MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 03-13-13, 16:19
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Outlook contacting ox-social.bidsystem.com/w/1.0

Same issue as reported by others in forum. Started new thread since not allowed to add to those.
While working in Outlook 2010 get Popup Message box with message
"Contacting ox-social.bidsystem.com/w/1.0"
See 2 attachments with screen shot of issue in action.

Ran Hitman Pro - attached log
Ran the Register fix "fixME.reg" mentioned in post "missourigeek" and it ran ok.

What does make difference, but not yet fixed:
-Start outlook in safe mode "Outlook /safe"
-Remove all Add-ins possible
-Disable Add-ins from statup

-This helps... but does not fix it... after some time msg box comes back with vengance.

-This must be a NEW malware since very few posts on inet about it.

Also have run PCTools AV, MalewareBytes.

Thanks for the help.
mike
Attached Files
File Type: log HitmanPro_20130313_1709.log (1.8 KB, 2 views)
File Type: pdf Snap1.pdf (24.9 KB, 4 views)
File Type: pdf Snap2.pdf (35.9 KB, 2 views)
Reply With Quote
Sponsored links
  #2  
Old 03-13-13, 21:08
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

I have narrowed this down.

It will only trigger when opening certain emails. This is done easily if you have the preview pane open and click on a email.

However the email itself I do not suspect... I think there is something already installed and waiting for some trigger ?
Reply With Quote
  #3  
Old 03-15-13, 09:49
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

Attached is a email that if you open or preview in Outlook will cause the ox-social to trigger, popup box and essentially lockup Outlook.

If you open the file in Notepad you can search the text and see the ox-social is in the email.

If you unzip this and open it, outlook with start and get hung up trying to contact ox-social...

This is easy to see the issue everyone is having... if someone who is expert on this type of virus.

Here is what it looks like inside the email:
<a h ref="//o x-social.bi ym w/1.0/rcP?cs=dEca9d70&cbЮP5" >
Attached Files
File Type: zip SPAM Congratulations you have been chosen.zip (23.5 KB, 7 views)

Last edited by vesposit; 03-15-13 at 09:56..
Reply With Quote
  #4  
Old 03-15-13, 11:37
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

I have found another email with same issue. If opened will cause Outlook to be exploited and locked up.
Reply With Quote
  #5  
Old 03-16-13, 05:55
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

Solution found.
This is a band-aid as there for sure is still a exploit in Outlook waiting for more malicious emails.

But for now you can create 2 rules one for Header, one for Subject & Body, add to both rules to search for "ox-social.bidsystems.com" and have it delete permanently.

I also added to look for "ox-social" and "ox-".

Several other on other forum have reported this works great for them and it is working for me.

Side note... this forum looks cool and has lots of good info, but for the first time I tried to use it ... it sux... not a single reply or help from anyone... I guess i did not follow some of the 1001 rules or something... but for sure major geeks is not on my must have forums.... thanks for nothing.

But watch... i've had 200+ views... no help or replies... but I bet NOW I get a reply or two from the major admins... and a list of rules I broke... hehe... i feel the flames coming...

maybe this issue is only my problem... not sure... or i did something wrong ? if so i'm sorry, but otherwise thanks again for nothing

Last edited by vesposit; 03-16-13 at 05:58.. Reason: Major Geeks Suk
Reply With Quote
Sponsored links
  #6  
Old 03-16-13, 22:20
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,440
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

Welcome to Major Geeks!
Quote:
Originally Posted by vesposit View Post
Side note... this forum looks cool and has lots of good info, but for the first time I tried to use it ... it sux... not a single reply or help from anyone... I guess i did not follow some of the 1001 rules or something... but for sure major geeks is not on my must have forums.... thanks for nothing.
Yes you did not read the forum rules posted in the sticky/pinned threads, and you kept bumping yourself to the bottom of the work queue. See the below sticky and in particular item number 6 about bumping:

Forum Rules and Guidelines

Also required cleaning procedure to get help is in the below sticky

READ & RUN ME FIRST. Malware Removal Guide


Quote:
Originally Posted by vesposit View Post
But watch... i've had 200+ views... no help or replies
Views come from anywhere in the world. Every search engine could cause a hit.

Sorry we could not help you but the bumping caused you to never get an answer until you stopped bumping.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Reply With Quote
  #7  
Old 03-23-13, 14:31
vesposit vesposit is offline
Private E-2
 
Join Date: Mar 2013
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

Thanks for the response.

