What is this Omega Search?

RWBRWB Icrontian
edited May 2004 in Spyware & Virus Removal
I don't have it, but I haven't found anything about what it does, just a bunch of threads talking about how to remove it.

What is it, besides Spy/Ad Ware? What does it do?

Comments

  • CaffeineMeCaffeineMe Cedar Rapids, IA
    edited May 2004
    Good question, I know it's a bad thing, but what IT is, not a clue!
  • muddocktormuddocktor
    edited May 2004
    From what I understand it is a browser hijacker, and from reading some of these fixit posts, maybe it contains other payloads too. Not a good thing to have, for sure.:(
  • mmonninmmonnin Centreville, VA
    edited May 2004
    Changes your homepage, pop-ups most likely, redirects normal links to their sites and other normal spyware crap. Get and see for yourself. We can help you remove it.:)
  • Straight_ManStraight_Man Geeky, in my own way Naples, FL Icrontian
    edited May 2004
    As actually used, think of it as a "Searcher of Death" or "Death Search" for the computer. The actual thing is a search plus browser hijacker. BUT, the logs we are getting are not JUST containing this attack, as HJT can reveal things like trojans also-- not by ID but by type of registry entry.

    Omega is last letter of Greek alphabet, frequently used to mean death-- in this case, death of O\S and\or other software via first taking advantage of vulns in browsing. Alpha is birth, first life, to the Greeks of olden times and that civilization is where these concepts came from.

    Some of these things are also spread by Bot, and not necessarily via pure browsing. IM and P2P\FTP tunneled apps can get things that have embedded content like this (trojan riding in archive, for instance).

    As its being used, it is like the term virus when loosely used-- that term used by common users is inclusive of four classes of things:

    Pure viruses just replicate locally.

    Worms of local system type worm into system areas and disable or morph and\or move and rename system files (local system DOS attack).

    Internet worms spread by worming through routing holes and vulns on internet.

    Trojans are written to open remote access to comupters infected by them-- if they work as written, they let remote users access your computer and grab your info or destroy your info, or some combo of both by letting the remote user push things of other sorts listed above onto your computer.

    What we are seeing is multiple vector attacks being called one name because HJT can reveal them in part or whole. when you have something that needs more than one program kind to kill, like LSP_fix, you are seeing a WinSock attack or an attack on the core hookup handler for internet linking in Windows, also. Adware can be pushed from one of the results after you get a searcher hijack, so AdAware can stop some of the things used also. Various viral like things (remember my use of the four classes above for viral things) can also be pushed from websites, mostly trojans and I-net (abbreviation for Internet) worms, or hybrids that combine more than one class of the four above.

    Search and home page hijacking of a browser is just an entry vector forming for all sorts of other things. Just as most email spread viral attacks rely on user clicking the email or attachment to get the virus active. so, trick is to evaluate what you see versus extreme common sense before clicking-- does it conform to what you know, given TANSTAFL??? If not, do not click-- the price might be hidden and more than you want to pay.
  • DexterDexter Vancouver, BC Canada
    edited May 2004
    The reason we have so many Omegasearch postings is that we wrote a guide on what it is, and how to remove it. All the info you need or want about it is in that guide here on SM: http://www.short-media.com/review.php?r=235

    Dexter...
Sign In or Register to comment.