Omegasearch issue - Please help!

To reply on Icrontic, register now.

It only takes 30 seconds.

Have an account? Sign in for less ads.

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

Reply to Discussion

Options

hymans

New to the neighborhood

1 Posts

7 Apr 2004, 8:02am

Omegasearch issue - Please help!

I have somehow got a very annoying spyware or what it is called Omegasearch, I have tried AdAware 6.0 without success in order to remove it and now I have run HijackThis... here's the logfile, please help me!

Logfile of HijackThis v1.97.7
Scan saved at 08:11:17, on 2004-04-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program\NetScreen\NetScreen-Remote\IreIKE.exe
C:\Windows\system32\spoolsv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program\Network Associates\VirusScan\Avsynmgr.exe
C:\Program\NetScreen\NetScreen-Remote\IPSecMon.exe
C:\Windows\System32\tcpsvcs.exe
C:\Program\Network Associates\VirusScan\VsStat.exe
C:\Program\Network Associates\VirusScan\Vshwin32.exe
C:\Program\Delade filer\Network Associates\McShield\Mcshield.exe
C:\Program\Network Associates\VirusScan\Webscanx.exe
C:\Program\Network Associates\VirusScan\Avconsol.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\atiptaxx.exe
C:\Windows\System32\ltmsg.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Compaq\EAB\EabServr.exe
C:\Program\D-Tools\daemon.exe
C:\Windows\system32\dla\tfswctrl.exe
C:\Program\VERITAS Software\Update Manager\sgtray.exe
C:\Program\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe
C:\Windows\System32\PRISMSTA.EXE
C:\Program\Ford One Data\objexitpure.exe
C:\Windows\System32\ctfmon.exe
C:\Program\Messenger\msmsgs.exe
C:\Program\ORiNOCO\Client Manager\cm.exe
C:\Program\NetScreen\NetScreen-Remote\SafeCfg.exe
C:\Program\WinZip\WZQKPICK.EXE
C:\Program\Wireless\Client Manager\CMags.EXE
C:\Program\ATMEL\Wireless Network Client\awnc.exe
C:\Documents and Settings\Info\Skrivbord\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...www.nowire.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.2.3:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L�nkar
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\Windows\system32\dla\tfswshx.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [dla] C:\Windows\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [afqlqje] "C:\Windows\System32\afqlqje.exe"
O4 - HKLM\..\Run: [proxim_orinoco_11abg] C:\Program\ORiNOCO\ComboCard 11ag\Utility\orinoco.exe
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [Idolreal] C:\Program\Ford One Data\objexitpure.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\Windows\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program\Messenger\msmsgs.exe" /background
O4 - Global Startup: Client Manager.lnk = C:\Program\ORiNOCO\Client Manager\cm.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program\NetScreen\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: PrecisionTime.lnk = C:\Program\Synaptics\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O4 - Global Startup: Wireless Network Client.lnk = ?
O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.nowire.se
O17 - HKLM\Software\..\Telephony: DomainName = ad.nowire.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9DF6943-08CC-4B2D-8035-808CF376794A}: NameServer = 10.0.0.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.nowire.se

primesuspect

The Icrontic Guy

27,792 Posts

7 Apr 2004, 3:41pm

What a mess.

Welcome to short-media.

Kill the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/.../www.nowire.se/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\Windows\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [dla] C:\Windows\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [afqlqje] "C:\Windows\System32\afqlqje.exe"
O4 - HKLM\..\Run: [Idolreal] C:\Program\Ford One Data\objexitpure.exe
O4 - Global Startup: Date Manager.lnk = C:\Program\Date Manager\DateManager.exe
O4 - Global Startup: GStartup.lnk = C:\Program\Delade filer\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PrecisionTime.lnk = C:\Program\Synaptics\PrecisionTime\PrecisionTime.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program\WinZip\WZQKPICK.EXE
O4 - Global Startup: Wireless Client Manager.lnk = ?
O4 - Global Startup: Wireless Network Client.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ad.nowire.se
O17 - HKLM\Software\..\Telephony: DomainName = ad.nowire.se
O17 - HKLM\System\CCS\Services\Tcpip\..\{E9DF6943-08CC-4B2D-8035-808CF376794A}: NameServer = 10.0.0.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ad.nowire.se

read this article, delete these things, update adaware and run it again after you reboot. Then get a virus scanner and run that, because I think a couple of those things are trojans.

Practice better internet habits so that you don't contribute to the global spam and spyware problem

__________________ "I offer my genius to the world, all I ask is you pick up my expenses"

dobunns

if only

10 Posts

7 Apr 2004, 4:30pm

Best to use both Ad-aware and spybot programs but you must keep them up-to date. Also AVG anti-virus is an excelent free virus scanner but again anything you use must be kept current or you will eventualy get more of the same problems.

drasnor

124 Golden Eye Drive

2,287 Posts

7 Apr 2004, 4:32pm

Boot up in safe mode and log in as Administrator if it gives you errors about removing stuff.

-drasnor

__________________ [folding_sig2]

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
AGP Speed and Fastwrites issue	RWB	Graphics	26	25 Mar 2004 3:19am
UT2004 Demo Issue	TBonZ	Video Gaming	15	17 Mar 2004 4:44am
Restoring system after RAID issue	TheSmJ	General Hardware	3	6 Feb 2004 9:40pm
F@H sig issue?	Geeky1	Folding@Home	3	2 Dec 2003 4:33pm
MAJOR site issue	Geeky1	Site Feedback	2	19 Oct 2003 9:13pm

		Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Omegasearch issue - Please help!

Jump to

This Thread	Search this Thread
Print Email	Search this Thread: Advanced Search

Username
Password	Forgot?
Remember me