Shoutbox

Looks like some malware. - Printable Version

-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: Looks like some malware. (/showthread.php?tid=78901)

Looks like some malware. by Mauver on 11-09-2007 at 08:15 PM

Just yesterday I got a message from a friend of mine saying "check out the hair on this kid. WOW" accompanied by a zip file titled "mystuff.zip". Inside this zip archive is an executable file titled "foto-187.jpg-myemail@hotmail.com.exe", where myemail@hotmail.com was the e-mail address that I use on MSN, which I'd rather not disclose.

Not caring to think at that moment about the repercussions of opening suspicious .exe files, I opened it, and it started a process which sends the same message and a similar file to those who are online on your MSN list. Fortunately I managed to figure out what this is, eventually.

This executable opens a process called "ogsxizv" which handles sending off this message to other people on your MSN list, and keeps a file and registry key of the same name. As far as I can tell, it's really quite simple to get rid of. First, close the process using your task manager (CTRL+ALT+DEL - open the processes tab, select "ogsxizv", and select "end process"), then take care of the file and registry key. The registry key can be cleared as follows:

1. Go to the start menu, select "run".
2. Type "regedit", and confirm by pressing OK or enter.
3. Open "HKEY_LOCAL_MACHINE" in the left panel, then "SOFTWARE", then "Microsoft", "Windows", "CurrentVersion", "Run", and in the right panel select "ogsxizv" and press delete, then confirm the deletion of this key.

If you have trouble finding the key this way, you could also do it the way I did; Go to edit -> find, type "ogsxizv" under "Find what", confirm, and wait until it finds the key.

To delete the file, go to C:\Windows\System32 and delete ogsxizv.exe from that file. It can be recognized by the fact that it cleverly disguises itself with a windows image icon.

From what I understand, this malware has been getting around pretty quickly, and other people I've talked to have said they know people who had the same problem. Thus, this is probably a threat.

In the end, though, it just goes to show that you really shouldn't open executables that were sent to you over MSN.


RE: Looks like some malware. by Nagamasa on 11-09-2007 at 09:48 PM

quote:
Originally posted by Mauver
In the end, though, it just goes to show that you really shouldn't open executables that were sent to you over MSN.
To add, it's not just .exe files. Strange links that appear link your friends sent them link you to a virus. :P
RE: Looks like some malware. by exbox on 11-10-2007 at 03:39 AM

thanks for sharing your experience, hopefully other will learn from it


RE: Looks like some malware. by Shiny Rabbit on 12-02-2007 at 08:36 PM

if its in a zip then you know its something bad, if it's someone i don't talk to or "they" say something suspicious like "can i use these pics of us on my myspace?" and you don't know them personally or they say they hate myspace, always double check


RE: Looks like some malware. by FlyZzer on 12-04-2007 at 09:26 PM

if anyone ever gets malware use prevx 2.0 its really good :(


RE: Looks like some malware. by Shiny Rabbit on 12-05-2007 at 04:38 PM

heh, i'll keep that in mind in the unlikely event i fall for one of those things


RE: Looks like some malware. by reav3r on 07-14-2008 at 07:44 AM

Hi, i didnt find the program in those directorys, any help would be GREATLY appreciated thanks