EXCELLENT! THANKS!
Straight_Man
Geeky, in my own wayNaples, FL Icrontian
As someone who has been fighting junkware for many, many, years I have to applaud this area's creation. THANKS.
I will also mention this:
A lot of the variants of the Omegasearch and related malware things are in fact hitting the UK and Germany and other parts of Europe first. There is decent security website outside North America that is dealing with these things and is very good and has at least three Microsoft Most Valuable Players that hang out at it. If you cannot find things here to solve repeating problems, please look on Google for the things you want to look up. A LOT of the highest and first listed hits are for threads at http://www.computercops.biz/ threads. ALL can read the threads there, and if you want to pay for help they will help for a subscription fee.
For the sake of us all, if you find things that work while reading freely there, please do post the problem and solution in this area also if it affects YOUR computer. Dexter is doing a very good job summarizing things here, but there are a bunch of things that so far have not been dealt with:
First, one reason set that a safe mode removal works is this:
In many cases, the box is not on the web while being disinfected. This makes it easier to disinfect while not being immediately reinfected by having an open browser's settings cause reinfection. This was true of BonziBuddy also, for similar and different reasons.
Second, hijacked networking settings are much more easily removable if you have your box in safe mode. Omegasearch and BonziBuddy did this also, they set up networking entries by misusing Microsoft Agent's facilities. Turning off or disabling Microsoft Agent as a service can help with this, or go into safe mode at which time Agent will be defaulted OFF.
Third, with box not on the web, and not actively networked, you can disable AV while scanning, and some AV does not like letting the other malware killers work right while active.
But, technically, you do not have to even go into safe mode. You CAN do this:
Close IE and OE. (browsers and email apps).
UNPLUG the modem or NIC\LAN cord.
Go into the device manager, disable the NIC and modem drivers you have on the box.
NOW, disable your AV software.
THEN run your junk removers.
When done removing junk, you DO need to reboot, but before doing so, please plug your modem and\or NIC cable back in, and then reenable the drivers you disabled-- in that exact order (cable first, THEN enable drivers). NOW, reboot.
When you get back into your O\S, you then need to validate your AV, it could have been DSISABLED especially if it is over 1-2 years since you got new AV Programs. I would go to Authenticum and grab an AV test file, run the AV on the HD. If the AV does not detect it, remove your AV and reinstall a newer AV program, PLEASE! Then scan with it, with the test file still present on HD.
John D.-- who has hated malware for about 2.3 decades and fights it a lot.
John D.
I will also mention this:
A lot of the variants of the Omegasearch and related malware things are in fact hitting the UK and Germany and other parts of Europe first. There is decent security website outside North America that is dealing with these things and is very good and has at least three Microsoft Most Valuable Players that hang out at it. If you cannot find things here to solve repeating problems, please look on Google for the things you want to look up. A LOT of the highest and first listed hits are for threads at http://www.computercops.biz/ threads. ALL can read the threads there, and if you want to pay for help they will help for a subscription fee.
For the sake of us all, if you find things that work while reading freely there, please do post the problem and solution in this area also if it affects YOUR computer. Dexter is doing a very good job summarizing things here, but there are a bunch of things that so far have not been dealt with:
First, one reason set that a safe mode removal works is this:
In many cases, the box is not on the web while being disinfected. This makes it easier to disinfect while not being immediately reinfected by having an open browser's settings cause reinfection. This was true of BonziBuddy also, for similar and different reasons.
Second, hijacked networking settings are much more easily removable if you have your box in safe mode. Omegasearch and BonziBuddy did this also, they set up networking entries by misusing Microsoft Agent's facilities. Turning off or disabling Microsoft Agent as a service can help with this, or go into safe mode at which time Agent will be defaulted OFF.
Third, with box not on the web, and not actively networked, you can disable AV while scanning, and some AV does not like letting the other malware killers work right while active.
But, technically, you do not have to even go into safe mode. You CAN do this:
Close IE and OE. (browsers and email apps).
UNPLUG the modem or NIC\LAN cord.
Go into the device manager, disable the NIC and modem drivers you have on the box.
NOW, disable your AV software.
THEN run your junk removers.
When done removing junk, you DO need to reboot, but before doing so, please plug your modem and\or NIC cable back in, and then reenable the drivers you disabled-- in that exact order (cable first, THEN enable drivers). NOW, reboot.
When you get back into your O\S, you then need to validate your AV, it could have been DSISABLED especially if it is over 1-2 years since you got new AV Programs. I would go to Authenticum and grab an AV test file, run the AV on the HD. If the AV does not detect it, remove your AV and reinstall a newer AV program, PLEASE! Then scan with it, with the test file still present on HD.
John D.-- who has hated malware for about 2.3 decades and fights it a lot.
John D.
0
This discussion has been closed.
Comments
There is no way we can all keep up with so many variants, etc, and this Omegasearch is looking to be a particularly vicious assault. If users find additional info from other resources, we would welcome that information here. To save confusion from multiple posts, please PM the information either to myself or Mr. Kwitko, and we will compile it and add to a single post: here.
Thanks to everyone helping out with this pesky nuisance!
Dexter...