<< The Center of Open Source & Government | Home | Microsoft and Open Standards >>

BlazeFind Hijacking

I would love to see a class action lawsuit against BlazeFind! I just spend a couple of hours trying to remove the Search Assistant that they installed on my taskbar. What a royale pain! Ad-aware, Spybot, TrojanHunter and HiJackThis! weren't able to do a complete job. I found various articles using Google (like this one) that helped discover more bits and pieces of it but it was still haunting my taskbar.

I finally used the systools process explorer to go through all the dll's that the Windows Explorer process had loaded and discovered that omniband.dll was the culprit. All that was required was to unregister this dll (regsvr32 /u omniband.dll) and it was gone.

However, my right-click "Open In New Window" functionality is broken. It just doesn't do anything. So something is still wonky. Arrgghh.

Print | posted on Friday, July 16, 2004 5:39 PM

Feedback

# re: BlazeFind Hijacking

Left by daniel at 7/26/2004 6:59 AM
Gravatar i also was subjected to the evil f****ers from blazefind and their annoying search assistant. you're right, these people should be sued.
i've used ad-aware to get rid of the critter, which it did; it removed omniband.dll, and all windowssa entries from the registry, etc.
unfortunately now my windows (xp) refuses to remember some of my taskbar settings; after each startup it gives me a taskbar without the quicklaunch toolbar and another custom toolbar i created myself. now i have to re-create them evry time via the taskbar properties...i think ad-aware maybe overdid the removing?
now i'm almost in the same situation as when the search assistant from bloody blazefind was there, cos that also removed any other toolbars and i had to manually add my custom toolbar every time. thanks again to blazefind for messing up my system.

anyway; how do i get windows back to storing/remembering my toolbar settings? and when will anyone (microsoft?) do something about the likes of blazefind, bargain buddy etc?


# re: BlazeFind Hijacking

Left by Ian at 7/26/2004 11:19 AM
Gravatar Sorry, don't know why Windows shouldn't be storing/remembering toolbar settings. Maybe some DLL's need to be re-registered to get appropriate entries back in the registry.

I'm really hoping Service Pack 2 for Windows XP solves some of these problems. Internet Explorerer should run in a sandbox and nothing should be able to install these kinds of nasties. I haven't yet got to the bottom of what tricks these spyware programs are using to get installed.

# re: BlazeFind Hijacking

Left by daniel at 7/26/2004 12:18 PM
Gravatar well, i know that they are basically unsigned active-x components which windows default happily installs without questioning or asking. once again a great example of microsoft picking the worst of all default settings...

and i think it's definitely a dll or registry setting that needs to be reset for my xp to remember it's task-toolbar settings (for lack of a better description), but how do i find out which one, eh? it's the proverbial needle in a haystack...searching on the web and/or microsoft site with keywords like toolbar, taskbar, storing, startup etc. gets me nowhere. so if anyone out there can point me in the right direction...

i do have a ghostimage of my system with the evil search-assistant on it, so when i have time i might try and extract the registry from there and do a file compare with my current one.
will keep you posted if i get a result.

# re: BlazeFind Hijacking

Left by James at 7/31/2004 8:19 PM
Gravatar The b*stards need taking out of business for creating such a damaging piece of scumware.

Still haven't succeeded in removing the rubbish even after lots of ad-removal programs claim to have got rid of it - the taskbar search nonsense is still there.

I do hope they learn the hard way that their behaviour is wrong.

# re: BlazeFind Hijacking

Left by Amalgham at 8/7/2004 11:00 AM
Gravatar Well, I guess I should join you in being a victim to that damned Blazefind problem. I, too, am experiencing the issue with my taskbar not remembering that I want quick launch active. I had a hell of a time trying to get rid of that omniband.dll file. I tried using Ad-Aware, Pest Patrol, Spybot, Bazooka Spyware Scanner, and an internet virus scanner, but all to no avail. None of them removed the file nor the search assistant. I tried to manually delete the file and I couldn't due to access denial. I even tried to do it in safe mode, but the SA still appeared in my toolbar and the DLL file was still being accessed. IN SAFE MODE!!!! Sheesh! The way I ended up being able to get rid of it was to go into safe mode in command prompt. However, as I said before, now XP doesn't want to remember my taskbar setting when I reboot. Damn these freaking hijacker programs. May all those makers burn in a specially extra hot hell.