I guess I'm not cool or part of the club... I DID read the rules and run the malware and even left logs...

I did see the item on Bumping... but frankly have no idea what that is ?

I assumed it is related to responding to my own item ? But was not sure... however I was not going to stop working on the issue waiting for someone else to respond??? and when I thought I had more good info to help solve the issue I added it to my post...

So I'm not sure how the process works or what a bump is, but if bumping is adding info to your own post to help others well I don't get it...

sorry... I"m not trying to be a pest... I just don't get it
Reply With Quote
  #8  
Old 03-24-13, 16:22
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
 
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 80,440
Thanks: 62
Thanked 7,687 Times in 4,146 Posts
Default Re: Outlook contacting ox-social.bidsystem.com/w/1.0

Quote:
Originally Posted by vesposit View Post
I guess I'm not cool or part of the club... I DID read the rules and run the malware and even left logs...
You did not attach the logs requested in the READ & RUN ME and still have not. The READ & RUN ME stated the below:





Quote:
Step 4: Do You Still Have Problems
  • Yes, I’m still having problems
    • DO NOT run the READ ME again!!!! And DO NOT move on to Step 5 below!!! Please just attach your logs as given below and tell us what problems you are still having.
    • If you do not already have a thread started, start a new thread otherwise post the following in your original thread. Clearly describe in detail the problems you are having and how long ago they started. Think about what you were doing at the time.
      • Now you need to attach (See: HOW TO: Attach Items To Your Post ) ( Or View: How to Attach Items to Your Posts) the below logs created while running the above scans.
        • RKreport[1].txt from RogueKiller
        • Malwarebytes' Anti-Malware log
        • TDSSKiller log
        • HitmanPro log
        • MGlogs.zip - normally it is C:\MGlogs.zip - only attach this log from MGtools.exe DO NOT attach any logs seen in the MGtools folder.
    • Be patient after posting your logs and wait for one of the helpers to get to you. It can take a while to read thru all of the logs and to create individual fixes for you.
    • Also DO NOT BUMP your thread to try and get a faster answer. This will actually significantly delay getting an answer. See this: Don't Bump! It Only Hurts You!!!
You only attached the Hitman Pro log. One of the five logs required to provide you support.

Quote:
Originally Posted by vesposit View Post
I did see the item on Bumping... but frankly have no idea what that is ?
Was explained in step 6 of the Forum Rules and Guidelines I linked you to and it was also in the READ & RUN ME as shown above. Basically each time you add another post, you send yourself to the bottom of the queue.




Quote:
Originally Posted by vesposit View Post
I assumed it is related to responding to my own item ? But was not sure... however I was not going to stop working on the issue waiting for someone else to respond??? and when I thought I had more good info to help solve the issue I added it to my post...
And it sends you to the bottom of the queue and it also it is contrary to what we say to you right at the beginning of the READ & RUN ME which stated the below just before step 1:
Quote:
  • Once you start this cleaning process to remove your malware please do not do anything to your PC except what is requested in this procedure. Do not install anything on your own and do not run other scans.
Quote:
Originally Posted by vesposit View Post
So I'm not sure how the process works or what a bump is, but if bumping is adding info to your own post to help others well I don't get it...




sorry... I"m not trying to be a pest... I just don't get it
You needed to attach the other 4 logs requested. To be clear, those are logs from the below tools:
  • RogueKiller
  • Malwarebytes
  • TDSSkiller
  • MGtools (the log is the MGlogs.zip file that is mentioned ).
However note that SPAM is not really a malware problem. It is a problem with your email address getting added to spam lists. And as you noted, one way to address this is by filtering out the incoming spam in your email program.

The ox-social.bidsystem.com stuff however may indicate redirect type infection. We would only know it we had all of the requested logs.
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter

Last edited by chaslang; 03-24-13 at 16:30..
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Outlook contacting ox-social.bidsystem.com/w/1.0 missourigeek Malware Removal 10 03-19-13 11:24
Windows 8 - Remove ox-social.bidsystem.com\w\1.0 mysticscooby Malware Removal 3 02-23-13 22:58
Help contacting mgnews shashikumar bhat The Lounge 5 06-08-12 09:26
Contacting Chaslang about recycler Pozzydrive Malware Removal 3 04-27-08 12:52
Contacting an IP address smarttrekker Hardware 2 01-23-05 22:00


All times are GMT -5. The time now is 18:49.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger