S.coldsearch.com Malware Removal From Chrome/Firefox/IE

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

This page aims to help you remove S.coldsearch.com. These S.coldsearch.com removal instructions work for Chrome, Firefox, Internet Explorer and Safari, as well as every version of Windows.

S.coldsearch.com Removal From Chrome

S.coldsearch.com In Google Chrome

So you are probably here because your PC has been infected with a genuine threat. Fortunately that’s not so bad, there are much more dangerous viruses in existence and if you follow our instructions as outlined in the article below the malware will be safely removed from your machine. What we are dealing with in a malicious threat of the browser hijacker variety. S.coldsearch.com exists to spam advertisements whenever you browser the internet and you will be seeing a lot of them until it is removed. These Ads most often spawn in the form of Flash-based banners and pop-ups, but sometimes also certain keywords can be turned into hyperlinks, which also display an Ad when hovered over.

Avoid interacting with S.coldsearch.com in any way

This redirect may not be very dangerous, but still remains malicious and you should be wary of it. Anything it offers you in the form of Ad or file for download is potentially very dangerous.

Reputable online stores seldom advertise with the help of programs like this virus, but may be added for free in order to make the browser hijacker appear more legitimate. Most of the Ads actually lead to dangerously infected sites that can also try to steal your account names and passwords.

Even more dangerous are any downloads offered to you by the malware. The virus has a particularly nasty side to it – it may create Ads that try to look like system messages. These will always contain fake error and problem reports. The goal is to scare you into downloading an infected executable file, which “contains” a free program that can help you with the problem. Another variation of this trick is when you are asked to download a patch/update for a missing plug-in, video codec required to view online media or update some outdated program. There are also the classical scams that offer free download accelerators and many other utilities that you don’t really need, but it may try to make you install anyway.

As you can see for as long as you have this virus on your computer you cannot be absolutely certain if your computer has a problem or not. Proceed to the removal guide below and make sure you don’t install anything system related from an Ad until S.coldsearch.com is dealt with.

How was your computer infected with S.coldsearch.com?

If is a hard question to answer, because there are many tricks in existence. Generally it could have come as part of a software bundle or maybe as some email attachment or from a fake download link in a torrent/online storage site. When you are about to install an executable file make sure you downloaded it from a safe place.


Name   S.coldsearch.com
Type  Browser Hijacker
Danger Level Medium.
Symptoms Being redirected to websites on new tab, browser startup, or whenever you click on links.
Distribution Method Software bundles, malicious files, illegal torrents, spam email attachments.
Detection Tool Malware and Adware are notoriously difficult to track down, since they actively try to deceive you. Use this professional parasite scanner to make sure you find all files related to the infection.Sponsored

1: Enter Safe Mode.
2: Remove S.coldsearch.com from Chrome, Firefox, Internet Explorer and Safari.
3: Remove the virus from browser shortcuts.
4: Uninstall the virus from your Add/Remove Programs.
5: Permanently delete the threat from Task Manager’s processes.
6: Uninstall the virus from Regedit and Msconfig.

Remove S.coldsearch.com

Things readers are interested in:


The first thing to do is a reboot in Safe Mode. If you already know how to do it, just skip this and proceed to Step 2. If you do not know how to do it, continue reading:

For Windows 98, XP, Millenium and 7: 

Restart your computer. To be sure you don’t miss the time when you need to press it, just spam F8 as soon as the PC starts booting. Then choose Safe Mode With Networking.

For W8 and 8.1:

Click the Start button, then Control Panel —> System and Security —> Administrative Tools —> System Configuration.Administrator permission required


Then check the Safe Boot option and click OK.  Click  Restart in the pop-up.

For W10:

  1. Open the Start menu.
  2. Click the power button icon in the right corner of the Start menu to show the power options menu.
  3. Press and hold down the SHIFT key on the keyboard and click the Restart option while still holding down the SHIFT key.

W10 will perform the reboot. Next do the following:

Click the Troubleshoot icon, then Advanced options —> Startup Settings. Click Restart.
After the reboot click on Enter Safe Mode With Networking (Fifth Option).


