login | register | shoutbox

 What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Skype & Technology » Skype & Live Messenger » Looks like some malware.

Looks like some malware.
Author: Message:
Mauver
New Member
*


Posts: 1
Joined: Nov 2007
O.P. Looks like some malware.
Just yesterday I got a message from a friend of mine saying "check out the hair on this kid. WOW" accompanied by a zip file titled "mystuff.zip". Inside this zip archive is an executable file titled "foto-187.jpg-myemail@hotmail.com.exe", where myemail@hotmail.com was the e-mail address that I use on MSN, which I'd rather not disclose.

Not caring to think at that moment about the repercussions of opening suspicious .exe files, I opened it, and it started a process which sends the same message and a similar file to those who are online on your MSN list. Fortunately I managed to figure out what this is, eventually.

This executable opens a process called "ogsxizv" which handles sending off this message to other people on your MSN list, and keeps a file and registry key of the same name. As far as I can tell, it's really quite simple to get rid of. First, close the process using your task manager (CTRL+ALT+DEL - open the processes tab, select "ogsxizv", and select "end process"), then take care of the file and registry key. The registry key can be cleared as follows:

1. Go to the start menu, select "run".
2. Type "regedit", and confirm by pressing OK or enter.
3. Open "HKEY_LOCAL_MACHINE" in the left panel, then "SOFTWARE", then "Microsoft", "Windows", "CurrentVersion", "Run", and in the right panel select "ogsxizv" and press delete, then confirm the deletion of this key.

If you have trouble finding the key this way, you could also do it the way I did; Go to edit -> find, type "ogsxizv" under "Find what", confirm, and wait until it finds the key.

To delete the file, go to C:\Windows\System32 and delete ogsxizv.exe from that file. It can be recognized by the fact that it cleverly disguises itself with a windows image icon.

From what I understand, this malware has been getting around pretty quickly, and other people I've talked to have said they know people who had the same problem. Thus, this is probably a threat.

In the end, though, it just goes to show that you really shouldn't open executables that were sent to you over MSN.
11-09-2007 08:15 PM
Profile E-Mail PM Find Quote Report
« Next Oldest Return to Top Next Newest »

Messages In This Thread
Looks like some malware. - by Mauver on 11-09-2007 at 08:15 PM
RE: Looks like some malware. - by Nagamasa on 11-09-2007 at 09:48 PM
RE: Looks like some malware. - by exbox on 11-10-2007 at 03:39 AM
RE: Looks like some malware. - by Shiny Rabbit on 12-02-2007 at 08:36 PM
RE: Looks like some malware. - by FlyZzer on 12-04-2007 at 09:26 PM
RE: Looks like some malware. - by Shiny Rabbit on 12-05-2007 at 04:38 PM
RE: Looks like some malware. - by reav3r on 07-14-2008 at 07:44 AM


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts 		HTML is Off
myCode is On
Smilies are On
[img] Code is On