What the hell is “cdn.oggifinogi.com”

Topic

New Reply

My wife’s computer has a new trick: it is an XPPro setup on a Pentium, it used to run nicely. Now there is a ‘hidden’ directory that is many directories deep and at the bottom there is something called “cdn.oggifinogi.com” which I cannot delete, it does not trigger any A/V warnings from Avast, Kaspersky or others, MalwareBytes doesn’t ‘see’ it as a threat, and if I try to delete the entire directory structure the computer eventually crashes into a ‘not responding’ mode. Does anyone know what this is and how to get rid of it? I’ve tried safe mode, all sorts of scanner programs…nothing works. HELP!!:o:[/B]

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

Replies

OggiFinnogi seems to be a company that has multimedia related products: http://inoviacapital.com/old/2010/08/oggifinogi-secures-series-a-round-funding/

A cdn is a content distribution network, which is a network meant to provide faster access to content to users, regardless of their location vs. the origin of the contents they want to access.

I am guessing there is some program that accesses content from their network and you are messing with it by removing the folder. The servers are located at Amazon Web Services, so I would offer there isn’t a big likelihood that this is related to malware. I can’t be sure, though, of course.

P.S.: Please don’t double post. One post in a forum about the same issue is enough.

Reply | Quote

Sorry for the double post…I didn’t know which forum was the more appropriate one. Anyhow, who is this cdn network, and why can’t this be removed? All of us here shop on Amazon from time to time, but only one computer has this mysterious folder which contains some 3+Gb of files with long, code-like names that end in .ssx and the directory “cdn.oggifinogi.com” is located inside another directory named “VPHUNGDJ” and none of this looks right. I checked the website you mentioned and they appear to be a venture capital outfit…what is this crap doing on our computer? I’d surely appreciate any solid advice from any reader here.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

They have media products, which makes all sense considering they seem to run a cdn. This is surely related to some program you have installed. You should know more about it than me, actually.

Reply | Quote

They seem to be owned by collective.com, which seems to market products for advertisers.

Reply | Quote

So does anyone know how to get rid of this? It has dodged all efforts to remove this rogue directory and its contents. I have no idea what program it belongs to…it’s on my wife’s computer and she doesn’t make a habit out of downloading and installing things willy-nilly. She always asks me first. My guess is some rogue website she surfed to did this and I’m not real pleased that the Microsoft Security Essentials didn’t pickup on it when it entered, and Avast doesn’t give it any attention either.

Thanks for your input.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

It doesn’t seem to be malware, so no AV would catch it. I suggest you try removing items from your startup to see if the related app does not load. Try WhatInStartup to see if it helps nailing the culprit.

Reply | Quote

I already checked the startup programs-nothing there that looks suspicious or connected to the oggifinogi stuff. Also ran HijackThis on the unit and could find nothing out of order. Attempts to remove the offending directories usually crash the computer. There’s something in this unit and I can’t find it. If this isn’t malware, then why is it resisting all efforts to remove it? Those two things don’t add up. It’s not any part of the OS, there are a huge number of files with long, hex-style names that end in .sxx and they seem to replicate themselves. Attempts to delete them result in the deletion process halting with an error message that suchandsuch file cannot be deleted, althought many files preceeding it were ( I moved them to a pendrive and was able to reformat the pen drive to kill these) but more and more files seem to be generated within the rogue directory cdn.oggifinog.com The name itself is a bit of a joke and that also leads me to believe this is some new form of crapware.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

I would not call it resisting efforts… If you have a program that needs the files and that program is starting and it cannot access the files, issues may arise… It really depends on the behavior of the program.

As suggested here, use SysInternals Process Monitor to check what process is accessing the files. You can add a filter to make sure you have listed events relative just to the folder that interests you.

Reply | Quote

Admin, I appreciate your help here. I loaded up Sysinternals ProcMon and could find no references to the mysterious directories, and nothing in the registry editor either. I looked in SERVICES and there was nothing with a reference to this stuff either. There’s no reference to this in HijackThis, and no a/v program has spotted this. I don’t know how you define ‘resisting efforts’ but I’d say that trying to delete a non-system directory and having that result in a freeze-up is pretty resistant, wouldn’t you agree? Do you have any other suggestions for where to research this? I’ve sent an email to cdn.oggifinogi.com but have not received any reply yet.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

I don’t know how you define ‘resisting efforts’ but I’d say that trying to delete a non-system directory and having that result in a freeze-up is pretty resistant, wouldn’t you agree? Do you have any other suggestions for where to research this? I’ve sent an email to cdn.oggifinogi.com but have not received any reply yet.

No, that just means that some app is looking for the files and makes the system somehow hang.
Can you provide us with more details about folder and file names and such? What exactly happens when you remove the files? Is there an immediate freeze? Does the system boot?

Reply | Quote

Yesterday you said .ssx. Today you said .sxx. Which is it?

Bruce

Reply | Quote

James,

You can try downloading Take Ownership and use it to get ownership of the desired folder/files. After installing this try it from normal Windows. If that fails try it from Safe Mode w/o networking. You can also run Malwarebytes free edition from Safe Mode which might not be a bad idea. One other thing I can think of is if you have access to another computer you could remove the HD and attach it to the other computer either internally or via USB adapter and try deleting the file/folders that way (you may need to use Take Ownership from the new computer to be allowed to do this also).

You can also try the anit Rootkit scanners:

Malwarebytes Anti-Rootkit

Sophos Anti-Rootkit

Kaspery TDSSKiller

GMER

HTH :cheers:

May the Forces of good computing be with you!

RG

PowerShell & VBA Rule!
Computer Specs

Reply | Quote

James,

You can try downloading Take Ownership and use it to get ownership of the desired folder/files. After installing this try it from normal Windows. If that fails try it from Safe Mode w/o networking. You can also run Malwarebytes free edition from Safe Mode which might not be a bad idea. One other thing I can think of is if you have access to another computer you could remove the HD and attach it to the other computer either internally or via USB adapter and try deleting the file/folders that way (you may need to use Take Ownership from the new computer to be allowed to do this also).

You can also try the anit Rootkit scanners:

Malwarebytes Anti-Rootkit

Sophos Anti-Rootkit

Kaspery TDSSKiller

GMER

HTH :cheers:

RG,

The files can be deleted, it’s just that the system seems to stop working properly when they are, or so I understood.

Reply | Quote

Thanks, RG for your good suggestions. My next move was going to be doing exactly what you said: put the drive in another computer and try that, but as I mentioned above, a little persistence finally paid off. Thanks again.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

Thank you to everyone who posted here. I’m glad to say I think I finally got rid of “cdn.oggifinogi.com” and persistence was the key, as well as Safe Mode. It took several attempts to delete the entire folder, which had some 3+Gb of junk files in it, several freeze-ups and ccleaner ultimately to empty the recycle bin, and right now the unit is in the middle of a boot-time dskchk to make sure the file system is in good order after all those crashes and deletions. I did try “file assassin” by Avast, but that also just froze up in the middle of the process…in the end it was plain old windows explorer that deleted everything. Now I’d really like to know where in hell this came from. Any ideas out there?

Thanks again to all posters for your input.

Win7Pro, I5 CPU, 8Gb RAM, SSD boot drive, external 4Tb SSD storage

Reply | Quote

I am glad you solved it.

Reply | Quote