1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Outlook contacting ox-social.bidsystem.com/w/1.0

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by vesposit, Mar 13, 2013.

  1. vesposit

    vesposit Private E-2

    Same issue as reported by others in forum. Started new thread since not allowed to add to those.
    While working in Outlook 2010 get Popup Message box with message
    "Contacting ox-social.bidsystem.com/w/1.0"
    See 2 attachments with screen shot of issue in action.

    Ran Hitman Pro - attached log
    Ran the Register fix "fixME.reg" mentioned in post "missourigeek" and it ran ok.

    What does make difference, but not yet fixed:
    -Start outlook in safe mode "Outlook /safe"
    -Remove all Add-ins possible
    -Disable Add-ins from statup

    -This helps... but does not fix it... after some time msg box comes back with vengance.

    -This must be a NEW malware since very few posts on inet about it.

    Also have run PCTools AV, MalewareBytes.

    Thanks for the help.

    Attached Files:

  2. vesposit

    vesposit Private E-2

    I have narrowed this down.

    It will only trigger when opening certain emails. This is done easily if you have the preview pane open and click on a email.

    However the email itself I do not suspect... I think there is something already installed and waiting for some trigger ?
  3. vesposit

    vesposit Private E-2

    Attached is a email that if you open or preview in Outlook will cause the ox-social to trigger, popup box and essentially lockup Outlook.

    If you open the file in Notepad you can search the text and see the ox-social is in the email.

    If you unzip this and open it, outlook with start and get hung up trying to contact ox-social...

    This is easy to see the issue everyone is having... if someone who is expert on this type of virus.

    Here is what it looks like inside the email:
    <a h ref="//o x-social¨.biõ yÑmÓ w/1.0/rcP?cs=®ðdEðca9d¡Ð70&cbЮðÖP5" >

    Attached Files:

    Last edited: Mar 15, 2013
  4. vesposit

    vesposit Private E-2

    I have found another email with same issue. If opened will cause Outlook to be exploited and locked up.
  5. vesposit

    vesposit Private E-2

    Solution found.
    This is a band-aid as there for sure is still a exploit in Outlook waiting for more malicious emails.

    But for now you can create 2 rules one for Header, one for Subject & Body, add to both rules to search for "ox-social.bidsystems.com" and have it delete permanently.

    I also added to look for "ox-social" and "ox-".

    Several other on other forum have reported this works great for them and it is working for me.

    Side note... this forum looks cool and has lots of good info, but for the first time I tried to use it ... it sux... not a single reply or help from anyone... I guess i did not follow some of the 1001 rules or something... but for sure major geeks is not on my must have forums.... thanks for nothing.

    But watch... i've had 200+ views... no help or replies... but I bet NOW I get a reply or two from the major admins... and a list of rules I broke... hehe... i feel the flames coming...

    maybe this issue is only my problem... not sure... or i did something wrong ? if so i'm sorry, but otherwise thanks again for nothing:(
    Last edited: Mar 16, 2013
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!
    Yes you did not read the forum rules posted in the sticky/pinned threads, and you kept bumping yourself to the bottom of the work queue. See the below sticky and in particular item number 6 about bumping:

    Forum Rules and Guidelines

    Also required cleaning procedure to get help is in the below sticky

    READ & RUN ME FIRST. Malware Removal Guide

    Views come from anywhere in the world. Every search engine could cause a hit.

    Sorry we could not help you but the bumping caused you to never get an answer until you stopped bumping.
  7. vesposit

    vesposit Private E-2

    Thanks for the response.

    I guess I'm not cool or part of the club... I DID read the rules and run the malware and even left logs...

    I did see the item on Bumping... but frankly have no idea what that is ?

    I assumed it is related to responding to my own item ? But was not sure... however I was not going to stop working on the issue waiting for someone else to respond??? and when I thought I had more good info to help solve the issue I added it to my post...

    So I'm not sure how the process works or what a bump is, but if bumping is adding info to your own post to help others well I don't get it...

    sorry... I"m not trying to be a pest... I just don't get it
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not attach the logs requested in the READ & RUN ME and still have not. The READ & RUN ME stated the below:

    You only attached the Hitman Pro log. One of the five logs required to provide you support.

    Was explained in step 6 of the Forum Rules and Guidelines I linked you to and it was also in the READ & RUN ME as shown above. Basically each time you add another post, you send yourself to the bottom of the queue.

    And it sends you to the bottom of the queue and it also it is contrary to what we say to you right at the beginning of the READ & RUN ME which stated the below just before step 1:
    You needed to attach the other 4 logs requested. To be clear, those are logs from the below tools:
    • RogueKiller
    • Malwarebytes
    • TDSSkiller
    • MGtools (the log is the MGlogs.zip file that is mentioned ).
    However note that SPAM is not really a malware problem. It is a problem with your email address getting added to spam lists. And as you noted, one way to address this is by filtering out the incoming spam in your email program.

    The ox-social.bidsystem.com stuff however may indicate redirect type infection. We would only know it we had all of the requested logs.
    Last edited: Mar 24, 2013

Share This Page

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds