What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Looks like some malware.

Looks like some malware.
Author: Message:
Mauver
New Member
*


Posts: 1
Joined: Nov 2007
O.P. Looks like some malware.
Just yesterday I got a message from a friend of mine saying "check out the hair on this kid. WOW" accompanied by a zip file titled "mystuff.zip". Inside this zip archive is an executable file titled "foto-187.jpg-myemail@hotmail.com.exe", where myemail@hotmail.com was the e-mail address that I use on MSN, which I'd rather not disclose.

Not caring to think at that moment about the repercussions of opening suspicious .exe files, I opened it, and it started a process which sends the same message and a similar file to those who are online on your MSN list. Fortunately I managed to figure out what this is, eventually.

This executable opens a process called "ogsxizv" which handles sending off this message to other people on your MSN list, and keeps a file and registry key of the same name. As far as I can tell, it's really quite simple to get rid of. First, close the process using your task manager (CTRL+ALT+DEL - open the processes tab, select "ogsxizv", and select "end process"), then take care of the file and registry key. The registry key can be cleared as follows:

1. Go to the start menu, select "run".
2. Type "regedit", and confirm by pressing OK or enter.
3. Open "HKEY_LOCAL_MACHINE" in the left panel, then "SOFTWARE", then "Microsoft", "Windows", "CurrentVersion", "Run", and in the right panel select "ogsxizv" and press delete, then confirm the deletion of this key.

If you have trouble finding the key this way, you could also do it the way I did; Go to edit -> find, type "ogsxizv" under "Find what", confirm, and wait until it finds the key.

To delete the file, go to C:\Windows\System32 and delete ogsxizv.exe from that file. It can be recognized by the fact that it cleverly disguises itself with a windows image icon.

From what I understand, this malware has been getting around pretty quickly, and other people I've talked to have said they know people who had the same problem. Thus, this is probably a threat.

In the end, though, it just goes to show that you really shouldn't open executables that were sent to you over MSN.
11-09-2007 08:15 PM
Profile E-Mail PM Find Quote Report
Nagamasa
Skinning Contest Winner
*****

Avatar

Posts: 1842
Reputation: 30
30 / Male / Flag
Joined: May 2006
RE: Looks like some malware.
quote:
Originally posted by Mauver
In the end, though, it just goes to show that you really shouldn't open executables that were sent to you over MSN.
To add, it's not just .exe files. Strange links that appear link your friends sent them link you to a virus. :P
[Image: unled1uo.png]
Joined this forum 6742 days, 2 hours, 9 minutes, 31 seconds ago.



11-09-2007 09:48 PM
Profile PM Web Find Quote Report
exbox
Full Member
***


Posts: 102
Reputation: 1
Joined: Aug 2007
RE: Looks like some malware.
thanks for sharing your experience, hopefully other will learn from it
GOOGLE is your friend.
11-10-2007 03:39 AM
Profile E-Mail PM Find Quote Report
Shiny Rabbit
Full Member
***

Avatar
oohhh shiny

Posts: 296
Reputation: 2
– / Male / Flag
Joined: Jun 2007
RE: Looks like some malware.
if its in a zip then you know its something bad, if it's someone i don't talk to or "they" say something suspicious like "can i use these pics of us on my myspace?" and you don't know them personally or they say they hate myspace, always double check
[Image: 202-3.png][Image: shinyhachunesig.png]



12-02-2007 08:36 PM
Profile E-Mail PM Find Quote Report
FlyZzer
New Member
*

FlyZzer's Palace

Posts: 5
31 / Male / Flag
Joined: Dec 2007
RE: Looks like some malware.
if anyone ever gets malware use prevx 2.0 its really good :(
[Image: be12d340ecopy.jpg]
12-04-2007 09:26 PM
Profile E-Mail PM Web Find Quote Report
Shiny Rabbit
Full Member
***

Avatar
oohhh shiny

Posts: 296
Reputation: 2
– / Male / Flag
Joined: Jun 2007
RE: Looks like some malware.
heh, i'll keep that in mind in the unlikely event i fall for one of those things
[Image: 202-3.png][Image: shinyhachunesig.png]



12-05-2007 04:38 PM
Profile E-Mail PM Find Quote Report
reav3r
New Member
*


Posts: 2
Joined: Jul 2008
RE: Looks like some malware.
Hi, i didnt find the program in those directorys, any help would be GREATLY appreciated thanks
07-14-2008 07:44 AM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On