[AI] skype virus
firojjee at gmail.com
Sat Sep 15 02:33:34 EDT 2007
Skype has learned that a computer virus called "W32/Ramex.A" is affecting
users of Skype for Windows. Users whose computers are infected with this
will send a chat message to other Skype users asking them to click on a web
link that can infect the computer of the person who receives the message.
Please note that Skype users ONLY become infected after they have downloaded
the link and run the malicious software. The chat message, of which there
several versions, is cleverly written and may appear to be a legitimate chat
message, which may fool some users into clicking on the link.
Skype has been in contact with the leading antivirus software companies
about this worm and currently FSecure,
and Spyware Terminator have already updated their antivirus products to
detect and remove the worm.
Here's a more detailed look at the situation for those who understand
list of 1 items
. When a Skype user receives the chat message - either from their Skype
contacts or users not on their contact list - it includes an internet link.
of a .jpg image that it seems to point to, the link actually leads to a
virus file. By clicking on the link, the Windows Run/Save dialog box will
asking for permission to save or run a .scr file. This is the virus file and
should not be downloaded or run.
If the user accepts the file, however, their Windows PC will be infected
with the "w32/Ramex.A" virus. The worm uses Skype's public Application
Interface (API) to access the PC.
There are two ways to get rid of the worm: the normal way and the techhead
way. Most users should NOT attempt to edit their computer's registry
For most people, downloading and/or updating their anti-virus software, and
scanning their computer to detect and remove the worm, is the way to go.
Expert users & only expert users who know what they're doing can also remove
the worm manually. OR Download new version of Symantac or Kaspersky lab or
Spyware terminator or FSecure
list of 8 items
1. Restart the PC in safe mode
2. Run regedit
3. Go to HKLM/software/ microsoft/ windows/currentv ersion/runonce find
entry with mshtmldat32. exe. Delete this entry.
4. Go to Windows\System32 directory and delete following files:
wndrivs32.exe, mshtmldat32. exe, winlgcvers.exe, sdrivew32.exe
5. Go to windows/system32/ drivers/etc
6. Find file hosts
7. Open it with notepad, ctrl+a and delete all entries (this will resume
your antivirus updates), save, close.
8. Restart the PC.
More information about the AccessIndia