Why you should consider it: Learn how to protect yourself and download our first free tool custom built to rid yourself of Omegasearch.com and its variants.
“How did this thing get on my computer? How do I make it go away??”
Omegasearch.com Prosearching.com. Search200.com. Mysearchnow.com. Searchexe.com. Those are just a few of its’ names. Thousands of users worldwide have become suddenly familiar with some of these domains. And it was not because they wanted to. It was because they had their browsers hijacked. Learn how to protect yourself and download our own free tool, custom-built, to rid yourself of Omegasearch.com and its variants.
When a strange search page comes up as a homepage most users think “Oh, something has changed my homepage. I’ll just change it back.” That’s when they discover that it is not that simple. It may go away…temporarily. But after the next system reboot, when they launch Internet Explorer, there it is again. And perhaps this time it has a little friend…a small toolbar at the top of their browser.
Or, perhaps, they get a bigger friend…a big blue toolbar across the bottom of their computer screen.
A user may even acquire some new bookmarks to go with those toolbars.
You can imagine what kind of stuff is in those top two bookmark folders. Some of those links you wouldn’t want your mother to see on your computer.
The user tries reset their homepage again and again. They delete the uninvited bookmarks. They close the toolbars over and over. But none of these fixes last. Each time the PC is rebooted the toolbar pops up. The bookmarks return and the homepage is hijacked again every time a browser window is opened. The frustration sets in.
“How did this thing get on my computer? How do I make it go away??”
If this is you, then fear not fellow Internet Explorer user, for there is help. If any of the above images have infested your computer you can remove Omegasearch and its’ evil cousins quickly and effectively with a small, simple and FREE program from your spyware-hating friends at Short-Media.com. The program is called: OmegakillerSM.
Next page: History of the OmegakillerSM Project
Go to Page 3: Where to Get OmegakillerSM and How To Use It
Go to Page 4: Spyware – General Information and What You Can Do To Protect Your Computer
The History of OmegakillerSM (click here to skip down to the latest updated information)
At Short-Media.com we hate spyware. We hate spyware, virii, trojans, adware, worms and all the other forms of “malware.” We hate it so much that we created the Short-Media.com SVT SWAT Team (SVT being spyware, viruses and trojans.) The SVT SWAT Team consists of six dedicated Short-Media staff members who lead a growing group of enthusiastic spyware-hunters at our Security Forums. Visitors are able to seek free assistance and advice from our experienced group of users. They have a very high success rate in eliminating problems from user’s computers and, as a result, are ranking very high on major search engines for several different new spyware problems.
“Visitors are able to seek free assistance and advice from our experienced group of users.”
April 2004: a growing number of visitors to Short-Media.com’s Security Forums were posting about problems with a browser hijacker known as Omegasearch.com. We began to notice patterns to the “random” file naming structure of the infection files as well as identify variations on the hijack (different web search pages which are basically just mirrors of the same search site) after helping several users manually remove this annoying hijack and the accompanying toolbar. After digging a little deeper into the background of Omegasearch.com website, we noted that Omegasearch was simply a new version of an old pest. The “old pest “was Lop.com; a well known hijacker which has run it’s course as its removal had become fairly easy for the enthusiastic spyware-hunters of the internet’s many technical forums. C2 Media Ltd, the company behind Lop.com, had simply reincarnated their site with a new name; Omegasearch along with several variants.
April 9th, 2004: Short-Media.com published a manual removal guide for the Omegasearch hijack. Within days our traffic spiked phenomenally. New users joined our Forums in droves seeking help removing this annoying hijacker. We found more of the key words used in the “random” file naming structure and identified more of the variant “mirror” websites used in the home and search page hijacks: several versions with the name “Omega” in them plus the main variants Prosearching.com, Search200.com, Mysearchnow.com and Searchexe.com. Some of the other known variants are listed later in this article.
June 2004: After helping an overwhelming number of users remove this infection manually using the indispensable diagnostic program Hijack This, some members of the SVT SWAT Team kicked around the idea of creating an automated removal tool for the various Omegasearch hijacks. SVT member Mondi, a self-proclaimed “real-time visual artist, musician and programmer”, started trying to obtain some of the infection files from users who had been to our site for aid. Once he obtained copies of the infection files, he was able to hack the files and obtain the complete list of infection file name variables, as well as the list of currently used search page variants.