To remove parasite, you may have to meddle with system files and registries. Making a mistake and deleting the wrong thing may damage your system.
Avoid this by using SpyHunter - a professional Parasite removal tool.

Keep in mind, SpyHunter’s malware detection tool is free. To remove the infection, you'll need to purchase its full version. More information about SpyHunter and steps to uninstall.

With Safe Mode enabled it is time to delve into your internet browsers and remove S.coldsearch.com’s attachments to them. It is added via an add-on, so execute Step 2 and Step 3 for every browser you have on your machine. If any confirmation message pop-ups read it carefully, as one of the options could lead to new software installations or visit to an internet site. Avoid either of those, since they can only lead to more trouble.


If for any reason you receive a message that you are locked by the admin or something of the sort, check Step 6 for the solution (you need to go in regedit; that step covers the process of entering regedit and tells you what to do)

ie9-10_512x512  Remove the Malware from Internet Explorer:

Open IE, then click  IE GEAR —–> Manage Add-ons.

pic 3

Find the virus. Remove it by pressing Disable.

If your Home Page is different from the usual, click IE GEAR —–> Internet Options>edit the URL box with your preferred search engine, and click Apply.

firefox-512 Remove S.coldsearch.com from Firefox:

Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

S.coldsearch.com in Firefox

S.coldsearch.com  should be somewhere around here –  Remove it.

chrome-logo-transparent-backgroundRemove S.coldsearch.com from Chrome:

 Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon(Remove).

S.coldsearch.com in Chrome

 Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Remove everything but the search engines you normally use.

safari Remove the malware from Safari:

Open Safari, and click Safari —–>Preferences —–> Extensions—–>Uninstall the malware.


Right click on the browser’s shortcut, then click Properties.

NOTE: We are showing Google Chrome, but the method is the same for Chrome, Firefox, Internet Explorer, Safari, and Microsoft Edge.


Once you’ve reached Properties —–> Shortcut (on the band at the top), then in the Target type field, REMOVE EVERYTHING AFTER .exe.


Hold the Start Key and R together. Write appwiz.cpl in the field, then click OK.


You are now in the Control Panel. Search around for S.coldsearch.com and suspicious-looking programs. Uninstall it/them. Also, be extremely careful. Viruses often spend one last ditch effort to trick you into installing more of their kind. If you see a screen like this when you click Uninstallchoose NO:


Hold the Start Key and R againbut this time copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A .txt file will open – don’t type or change it. If you are hacked and someone has access to your PC, there will be a bunch of other IPs connected to you at the bottom. This is what a hosts file looks like:

hosts_opt (1)

If there are a bunch of strange IPs connecting to you below “Localhost” you may be hacked, and it’s best to ask us in the comments for directions.


Open the Task Manager by right clicking on the Taskbar and choosing Start Task Manager.


Once it opens, choose the Processes Tab. Look at all of the processes in front of you and try to determine which ones are a virus. Google them or ask us in the comments and we will provide the best assistance we can.


This is perhaps the most important and difficult step, so you need to be very careful and doublecheck before deleting anything. Doing this wrong can cause damage to your OS or other important programs if you make a big mistake. If you are not feeling comfortable, we advise you to download the professional S.coldsearch.com removal software we recommend. Additionally, accounts connected to your credit cards, or important information, may be exposed to other viruses that may lurk hidden in the background. If you decide to go with the program make sure to run a full system scan to identify and neutralize any such threat.


Right click on each of the virus processes separately and select Open File Location. Also, End the process after you open the folder. Just to make sure we don’t delete any programs you mistakenly took for a virus, copy the folders somewhere, then delete the directories you were sent to.


Take a look at the following things:

Type msconfig in the search field and hit enter: you will be transported to a Pop Up window. 


Go in the Startup tab and Uncheck entries that have “Unknown” as Manufacturer.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If you can’t find them this way, look in these directories, and delete/uninstall the registries manually:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious, but bear in mind they are always different.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random


If you are receiving messages about being locked by the admin when you try to delete extensions in your browsers, go in C:\Windows\System32\GroupPolicy\Machine. There should be a file registry.pol. Delete that file.

