Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Exclamation What the hell is "cdn.oggifinogi.com"

    My wife's computer has a new trick: it is an XPPro setup on a Pentium, it used to run nicely. Now there is a 'hidden' directory that is many directories deep and at the bottom there is something called "cdn.oggifinogi.com" which I cannot delete, it does not trigger any A/V warnings from Avast, Kaspersky or others, MalwareBytes doesn't 'see' it as a threat, and if I try to delete the entire directory structure the computer eventually crashes into a 'not responding' mode. Does anyone know what this is and how to get rid of it? I've tried safe mode, all sorts of scanner programs...nothing works. HELP!!

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    OggiFinnogi seems to be a company that has multimedia related products: http://inoviacapital.com/old/2010/08...round-funding/

    A cdn is a content distribution network, which is a network meant to provide faster access to content to users, regardless of their location vs. the origin of the contents they want to access.

    I am guessing there is some program that accesses content from their network and you are messing with it by removing the folder. The servers are located at Amazon Web Services, so I would offer there isn't a big likelihood that this is related to malware. I can't be sure, though, of course.

    P.S.: Please don't double post. One post in a forum about the same issue is enough.
    Rui
    -------
    R4

  3. #3
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Sorry for the double post...I didn't know which forum was the more appropriate one. Anyhow, who is this cdn network, and why can't this be removed? All of us here shop on Amazon from time to time, but only one computer has this mysterious folder which contains some 3+Gb of files with long, code-like names that end in .ssx and the directory "cdn.oggifinogi.com" is located inside another directory named "VPHUNGDJ" and none of this looks right. I checked the website you mentioned and they appear to be a venture capital outfit...what is this crap doing on our computer? I'd surely appreciate any solid advice from any reader here.

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    They have media products, which makes all sense considering they seem to run a cdn. This is surely related to some program you have installed. You should know more about it than me, actually.
    Rui
    -------
    R4

  5. #5
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    They seem to be owned by collective.com, which seems to market products for advertisers.
    Rui
    -------
    R4

  6. #6
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    So does anyone know how to get rid of this? It has dodged all efforts to remove this rogue directory and its contents. I have no idea what program it belongs to...it's on my wife's computer and she doesn't make a habit out of downloading and installing things willy-nilly. She always asks me first. My guess is some rogue website she surfed to did this and I'm not real pleased that the Microsoft Security Essentials didn't pickup on it when it entered, and Avast doesn't give it any attention either.

    Thanks for your input.

  7. #7
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    It doesn't seem to be malware, so no AV would catch it. I suggest you try removing items from your startup to see if the related app does not load. Try WhatInStartup to see if it helps nailing the culprit.
    Rui
    -------
    R4

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I already checked the startup programs-nothing there that looks suspicious or connected to the oggifinogi stuff. Also ran HijackThis on the unit and could find nothing out of order. Attempts to remove the offending directories usually crash the computer. There's something in this unit and I can't find it. If this isn't malware, then why is it resisting all efforts to remove it? Those two things don't add up. It's not any part of the OS, there are a huge number of files with long, hex-style names that end in .sxx and they seem to replicate themselves. Attempts to delete them result in the deletion process halting with an error message that suchandsuch file cannot be deleted, althought many files preceeding it were ( I moved them to a pendrive and was able to reformat the pen drive to kill these) but more and more files seem to be generated within the rogue directory cdn.oggifinog.com The name itself is a bit of a joke and that also leads me to believe this is some new form of crapware.

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I would not call it resisting efforts... If you have a program that needs the files and that program is starting and it cannot access the files, issues may arise... It really depends on the behavior of the program.

    As suggested here, use SysInternals Process Monitor to check what process is accessing the files. You can add a filter to make sure you have listed events relative just to the folder that interests you.
    Rui
    -------
    R4

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Admin, I appreciate your help here. I loaded up Sysinternals ProcMon and could find no references to the mysterious directories, and nothing in the registry editor either. I looked in SERVICES and there was nothing with a reference to this stuff either. There's no reference to this in HijackThis, and no a/v program has spotted this. I don't know how you define 'resisting efforts' but I'd say that trying to delete a non-system directory and having that result in a freeze-up is pretty resistant, wouldn't you agree? Do you have any other suggestions for where to research this? I've sent an email to cdn.oggifinogi.com but have not received any reply yet.

  11. #11
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,745
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Yesterday you said .ssx. Today you said .sxx. Which is it?

    Bruce

  12. #12
    Super Moderator RetiredGeek's Avatar
    Join Date
    Mar 2004
    Location
    Manning, South Carolina
    Posts
    9,433
    Thanks
    371
    Thanked 1,456 Times in 1,325 Posts
    James,

    You can try downloading Take Ownership and use it to get ownership of the desired folder/files. After installing this try it from normal Windows. If that fails try it from Safe Mode w/o networking. You can also run Malwarebytes free edition from Safe Mode which might not be a bad idea. One other thing I can think of is if you have access to another computer you could remove the HD and attach it to the other computer either internally or via USB adapter and try deleting the file/folders that way (you may need to use Take Ownership from the new computer to be allowed to do this also).

    You can also try the anit Rootkit scanners:

    Malwarebytes Anti-Rootkit

    Sophos Anti-Rootkit

    Kaspery TDSSKiller

    GMER

    HTH
    Last edited by RetiredGeek; 2013-04-11 at 13:26.
    May the Forces of good computing be with you!

    RG

    PowerShell & VBA Rule!

    My Systems: Desktop Specs
    Laptop Specs

  13. #13
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by RetiredGeek View Post
    James,

    You can try downloading Take Ownership and use it to get ownership of the desired folder/files. After installing this try it from normal Windows. If that fails try it from Safe Mode w/o networking. You can also run Malwarebytes free edition from Safe Mode which might not be a bad idea. One other thing I can think of is if you have access to another computer you could remove the HD and attach it to the other computer either internally or via USB adapter and try deleting the file/folders that way (you may need to use Take Ownership from the new computer to be allowed to do this also).

    You can also try the anit Rootkit scanners:

    Malwarebytes Anti-Rootkit

    Sophos Anti-Rootkit

    Kaspery TDSSKiller

    GMER

    HTH
    RG,

    The files can be deleted, it's just that the system seems to stop working properly when they are, or so I understood.
    Rui
    -------
    R4

  14. The Following User Says Thank You to ruirib For This Useful Post:

    caribconsult (2013-04-11)

  15. #14
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by caribconsult View Post
    I don't know how you define 'resisting efforts' but I'd say that trying to delete a non-system directory and having that result in a freeze-up is pretty resistant, wouldn't you agree? Do you have any other suggestions for where to research this? I've sent an email to cdn.oggifinogi.com but have not received any reply yet.
    No, that just means that some app is looking for the files and makes the system somehow hang.
    Can you provide us with more details about folder and file names and such? What exactly happens when you remove the files? Is there an immediate freeze? Does the system boot?
    Rui
    -------
    R4

  16. #15
    New Lounger
    Join Date
    Dec 2009
    Location
    Puerto Rico
    Posts
    23
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thank you to everyone who posted here. I'm glad to say I think I finally got rid of "cdn.oggifinogi.com" and persistence was the key, as well as Safe Mode. It took several attempts to delete the entire folder, which had some 3+Gb of junk files in it, several freeze-ups and ccleaner ultimately to empty the recycle bin, and right now the unit is in the middle of a boot-time dskchk to make sure the file system is in good order after all those crashes and deletions. I did try "file assassin" by Avast, but that also just froze up in the middle of the process...in the end it was plain old windows explorer that deleted everything. Now I'd really like to know where in hell this came from. Any ideas out there?

    Thanks again to all posters for your input.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •