FYI for Skype Users

Sep. 10th, 2007 10:18 am
wowie: reading (Default)
[personal profile] wowie

Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message.

Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link.

Skype has been in contact with the leading antivirus software companies about this worm, and we know that they are updating their software to effectively stop this worm and as well as its side effects. Currently, F-Secure and Kaspersky Lab have already updated their antivirus products to detect and remove the worm.

We would like to encourage our users to ensure that they are running anti-virus software on their computers and to download the latest anti-virus updates in order to provide the best protection against this and other viruses.

Here’s a more detailed look at the situation for those who understand techier talk:

When a Skype user receives the chat message — either from their Skype contacts or users not on their contact list — it includes an internet link. Instead of a .jpg image that it seems to point to, the link actually leads to a virus file. By clicking on the link, the Windows Run/Save dialog box will pop up, asking for permission to save or run a .scr file. This is the virus file and should not be downloaded or run.

If the user accepts the file, however, their Windows PC will be infected with the w32/Ramex.A virus. The worm uses Skype’s public Application Program Interface (API) to access the PC.

There are two ways to get rid of the worm: the normal way and the techhead way. Most users should NOT attempt to edit their computer’s registry manually. For most people, downloading and/or updating their anti-virus software, and scanning their computer to detect and remove the worm, is the way to go.

Expert users — and only expert users — who know what they’re doing can also remove the worm manually.

  1. Restart the PC in safe mode
  2. Run regedit
  3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
  4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
  5. Go to windows/system32/drivers/etc
  6. Find file hosts
  7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
  8. Restart the PC.

Wishing you a virus-free week.

  • Add Memory
  • Share This Entry

Profile

wowie: reading (Default)
wowie

May 2009

S M T W T F S
     12
34567 89
10111213141516
17181920212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 22nd, 2026 03:14 am
Powered by Dreamwidth Studios