Remember to leave us a comment if you run into any trouble!

Did we help you? Please, consider helping us by spreading the word!

  • Gautam Jain

    In the hosts file,I see these two entries below the localhost tonec.com http://www.tonec.com

    What to do now?Kindly help!

  • HowToRemove.Guide Team

    These are safe. You should be fine. These are websites related to Internet Download Manager. It is very unlikely they are connected to the virus.

  • Alex Ferna

    I dont know wich registrys should i delete. May you help me? I also did not find any suspicious process in my pc, but i used a program called adw cleaner before starting searching, so i guess he removed for me?!?
    And i couldnt enter microsoft edge to remove the extensions, it says something like i can not use it while in intern admin account. What should i do?
    Thank you guys, sorry for the bad english, i am brazilian : )

    • HowToRemove.Guide Team

      The different versions of the virus can contain different registries, so I can’t really help you. If you ask me about specific registries, as in “CinemaPlus” or “Thebrowser” I can answer you, but otherwise it’s trying to find a needle in the haystack. The registries provided in the article are the most common places you should look.
      Ignore Edge for now. Maybe the virus is blocking you from entering it.
      Do you still experience, pop ups, a slowness, things like that? I can’t really answer if the program helped you or not unless you give me something specific 🙂 It’s possible your problem is already solved.

  • HowToRemove.Guide Team

    Theoretically both the scanner in the advertisements and reinstalling windows should help you remove the virus completely.
    If you don’t want to do that wait for a little longer, I’m looking into this “applied by admin” thing. The creators of the viruses really like to tweak them over time to make sure no guide works forever. I’ll find out what they did and update the instructions later today.

    • Салваторе Тото Риина

      Did you update it?

      • HowToRemove.Guide Team

        Yes, I did. Look for the parts that say “update” and you’ll see it 🙂

        • Салваторе Тото Риина

          Okay i deleted that alredy and still can’t change it?I have nothing i can delete that is s.coldsearch releated.all regedit done,everything but still the engine is locked,any ideas?

          • HowToRemove.Guide Team

            Try using the scanner of the remover in our advertisements. It should point you towards the infected files.
            Also, thank you for the CMD fix 🙂 I’ll update the guide with it.

        • Салваторе Тото Риина

          Hey so i found a way to remove this setting ”Enforced by administrator” best way is ot open cmd and type these 3 lines,after each line click enter (Close chrome if you are using it)

          RD /S /Q “%WinDir%System32GroupPolicyUsers

          RD /S /Q “%WinDir%System32GroupPolicy

          gpupdate /force

          And then check back 🙂

  • harsh

    I am getting under “localhost name resolution is handled within DNA itself.”
    “# activate.adobe.com”

    is this safe?

    • HowToRemove.Guide Team

      Yes, that’s fine. It’s a safe IP that connects to you through Flash or Adobe PDF reader.

  • HowToRemove.Guide Team

    That’s a safe IP. It’s Mcafee (obviously). It’s not something dangerous.

  • HowToRemove.Guide Team

    Are you willing to provide me with a screenshot of your Task Manager’s processes? There must be something we’re not finding.
    You are 100% sure you did everything correctly, right? The guide should work. If it’s not working I want to find out why.

  • Hornigold

    I had a problem deleting all the entries under Policies, Chrome. Only one entry could not be deleted. FYI.

  • HowToRemove.Guide Team

    Do you know why serwer2.paka-service.com and ns386119.ovh.net would be here? Mirillis also seems suspicious, because it tries to sell a product for remote accessing of your Pc, although it also provides a streaming program for gaming. Do you use such a thing?

