Is your Internet searching going places you don't want to? Do you feel someone else is in control? Omegasearch may be the culprit and it's a pesky program you may have installed without knowing. This is Short-Media.com's how-to guide on what Omegasearch is, why you may not want it, and how to get rid of Omegasearch.

Read it here (http://www.short-media.com/review.php?r=235)

An awesome read Dexter.

I haven't been unlucky enough to suffer it .. but :eek:.. I never realised the kind of havoc it does cause :mad:

Great article Dexter. :)

People should understand that if they have OmegaSearch/C2.LOP/LOP.COM installed on their computer, it's usually a symptom of a larger problem, and chances are they have other adware/malware on their computers as well. I would highly recommend that anybody who has benefited from this article run a spybot scanner such as AdAware or SpyBot Search & Destroy (or both), because it's a very good bet that they have other malicious software going on.

Nice guide. Let's hope i never have to follow it. :)

Spybot S&D will stop your system from being HJ'd. I would highly recommend everyone to install this puppy. It doesn't have any built in SB either! :D

Good advice, guest.

Spybot S&D version 1.2: http://download.com.com/3000-8022-10194058.html?tag=lst-0-2

Dexter...

Dexter,
I need help. I went through and tried all the methods of removing omegasearch.com byt the bar at the bootom of my page just will not go away. Help
Willie

Run HiJackThis and copy and paste the log here. Perhaps you still have some remnants left over.

Can't seem to get rid of omegasearch. Any help would be appreciated.

thx
Jess


Scan saved at 12:03:38 AM, on 15/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\DEFAUL~1\Delete Web Proc.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\The Crook\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.emachines.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DE761B33-CB30-71B5-BF7F-B2721AA000B4} - C:\PROGRA~1\CAKEFI~1\htmtwo.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Loadbalmlite - {E396CC0F-29EE-75D2-A5FA-BEDE2A709103} - C:\PROGRA~1\CAKEFI~1\htmtwo.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [book send] C:\PROGRA~1\DEFAUL~1\Delete Web Proc.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

What a great team you lot are, got rid of it in seconds when i've been trying for two days.

THANK YOU

Clive

I just wanted to say that I've got omega search twice now. I just formated my computer clean, back to surfin the web (i'm a pretty cautious web surfing.. never click on the yes to install apps and other things that promt always get turned down). I was surfing the web for 5 minutes before I open another web window and find that familiar application is back. This means that this app got installed by just my browser viewing a pop-up they had off some site. I also was only lookin at military sites for information on a plane when this happened (wasn't a military site as i've used these before and been fine, but a pop-up that came from one of the other links I selected from a search engine on military planes). Anyways, just makes you so agrivated with these people that do this, and all the trouble you have to go through to remove it when you haven't even installed anything! Just a heads up that omegasearch is full of crap when they say you have to consciously click yes to instal something, or supose to know that its being installed.

@Jessica

follow the instructions here (http://www.short-media.com/forum/showthread.php?t=12173) to delete

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {DE761B33-CB30-71B5-BF7F-B2721AA000B4} - C:\PROGRA~1\CAKEFI~1\htmtwo.dll
O3 - Toolbar: Loadbalmlite - {E396CC0F-29EE-75D2-A5FA-BEDE2A709103} - C:\PROGRA~1\CAKEFI~1\htmtwo.dll
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - HKLM\..\Run: [book send] C:\PROGRA~1\DEFAUL~1\Delete Web Proc.exe

Hello!

My Computer has been hijacked by Omegasearch :mean:

I have run both Adaware pro and spybot without any effect.
I have even edited the registry, as described in one of the other threads on the forum, but no go!

All the entries containing omegasearch in the attached log from hijackthis, have also been deleted by means of the software, but omegasearch keeps coming back.