# re: BlazeFind Hijacking

Left by daniel at 8/17/2004 12:20 PM
Gravatar well, i got rid of the blazefind monster with the aid of ad-aware; al it needed was an update of it's definitionfile, cos the omniband.dll was blazefind's very latest gift to surfin' mankind.
but after the update it did find it, and removed it succesfully like i mentioned. my guess was that ad-aware was a bit too good at removing traces of blazefind, and unfortunately also made windows not remember it's taskbar-tool settings...but after reading amalgham's post i'm not so sure.

which registry settings and files did you remove, amalgham?

# re: BlazeFind Hijacking

Left by Frank at 9/17/2004 6:59 PM
Gravatar A friend brings me a computer that will not logon.
http://www.winxptutor.com/wsaremove.htm
I found instructions like bottom of this page (including Phase II) and they fixed the login problem. I install & run Spybot 1.3 (17.Sep.2004 definitions). It removes some BlazeFind elements, but NAV2004 finds some more, so I have clue that the problem is not yet completely resolved. I was reluctant to have NAV simply delete the offending files. First, I deleted WindowsSA directory and removed startup entry in registry for WindowsSA\omniscient.exe. After reboot, the BlazeFind Search bar is *still* in task bar; then I find page at above link - Phase I instructions got rid of Search Bar!! I had to manually enable "QuickLaunch", but the setting was retained after reboot.

# re: BlazeFind Hijacking

Left by Kyndra at 9/18/2004 5:44 PM
Gravatar I just recently had a log in problem myself. It had to do with the executable that takes care of your login's... it was replaced by a stupid peice of adware. The C:\Windows\System32\Userinit.exe was replaced and it jacked everything up when I deleted it unknowing of the concequences. It's a royal pain in the ass. And even after everything I struggled with that stupid search assistant STILL insists on being there! >.<!! I ran the regsvr32 /u omniband.dll and it seems it might have worked but I am doing another scan with my fingers crossed.

These people need to be shot though for making adware like this. All these articles have been a great help though, I was afraid if I got rid of this problem it would cause another like my god awful log in one.

# re: BlazeFind Hijacking

Left by daniel at 9/22/2004 9:37 AM
Gravatar ah yes, that was the missing key i had found as well.
a comparison between my 'infected' system registry and a ghostimage gave me the same result; amongst other changes it showed the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit key to have the value
C:\WINDOWS\system32\wsaupdater.exe instead of
userinit.exe.
so all is well again in windows-land...untill the next infection ofcourse....why there aren't any legal actions against the lovely folks of blazefind and their kindred spirits is beyond me.

# re: BlazeFind Hijacking

Left by Angel Elf at 1/15/2005 4:29 PM
Gravatar I switched to Mozilla FireFox from MSIE in an attempt to prevent this Spyware/Adware problem. FireFox doesn't support ActiveX. Well it kinda worked but my McAfee VirusScan doesn't recognize FireFox only MSIE.

BlazeFind is only one of many that are just lurking about just waiting to infect and hijack ones computer. Windupdates is one of the worse. They have the nerve to claim that you have accepted their TOS even though you never see it.

"The Wind Update program is installed only once the user has agreed on it by clicking on 'yes'. If you do not remember having seen an ActiveX prompt, you might have downloaded Wind Updates from a popular free software product (screensavers, games, file sharing software, etc.). Users always will have to opt-in before installing the Wind Updates software."

HA! Don't remember indeed. I KNOW I never clicked "yes" to anything and never had any chance to opt-out. They are sneaky liars!

# re: BlazeFind Hijacking

Left by David C at 6/22/2005 8:07 PM
Gravatar hi

i unregistered (regsvr32 /u omniband.dll) and it went, thanks :)

# re: BlazeFind Hijacking

Left by Ian at 7/18/2004 6:35 PM
Gravatar Hey I managed to fix the right-click "Open In New Window" functionality by re-registering some of the Internet Explorer DLL's. For details, see this KB article:

http://support.microsoft.com/support/kb/articles/q180/1/76.asp

Your comment:





 
Please add 8 and 5 and type the answer here:

Copyright © Ian Wijesinghe

Design by Bartosz Brzezinski

Design by Phil Haack Based On A Design By Bartosz Brzezinski