explorer hijacked

[Sparda]

ok my IE has been hijacked to "omegasearch" now spybot search and destroy cant find it (yes its up to date) and my Virus scanner cant either. Yes i have a firewall (zonealarm). And i have no idea how i got it (although i did get an email from nevrax about Ryzom open beta which looked a bit funky. I then got the proper email about 15 mins after.


All my links in my favs box are about ballox and i stupid short cuts on my desktop to random casinos and credit ballox. Also when ever i try use the adress bar in IE6 to search its now searching my PC's files and folders and not the net.


Anyone have a clue how to kill this mucho bag of shite?

 

[Sparda]

btw heres a Hijackthis report


Logfile of HijackThis v1.97.7
Scan saved at 21:59:47, on 15/04/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\McAfee\McAfee VirusScan\Webscanx.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AOL 9.0b\waol.exe
C:\Program Files\AOL 9.0b\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mr Slade\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://omegasearch.com/passthrough/index.html?http://www.gucomics.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://omegasearch.com/searchbar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://omegasearch.com/searchbar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://omegasearch.com/searchbar.html
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\apps\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {F9114A39-92F7-7DEE-56ED-B6DF48148ACA} - C:\PROGRA~1\EGGSST~1\Media Jump.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Toolamokglobal - {381B3C96-4824-4212-773D-B03674F6B1EB} - C:\PROGRA~1\EGGSST~1\Media Jump.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
O9 - Extra button: Packard Bell (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38066.3538773148
O17 - HKLM\System\CCS\Services\Tcpip\..\{F347CE61-2680-4EE5-969C-2304F0C4CC94}: NameServer = 195.93.48.134
O17 - HKLM\System\CCS\Services\Tcpip\..\{F54C8D73-C063-4009-B3F0-D923FBF16FBA}: NameServer = 152.163.0.26 205.188.64.153

 

[Vander]

Short-Media's guide to removing Omegasearch

 

[CliffyG]

Download Webroot Spy Sweeper, it's free to update it once but clears out every bit of spyware i've come across unlike most of the big names recently.

 

[Ssera]

I use pest patrol personally. You can get an online scan of your pc here: http://www.pestpatrol.com/ and it'll tell you everything that looks dodgy on your pc. I personally got the full version and since I've installed it I've never had any problems. Need to turn off the sounds for cookie tracking though - it's amazing how many are flying around nowadays

 

[Daedalus]

How about Ad-Aware?

 

[bigchief]

How about Ad-Aware?

used ad-aware for a few months now. Last week i got a home page hijacker (fk knows how) and everytime i rebooted it reset to some crap. Ad-aware/virus scan found nothing.

After reading CliffyG's post i dl'd Spy Sweeper. Found the hijacker and 3 other things. All good now Now that may not pick up things ad-aware finds, always safest to have a 2nd opinion (ie a 2nd thing to check after you run a scan using one bit of software).

 

[CliffyG]

Ad-aware used to be good but it rarely deals with the newer spyware, i always use Spy Sweeper now.

 

[sibanac]

spybot S&D seems to work like a charm,
Ofcourse if you use firefox instead of IE you will have alot less spyware to worry about in the first place

 

[Garax]

Or you can use CWShredder, this program was specially designed to help get rid of the hi-jack programs that exist thesedays. A hunt on google will give you the link for this.

 

[Wij]

Or you can use CWShredder, this program was specially designed to help get rid of the hi-jack programs that exist thesedays. A hunt on google will give you the link for this.

I was about to suggest the same thing. Worked like a charm for me.