From there Mondi spent a few nights compiling the results of various infections, wrote a basic remover and dug deeper into the core dumps of the infection files. In the classic stereotype of a programmer’s life Mondi lived on a standard diet of coffee and cigarettes. At 5:30 AM after an all-night coding binge testing and refining the removal tool, coding in C, Mondi came up with a version that he was comfortable with and posted it to the Short-Media.com staff forum as a beta under the post title “Here Goes Nothing”. The OmegakillerSM program was born.
June / July 2004: Members of the Short-Media Moderating Staff proceeded to infect their own computers to test the beta version. They also worked on obtaining more varieties of the infection files from new users on our forums. Mondi was sent back to the code numerous times with bug fixes, suggestions and new variants that were not being removed by the original beta. It was truly a team effort.
“…the program performed flawlessly.”
The team eventually got to the point where they knew it was going to work safely and reliably but testing an anti-spyware program on the computers of experienced spyware-hunters was not a thorough beta test. How would the program work on the computer of an “average” user who, unlike most of us on the Short-Media.com staff, may unknowingly have several different SVT problems on their computers? Would other SVT problems interfere with OmegakillerSM? We tested it in Windows XP and 2000 but would it work on other versions of Windows like 98, 95 or ME? So we set out to quietly and selectively test it with new users who visited our site for help. In almost every case the program performed flawlessly. When it did not we sent the file and URL variants to Mondi for addition to the database. OmegakillerSM version 1.0 was ready for public release after a track record was established of enough results to know that SM had a good app.
July 21, 2004: OmegakillerSM v1.0 is Released!
Update: We have discovered that OmegakillerSM will not work on Windows 95, 98, or ME. It will only work on Windows 2000 and XP at this time. We hope to have full 95/98/ME compatibility sometime in the future. Users with these operating systems are invited to join Short-Media.com’s Security Forums for free, and receive help with manual removal, which is a quick and easy procedure.
“…the folks behind the Omegasearch hijacks do not want you to have control of your own computer…we happen to disagree with them…”
Update: August 8, 2004: OmegakillerSM version 1.1 is released!
Shortly after version 1.0 was released we began to see brand new variations in the Omegasearch hijacks. New domain name variants, new infectant application names, randomly named search pointers, and processes hiding themselves by masquarading as Internet Explorer windows. Was it coincidence that these new variants started showing up about one week after OmegakillerSM 1.0 was released? We don’t think it was a coincidence. How do we know that? Some of the new infectants actually undo the HOSTS blocks the Omegakiller 1.0 can set to block their domains from showing up on your computer. Their “undo” list matches our block list, right down to the order Mondi typed the domains in. What this means is simple: the folks behind the Omegasearch hijacks are watching us here at Short-Media, and they do not want you to have control of your own computer! Well, we happen to disagree with them…
OmegakillerSM 1.1 features several new additions and improvements, such as:
- removal of all currently known domains (complete list on page 3 of this article)
- improved variant scanning
- removal of the random search pointers and masquerading processes
- multi-pass cleaning
- improved hosts file check and additions
Update: August 18, 2004: OmegakillerSM version 1.2 is released!
The Omegasearch hijacks are mutating again. This time it is different process names / file paths. Some installations of the hijack get some uninvited new desktop icons installed on their system as well. Our programmer Mondi has quickly found the solution to the latest variants, and another round of Short-Media vs scumware creators begins.
OmegakillerSM 1.2 features / improvements:
- removal of new desktop icons installed by hijack
- detection of spawned subsidiary process
- user option to always run homepage reset feature
Next Page: Where to Get OmegakillerSM and How To Use It
Go to Page 4: Spyware – General Information and What You Can Do To Protect Your Computer
Where to Get OmegakillerSM
OmegakillerSM is available for free download at Short-Media.com’s Security Downloads Page. Updated versions will be posted there occasionally as new variants of infection files and hijack domains are identified by the Short-Media.com SVT SWAT Team.