    • Kevin P down.baidu2016..com 123.sogou..com http://www.czzsyzgm.c.om http://www.czzsyzxl..com
      so this is what i have under localhost
      are all of this ip include in adware or virus?
      because even though there is no ip for s.coldsearch, it is still enforced by admin and it does not want
      to be deleted even though i use right click run as administrator
      also including in safe mode, as i try to delete the search bar at the omnibox (chrome) it still appear
      after restarting my laptop

      • HowToRemove.Guide Team

        Hi Kevin, run Notepad as admin first, then open the hosts file from the open menu inside notepad,

  • SJ

    Can’t find

  • HowToRemove.Guide Team

    Check out this location and delete all the files inside. C:UsersUserAppDataLocalGoogleChromeUser DataDefaultLocal Storage Then restart your browser and check out which files reappear. If any of them look suspicious then rename them by adding a few news letters (don’t delete the whole name). Iet me know if this helped.

    • Davide Natale

      I already succeeded in solving my issue so i can’t say if what you are suggesting would have worked as well, but i’ll tell you what i did, which doesn’t seem that different… i searched C:/Windows/System32/GroupPolicy/Machine and i found a file called registry.pol which i renamed registry.sav… that could unlock tha admin thing, allowing me to delete coldsearch from the default search browser

      • marco costantini

        I have done the same, but I cannot delete the default search browser!

        • HowToRemove.Guide Team

          Hello Marco, what exactly did you do and what is the unresolved issue? Please elaborate a bit and hopefully we can help you.

          • marco costantini

            I don’t know how, maybe with spybot, but I solved the issue! thanks a lot!

          • HowToRemove.Guide Team

            Glad to hear it! 🙂

  • Cecilia Varzi

    Hi, I did all the steps above and the problems seemed solved but now coldsearch is back. I then tried with what you suggest below (both C:UsersUserAppDataLocalGoogleChromeUser DataDefaultLocal Storage and C:/Windows/System32/GroupPolicy/Machine), it works but then it comes back. Any suggestion? Cecilia

    • HowToRemove.Guide Team

      Hello Cecilia, I’d recommend you download the software we suggested in the article. The scanner is free and might help you locate your problem files. Let us know how this goes.

  • Sumanth Chidura

    same problem with me, what is the solution?

    • HowToRemove.Guide Team

      Hello Sumanth,
      please provide some information what you’ve done up to this point so we can try and help you.

  • Sumanth Chidura

    what is the solution, i have the same problem.

  • HowToRemove.Guide Team

    Thank you for the information 🙂 I’ll add this to the guide.

  • HowToRemove.Guide Team

    Hi Adi,

    Try exiting chrome, then right clicking on its icon -> properties. From there look for a box that says start as administrator. Click it, then apply->save&exist. Now open Chrome and try again.

    DId it work?

  • HowToRemove.Guide Team

    What is the ip and the name besides it? Some IPs are safe. I need to see it and I can tell you.

  • Ali

    No troubles BOSS you are “GREAT”

    I’ve been trying for 43 days to remove s.coldsearch from mt chrome finally I did it today with your help.

    Thanks so Much !!!!!

    • HowToRemove.Guide Team

      You are welcome Ali. We are glad that you find our guide helpful. Next time when you have issues regarding malware, you know who would help you 🙂 Contact us if you need assistance.

  • jk

    Hello: Windows 7 Professional. SpyHunter has found ColdSearch in my system, but it does not appear under ‘Extensions’ in any of my browsers (Firefox, Chrome, IE), or under ‘Programs and Features’ in Control Panel. Also getting the BSOD with the mis-spelled ‘DRIVER_IQRL_NOT_LES_OR_EQUAL’ message. Obviously a fake if the illiterates can’t even spell ‘LESS’!! But I can’t seem to find it anywhere, nor remove it! Any hints? Will I be forced to actually have to PAY for SpyHunter??! Thanks!! jk

    • HowToRemove.Guide Team

      Hi jk,
      when SpyHunter found ColdSearch does it say where it found it?

  • HowToRemove.Guide Team

    Hi tonnytjuu,
    what exactly is preventing you to remove Coldsearch ? Did you find any step difficult to complete ?

  • HowToRemove.Guide Team

    Hi tonnytjuu,
    at this point i suggest you to download our software from one of our banners above and use the free scan feature. The scan will locate the infected files where you can delete them manually. Keep us posted if you have further issues.

  • HowToRemove.Guide Team

    Hi joel, do they start with or If they do let them be, otherwise delete them.