://www.microsoft.com/windows/products/winfamily/defender/default.mspx
- Spybot Search & Destroy - http://www.safer-networking.org/en/index.html
- Ad-Aware Free Internet Security - http://www.lavasoft.com/products/ad_aware_free.php
Check and tell if its working.
How about trying this manual removal: http://blog.teesupport.com/how-to-guide-remove-scour-com-redirect-virus-scour-com-hijacker-removal-instructions/ ?
I followed this process and it worked. It was a little stressful because it found many files to delete, but when it was done, the Scour was dead. hoorah
comment deleted by a moderator. Combo fix worked fine for me. You have to wait a bit while it runs, but it solved the scour redirect issue for me. deleted by a moderator
verbal attacks toward other posters in the forum aren't allowed in this forum - don't personalize your comments
Modified by the-edmeister
I tried the ComboFix but it repeatedly failed, as it couldn't write the files it needed to. I don't know if that's because of AVG or something else, but I am truly miserable...