Currently, OmegakillerSM vesion 1.1 identifies and fixes browser hijacks and toolbars pointing to the following domains:
omegasearch.com; omega-search.com; prosearching.com; search200.com; mysearchnow.com; searchexe.comactive-max.com; search.active-max.com; allaboutsearching.com; mazingautossearch.com; contexualsearch.com; crap2.com; dialup2.com; ecpm.com; find-quick.com; lop.com; maxexp.com; mp3search.com; netsearchsoft.com; rub.to; sbvr.com; searchweb2.com; spawnet.com; tdmy.com; tefs.com; tfil.com; tdko.com; wrn.net; lyricsdomain.com; trinityacquisitions.com; wethere.com; asearchforyou.org; errorfreesearch.com; intelesearch.com; isearchhere.com; iwantosearch.com; opensearch.org; searchbee.net; searchhotsex.com; ifsearch.com; mastersearcher.com; look-today.com; aavc.com; acjp.com; ecmh.com; wabu.com; wabq.com; maximumexperience.com
Many of those have alterations such as www.omega-search.com and best.omega-search.com. Listed here are just the domain names themselves for simplicity. However, the known variations on the portion of the URL preceding the domain are programmed into OmegakillerSM.
In some cases the domain you are hijacked to is unreachable. When this happens you get an “about:blank” home page with a page not found error on your screen. There are several hijacks which can cause “about:blank’s” and OmegakillerSM will not fix all of them. It will fix only the ones that are related to the domains in its’ database. If you are having an “about:blank” homepage problem then please try OmegakillerSM but be forewarned that it may not be able to 100% cure the specific problem.
Users who find variants not corrected by OmegakillerSM are encouraged to contact us. The program contains a link entitled “Didn’t work? Have a different problem? Need more help? Visit Short-Media.com’s Security Forums!” Clicking that will take you to our free forum, directly to the Security section. Simply join the forums with a username of your choice, then create a new thread in the Security forums explaining your problem. One of our many knowledgeable users will be happy to help you.
Caution: The OmegakillerSM tool has been thoroughly tested as safe to remove Omegasearch hijack files. We caution users to always keep a backup of important files in every event. Short-Media.com and its members and staff are not held responsible for incorrect or misuse of the OmegakillerSM tool or any associated event that may cause loss of data.
How to Use OmegakillerSM
Download the program from Short-Media.com’s Security Downloads Page. I recommend you place it in it’s own unique folder such as C:OmegakillerSM or in its’ own folder in your My Documents folder. This is an important first step! If OmegakillerSM identifies any of the infection files or registry entrees it will create a sub-folder called “backup.” It will quarantine the files and entries in this backup folder. You have the option of later restoring any of these files from the backup if you encounter serious problems after removing them. If you run OmegakillerSM from your desktop then this backup folder will appear on your desktop adding to the clutter. If you run it from a temp directory or from immediately inside your My Documents folder then the backup folder will be created there. If you later move the the OmegakillerSM program it may not be able to locate these backups and will be unable to restore them. Do yourself a favor now and take 10 seconds to make an OmegakillerSM folder somewhere that is easy for you find and put the program in there before you run it.
When you run the program, you will get the main window:
If you have downloaded the program from somewhere other than Short-Media.com’s Security Downloads Page or if you are re-running this program some time after you downloaded it from us then you should click the button labeled Check for Updates. This will take you to Short-Media.com’s Security Downloads Page. Compare the version number (v X.X) in your window to the version number listed on the download page. If the download page has a newer version then please download it, as that will contain the latest information on Omegasearch and its’ variants in the database. If the versions are the same then carry on.
If you are particular about reading license agreements then please click that button next. It will tell you that this program is copyrighted freeware. It will also tell you to use OmegakillerSM at your own risk as you do with any program. Standard liability limits apply here folks and we extend no warranties of any kind; express or implied. Take it from me that OmegakillerSM works well and should not pose any risk to your computer.
Once you have read the legal-speak, or just ignored it at your own discretion, then your next step is to make a decision: “add omegasearch blocks to hosts file?” If you do not know what this means, click the link that says “what is this” for a quick lesson on your internet HOSTS file and how OmegakillerSM can block your computer from going to Omegasearch.com or any of their other domains ever again.
Once you have either read that explanation, or already knew what a HOSTS file is, choose whether or not to add the blocks to your HOSTS file. Check the box if you wish to add the blocks to your HOSTS file. I do recommend it – if you get re-infected by an Omegasearch hijack, this will at least keep their sites from showing up in your browser, an action which directly affects the owners of Omegasearch, as it reduces their overall traffic count, which reduces their attractiveness to their advertisers.
Either way, now you are ready to scan! Simply press the button conveniently labeled GO!!
OmegakillerSM will scan your active processes, system registry, BHO’s (Browser Helper Objects), browser toolbars and bookmarks. The scan takes only seconds to run on most computers. If the scan will find matches to known Omegasearch infection files you will see something like this:
The color highlights are not in the program, I have added them here for explanation only. Items highlighted in yellow are matches to OmegakillerSM’s database of known problems. Items highlighted in blue are the actions OmegakillerSM took to clean up the problem.
If any known Omegasearch variants are located in any of the scan areas, OmegakillerSM will terminate their process, remove the file, and remove any startup entries associated with the file. Omegakiller SM v 1.1 intorduces multi-pass scanning. It will run a second scanning pass, which will close all active Internet Explorer windows, and will stop and restart the Windows Explorer process. You will see your desktop flash off then back on, do not worry about this. If OmegakillerSM determines that it needs to run a third or even fourth pass to clean up your infection, it will do so.
If a known Omegasearch browser hijack was detected, you will be given the following window:
This window allows you to choose what to reset your homepage to. By default it will set your homepage to a blank page. You may alternately choose to set your homepage to Short-Media.com – a great homepage by the way. (Shameless plug – we have a really great site with loads of news, hardware and software reviews, people who can help you through all kinds of computer problems and a top-rated “Folding For a Cure” Distributed Computing team.)
Or you can choose to use the Other setting. By default “other” is set for MSN.com (the Internet Explorer default) but you may type in any page you want into that box. Just don’t type in Omegasearch.com… Hit OK to return to the main menu.
The dialogue window of the main menu should now say “all done.” You may scroll up the text in the window to see what OmegakillerSM found and what it did. When you are done reading click the Exit button to quit the program.
If your scan did not locate any known Omegasearch variants, you will see the following:
If it tells you that your system is clean but you know that you still have a problem of some sort then click the “Didn’t work” link to reach our user forums and post a thread as described earlier on this page.
If you find that your browser will not work after removing Omegasearch or its’ variants, or some other unforeseen problem occurs, you can re-run the program and click the Restore button to see a list of what was removed and placed in your backup folder:
You may then click any item and restore it. If you do encounter a problem and had to run the restore feature to make your browser work then please contact us via the “Didn’t work” link. In most cases you should never need to use this feature.
After running this program I recommend that users of Windows XP create a new System Restore point to flush out any remnants of the infection in case a system restore is required in the future. Click Start -> All Programs -> Accessories -> System Tools -> System Restore. When the System Restore Utility opens click “Create a Restore Point” then click Next.
Enter a name for this Restore Point (I would just use the date or “After Sweeping Spyware” or something to that effect) and click Create. This will create a new restore point that should not have the Omegasearch items in it.
That’s all there is to it. A free, safe, fast, effective tool to remove one of the more annoying pieces of adware / spyware on the web today. How do you prevent this, or other problems like it, from happening again? What is this stuff? Why do they do it? Read on, and learn.
Next page: Spyware – General Information and What You Can Do To Protect Your Computer
Spyware – General Information
Spyware and adware are two of the most rampant causes of computer problems worldwide. Companies are making money by monitoring what websites you visit and serving you advertising based on your browsing habits. Often these programs are disguised as cute, helpful tools, like weather information programs, download accelerators, e-mail smiley graphics, and more. Companies are making money by taking over your browser, forcing your homepage and search page to point to their site. Companies are making money by installing toolbars on your browser under the guise of being “helpful” menus. Companies are force-feeding you bookmarks to sites owned by their advertisers.
On the surface, it is all legitimate: when users willingly install one of their shell applications like the ones mentioned above, they rarely read the fine print, which vaguely mentions (in fancy “legal language”) that you are agreeing to install a program which will send you advertising based on your browsing habits. If you succumbed to the temptation to “add smilies to your Outlook E-mail” or were concerned that “Your computer’s date and time appeared to be incorrect” or you really, really, really wanted a “weatherbug” on your computer, chances are that the “free!” software you recently installed contained spyware.
“…spyware creators are not even so obvious, installing themselves in a true hijack fashion – performing a “drive-by” installation…”
Sometimes, spyware creators are not even so obvious, installing themselves in a true hijack fashion – performing a “drive-by” installation when your browsing habits cause you to stray across a questionable site. A slight pause of your browser window, a whir of your hard drive, and the next time you boot your computer, you are hijacked.