Could anyone of you please advise?

regards

Quick116

Logfile of HijackThis v1.97.7
Scan saved at 18:08:11, on 15.04.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Eicon\Diva\DiTask.exe
C:\Program Files\Eicon\Diva\Divamon.exe
C:\Program Files\Eicon\Diva\watch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\1 acid web\Dashlogo.exe
C:\Program Files\Norman\NPF\NPFMSG.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norman\NPF\NPFSVICE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Rune Klingsheim\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = omegasearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/no/nor/gen/default.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=ftp://xbox@192.168.1.4/:21
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DiTask.exe] "C:\Program Files\Eicon\Diva\DiTask.exe"
O4 - HKLM\..\Run: [Divamon.exe] "C:\Program Files\Eicon\Diva\Divamon.exe"
O4 - HKLM\..\Run: [Eicon TechnologyLAN_DAEMON] "C:\Program Files\Eicon\Diva\watch.exe"
O4 - HKLM\..\Run: [CGServer] "C:\Program Files\Eicon\Diva\cgserver.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [ErrorAnte] C:\PROGRA~1\1 acid web\Dashlogo.exe
O4 - Startup: Registration-Studio 8 SE.lnk = C:\Program Files\Pinnacle\Studio 8\Register\RegTool.exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NPF Messenger.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37971.5943518519
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

@ quick116

please go to this new thread for instructions

omegasearch - quick116 (http://www.short-media.com/forum/showthread.php?p=125875#post125875)

I posted a message earlier today. I did everything as instructed from the instructions on how to get ride of this hijacking criminal software. Not only does it keep coming back on reboots, but it never is able to change my start page, though it changes where its directed, it still loads http://omegasearch.com/passthrough/index.html?http://www.msn.com
I have rebooted, run HijackThis and updated spybot updated it, did a full scan and immunitized. Rebooted and everything is back to omegasearch when it comes back up. Please help so I don't have to format again! Thanks :cool2:

NOTE: R0 - HKCU... omegasearch line in the HijackThis deletes durring the current session, but is always there when I reboot. (Its been deleted 6 times now)


Logfile of HijackThis v1.97.7
Scan saved at 10:37:22 AM, on 4/15/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\PROGRA~1\Cool Type Hope\mpeg open.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Starr\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A64A1260-81B9-D7D1-1AC0-2FB1EC652C2E} - C:\PROGRA~1\MP3TRU~1\grim site.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: iso great - {6D2FD553-C303-54AF-55F3-EB7A9944DB44} - C:\PROGRA~1\MP3TRU~1\grim site.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure once] C:\PROGRA~1\Cool Type Hope\mpeg open.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

I've yet to read any guides, but won't AdwareBlaster (or any other spyware-removal tool that offers I.E locks) protect consumers from the Omega-Syndrome?

@queiz

use the instructions here:
http://www.short-media.com/forum/showthread.php?t=12173

get rid of
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
O2 - BHO: (no name) - {A64A1260-81B9-D7D1-1AC0-2FB1EC652C2E} - C:\PROGRA~1\MP3TRU~1\grim site.dll
O4 - HKLM\..\Run: [Pure once] C:\PROGRA~1\Cool Type Hope\mpeg open.exe


@anyone who can....
can you put a link to this in the original article:

http://www.short-media.com/forum/showthread.php?t=12173

ATTENTION OMEGASEARCH POSTERS:

Please do not post your Hijack This logs in this thread. Please go to our Security - Software/Virus/Trojan Forum located here. (http://www.short-media.com/forum/forumdisplay.php?f=57) If you post your logs here, we may miss them, and not be able to help you...which we really want to do!

***IF YOU NEED TO POST YOUR HIJACK THIS LOG FOR HELP, PLEASE DO SO IN YOUR OWN NEW THREAD, AND CALL IT "OMEGASEARCH - (YOUR USERNAME)" DO NOT ADD YOUR LOG TO SOMEONE ELSE'S EXISTING THREAD. IF YOU ADD TO SOMEONE ELSE'S THREAD, WE MAY MISS YOUR NEW POST AND BE UNABLE TO HELP YOU.*****

Make sure you first check the instructions for the names of the latest known file name variants in our Updated Instructions Post. (http://www.short-media.com/forum/showthread.php?t=12173)

While you are waiting for help with your post, please feel free to browse the rest of our site - we have what we feel is the best little Tech Community on the Net, with friendly and knowledgable users in every area of computing. If you have a question or a problem, we can probably answer or solve it.

