Windows Worm Targets Skype Users
The VoIP service, Skype, is warning users about a new Windows worm spreading through the company’s chat message service. A post on Skype’s Heartbeat Blog says that computers already infected by the worm will send a chat message to other users, which, according to Skype, is “cleverly written and may appear to be a legitimate chat message.”
The chat message will have what looks like a link to an image file, but actually leads to the virus file. Clicking the link will prompt Windows to ask for permission to run a .scr file, which, should you be foolish enough to grant it, will install the virus, dubbed, w32/Ramex.A.
Skype recommends updating your anti-virus software and says that F-Secure, Kaspersky Lab and Symantec have all posted updates that will remove the virus.
If you’re the DIY type, Skype has posted instructions on editing computer???s registry manually, though keep in mind you can do serious damage to your system if you screw up. Experienced users can follow these steps to get rid of the virus:
- Restart the PC in safe mode
- Run regedit
- Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
- Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
- Go to windows/system32/drivers/etc
- Find file hosts
- Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
- Restart the PC.
Skype Watch has posted one version of the chat message (see screenshot above), which doesn’t look all that clever, but some users seem to trust just about everything. As always, be wary of any unsolicited contact, whether in Skype, IM or e-mail.
[image from Skype Watch]