Spyware and adware is a battle for control of your computer. The battle is multi-faceted: they are not only fighting you for control of your computer, but the spyware / adware sites are fighting each other for control of your computer. Every hit on their pages is an increase in their traffic count. In the world of internet advertising, traffic is the single most important consideration. How many “eyeballs” you can deliver each day determines how many advertisers pay top dollar to be on your search page. If you do a search through the search engine of a hijacker’s site, the top search results will often have very little to do with your query terms, and will almost always be paid advertisers. If you click any of those links, you just put money in the hijacker’s pockets. Advertiser’s pay by the “click-through”, the more clicks that lead from the hijackers’ site to an advertiser’s site, the more money changes hands. A nickel here, a quarter there….with thousands or even millions of click-throughs per day, the hijackers can stand to make a nifty chunk of change. The stakes are high, with thousands, even millions of dollars in advertising revenue up for grabs. For that money, they have to get their pages and their software on to your computer by any means they can, and they have to make sure that their software is, for the average user, hard to find and hard to remove. They also have to make sure that their software or homepage hijack works better than the other site’s software. Multiple infections often means a clogged computer, with RAM and CPU resources strained by competing pieces of scumware. Many times this author has seen customers’ computers that could not even boot up at all because of different pieces of spyware and adware fighting for control of the computer at startup.
And the rub of it all: what they are doing is basically legal. They straddle a legal gray area, hide behind their privacy statements, disclaimers, and End User License Agreements. They deny installing anything on your computer without your knowledge. But the thousands or millions of users who have been “hijacked” know that this is not true. Or is it? Hidden installers, hard to remove software, random file names, redundant infections, multiple site name variants…it all points to a very methodical plan to make sure your computer visits their sites and that you see their advertisers’ goods. But in some cases, the website companies themselves may not have actually written the software that has infected your computer, at least not directly. They may have hired a 3rd party company to write it and distribute it for them. They distribute the infection files in various places on the net, one of the most common being peer-to-peer file sharing apps like Kazaa. Infection files masquerade as pornography, serial numbers for software, “cracked” versions of games, etc, and wait for naive users to download and open them on their computers.
In other cases, infection files wait for you not in the P2P world, but on the regular World Wide Web itself. In these cases, the infection files are often hosted by 3rd party websites. Usually, these are of questionable nature as well: pornography sites, music trading sites, “warez” sites hosting hacked and cracked free versions of sought-after software, especially games, or “serialz” sites offering shared serial numbers for the same. In these cases, hijack software often contains a “referrer ID”, a unique name or number which identifies where the infection came from. If your computer got infected while visiting “Jimmy’s house of dirty pictures and free software”, every time you end up at the hijackers’ search page and click an ad link, Jimmy gets paid a nickel, or a dime, or a quarter. There are websites where people like Jimmy trade information on which search site paid them this month, how much they got paid, and which sites are the best in terms of prompt and bountiful payment. If Jimmy made $50 this month from Omegasearch, then Johnny and Franky and Freddie are all going to want a piece of that action. They obtain the infection installer, with their own unique referrer ID, and then wait for you to visit the wonderful, free goodies they have at their own sites. A pause, a whir of your hard drive, and you got more than what you came for, and Johnny or Franky or Freddie are also making money at your expense.
The internet was created on the principle of free and safe exchange of information. It stopped being that long ago. But as long as users fight back, take the time to educate and protect themselves, practice safe browsing habits, and make sure that they are not unwittingly spreading security problems themselves, then at least we can make it that much harder for those who profit from scumware.
What Can You Do to Protect Your Computer?
- Educate yourself: a good place to start is right here at Short-Media.com, with this article on Defeating Spyware. It discusses ways to improve your browser security and use programs to protect yourself from these kinds of problems.
- Get the tools to protect yourself: start at Short-Media.com’s Security Downloads Page for adware / spyware scanning, prevention and removal tools.
- Get expert help if you need it: and it doesn’t even have to cost you money. Log into Short-Media.com’s Security Forums for answers to questions, advice for protection, and assistance with removal of spyware / virus / trojan infections.
- Practice safe browsing habits: if something sounds too good to be true, it probably is. Free porn, software, or music is often financed by foisting scumware onto your computer. Think twice before you visit these kinds of sites, download this type of material from file-sharing services, or click “YES!” to any pop-up offers of free utility software.
- Change internet browsers. Internet Explorer is used by around 90 to 95% of web surfers today. It follows logically that most spyware applications will be tailored to IE. But there are other excellent browser options available for free such as Mozilla, Firefox and Opera. These are covered in the Defeating Spyware article, and download links are available there as well.
It is our hope that we have helped you clean up some problems with your internet browsing experience, or simply educated you about potential risks and how to secure your computer against them. Safe and happy browsing to you all!