We also are dedicated to a very good cause: Folding For a Cure. (http://www.short-media.com/folding.php?v=projectinfo) Put your computer's spare power to work searching for the cure to diseases. Join our Team 93 (http://www.short-media.com/folding.php?v=teaminfo) today - we are one of the Top 10 Folding Teams in the World! Join a winning team, and help Fold for a Cure!
:smokin:


Dexter...

Omegasearch is positively EVIL!!!!! I tried deleting all references to it and to lop.com in my registry. I tried AdAware and Spybot S&D. I tried blocking it with my hosts file (even made hosts read-only!) and with Tools>InternetOptions>Security>Sites. Nothing worked!!! It kept coming back!!! Finally I solved the problem: Omegasearch had somehow managed to folder to my hard drive called c:\program files\bindjumpsafe with two files called holdlogo.exe and movethat.exe.

Delete them all. However, to delete them, you have to boot into safe mode. That solved the problem for me.

bill@technicalwrites.com

Great article Dexter. Keep up the good work! :)

If you have a log to post, please register first, then post in the Spyware/Virus/Trojan Discussion (http://www.short-media.com/forum/forumdisplay.php?f=57) forum.

All future HJT logs posted to this thread will be moved to the SVT forum, and all logs by unregistered posters will be deleted.

There are many benefits to registering. Most important, we get to know who you are! You also become part of a great community of computer experts, you get to have a cool avatar of your choice, a cool sig of your choice, private messaging ability, and you can become part of our killer Folding@Home (http://www.short-media.com/folding.php) team.

Joining Folding@Home, and specifically Team 93, has been shown to reduce cholesterol, improve your odds with the opposite sex, burn fat, clear up acne, and most important, give you a sense of pride and accomplishment knowing that you're helping science by unlocking the mysteries of cancer, Parkinson's Disease, Alzheimer's, and many other diseases.

yeah many thanks for the guide, I've been struggling with this nonsense for about a month and your guide made it pretty simple. I just deleted all the files that followed the syntax of the ones you had listed to be on the safe side (after all I can easily download any files I inadvertently delete) and it worked. (L) for you

One of the OmegaSearch advertisers is University of Phoenoix. I suggest calling U of P's 1-800 number and telling them (at their expense) how much you disapprove of them advertising via pop-ups connected to OmegaSearch. Their # is 1-800-697-8223

Dex,

Did get the Omegasearch bug as well, took about 2 hours to get rid of it, with several attempts, following the manuals on this site. If you don't trust something delete it or move it. In the end you will succeed.

For Willy, I also had the most difficulty eliminating the bar at the bottom. What I did was delete all unknow toolbars from the Hijack this and also a file with MYWAY in the Pathname. Further more I checked with which file could be the source for my trouble. In my case it was DVDriper from shareware. I also deleted this. After that is was gone.

Dex thanks for this article and this great site

Dear Unregistered guest:

Please do not post your HJT log here. As per the numerous posts above in this thread: please join the forums, and post your log in our Security forum. Your HJT log here will be deleted.

Dexter...

Please do not post HiJackThis logs in this thread.
--Mr. Kwitko

Even with ad-aware, and a free download of pest patrol, I still got this damned thing. Thank you SO much for showing me how to get rid of it. I tried scanning my computer for files with the name, I ran both of the programs and deleted all the files, and I couldn't figure out how to fix it.

When I got this I also got a ton of new bookmarks, a new homepage, and even when I repeatedly reset my homepage, it would go through omegasearch. Bastards.

Taking just 5 minutes to follow these instructions worked perfectly. Thank you again.

Please DO NOT post HiJackThis logs in this thread!

Another name Omegasearch goes under is Oozname.exe :)

If you have a HijackThis log to post, please register on the forums and proceed to the appropriate (http://www.short-media.com/forum/forumdisplay.php?f=57) forum to post your log. Also be sure to read the etiquette (http://www.short-media.com/forum/showthread.php?t=13628) for posting a log. Thanks!

I just want to thank you guys for ths fix. The last time these hacks ended up on my system I ended up having to wipe my hard drive to get them off. The fix you guys offered up worked like a champ and the info about this omega comany was great. Now this will never happen to me again. Thank you guys very much!!!!