To talk on Icrontic, just register!

It only takes 30 seconds.

Have an account? Sign in:

Forgot?

To reopen your thread, send a Private Message (PM) to Trogan with a link to your thread.

If you are not the user who started this thread, you must start your own thread instead.

 
Reply to Discussion Options
voltesv
New to the neighborhood
voltesv
4 Posts
23 Apr 2004, 4:13am

omegasearch...again...damnit

whoever created omegasearch needs to DIE.

i keep getting hijacked every time i restart/reboot my comp...i think it maybe because a number of reasons. but here's my log

Logfile of HijackThis v1.97.7
Scan saved at 7:58:24 PM, on 4/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\PROGRA~1\BOOBEG~1\Up Okay License.exe

C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\SpyBlocs\SpyBlocs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/i...://about:blank
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [browse bait] C:\PROGRA~1\BOOBEG~1\Up Okay License.exe
O4 - HKLM\..\Run: [SpyBlocs] C:\Program Files\SpyBlocs\SpyBlocs.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product/...rInstaller.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

C:\PROGRA~1\BOOBEG~1\Up Okay License.exe

i think it maybe because of this C:\PROGRA~1\BOOBEG~1\Up Okay License.exe...i can't seem to delete it with the program!!! it always comes back...and when i try to delete the folders in my C:\Programfiles folder it won't let me delete it. it says "access is denied" for a certain file...

HELP
Kwitko
Sheriff of Dicktown
Kwitko
6,521 Posts

» Subscriber

23 Apr 2004, 4:19am
Boot into safe mode, then re-run HiJackThis. Kill the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/...p://about_:blank
O4 - HKLM\..\Run: [winactive] C:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [browse bait] C:\PROGRA~1\BOOBEG~1\Up Okay License.exe
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://www.spywarenuker.com/product...erInstaller.exe

I also recommend installing SpywareBlaster, which helps prevent further infestations.
__________________ "Is it not cruel to let our city die by degrees, stripped of all her proud monuments, until there will be nothing left of all her history and beauty to inspire our children?... this is the time to take a stand, to reverse the tide, so that we won't all end up in a uniform world of steel and glass boxes." - Jacqueline Kennedy Onassis
shwaip
elaborate bot
shwaip
5,730 Posts
23 Apr 2004, 4:23am
make sure the "Up okay License.exe" is deleted, if not, do it manually in safe mode.
__________________ my photostream for ic photography challenge

Anyone who wants dropbox, please use my referral link
voltesv
New to the neighborhood
voltesv
4 Posts
23 Apr 2004, 4:30am
how do i run safemode again?
voltesv
New to the neighborhood
voltesv
4 Posts
23 Apr 2004, 4:35am
oh and i got a weird email today...rather suspicious one. it might be just another spam mail but i want to be sure...it redirected me here, with my info seemingly filled.

http://mainlandlending.maintaincepro...6c23770935a1a&

is this anything to worry about? fraud or anything of that kind? or is it just another everday spam bs?
shwaip
elaborate bot
shwaip
5,730 Posts
23 Apr 2004, 4:41am
Quoting voltesv
how do i run safemode again?
restart, press F8 repeatedly after the POST.
voltesv
New to the neighborhood
voltesv
4 Posts
23 Apr 2004, 4:47am
thanks guys. i think i fixed it. THANKS again!
Similar Threads
Thread Thread Starter Forum Replies Last Post
Remove Omegasearch MediaMan Technology Articles 30 24 May 2004 5:10am
omegasearch for iquan iquan Resolved / Inactive 3 16 Apr 2004 10:19pm
omegasearch - quick116 mondi Resolved / Inactive 2 15 Apr 2004 5:40pm
Omegasearch music_head Resolved / Inactive 6 14 Apr 2004 9:23pm
Updated Omegasearch Removal Information - Check here for the latest Omegasearch Info! Dexter Resolved / Inactive 0 12 Apr 2004 3:17pm

Go Back   Icrontic Forums > Malware Help > Spyware & Virus Removal > Resolved / Inactive
Reload this Page omegasearch...again...damnit
Jump to
This Thread Search this Thread
Search this Thread:

Advanced Search

Today's Posts - Mark All Read - Contact Us - Icrontic.com - Archive - Top

Current time: 10:38am (GMT)
Powered by vBulletin®
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Get Vanilla instead. Trust me.