By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more

lol is this your new picture on skype [link removed] virus

SOLVED
Go to Solution
This topic has been archived. To keep discussions in the Skype Community relevant we archive topics that haven't seen activity in the past 6 months. Read more about about archiving
Casual Tourist

so some one on my freinds list sent it to me and i cant get it off it keeps reviving it self and i dont know what to do PLEASE HELP

1 Accepted Solution

Accepted Solutions
Novel Adventurer
Solution
Accepted by Claudius (Community Manager)
‎28-08-2015 11:00

The file that is downloading through the goo.gl shortened address redirecting to [invalid URL].

First, I sent an abuse report to google and hotfile.

The analysis of this file on virustotal ([invalid URL]) show that this file is infected with a new virus found only by 4 antivirus. (they were only 2 one hour ago).

 

Here is some more informations on this virus :

[invalid URL]

[invalid URL]

[invalid URL]

 

It looks like this virus modifies startup information and is launched each time the PC starts.

Check startup values using a tool like CCleaner, and check for exe on you AppData folder.

 

View solution in original post

Message 10 of 11 (24,224 Views)
10 Replies
Novel Tourist

my contacts got the same messages, what to do?

 

Message 2 of 11 (26,555 Views)
Casual Adventurer
I just posted in the older thread about how to check your computer for it.

http://community.skype.com/t5/Security-Privacy-Trust-and/I-m-have-very-big-problems/m-p/1095340/high...

I haven't been able to track down where it's hiding in the registry as the computer I was working on didn't get its registry infected. If you follow that and it's still respawning itself then you need to get help hunting the virus out of your registry.
Message 3 of 11 (26,504 Views)
Novel Adventurer

So i accidentally clicked it and something started to open in browser but close I'm hoping my anti-virus shut it down but something also downloaded? I didn't open that just deleted it. Does it mean I'm safe? Currently scanning pc just to be sure.

Message 4 of 11 (26,375 Views)
Casual Adventurer

I've have catched it as well. It's  probably a new version because Symantec Endpoint Protection have not reacted at it, when i've acked to check that archive. O_o

 

To clean up you have to do following steps:

1.Change Status in Skype to "I have catched a virus!!! Do not go by the link!". If it is possible delete all the mesages virus had sent.

2.Uninstall Skype.

3.Run msconfig. Search for suspicious autoorun files from c:\users\YourUSER\appdata\... (I had pmpupj.exe)take out checkmark and write down location and file name

4. Go to that location and delete that file and all other suspicious files with same size as it( there were almost ten files with names CF??).

5. Run regedit and search for the file name from step 2. delete all the keys and folders that search have found.
6. Reboot in safe mode, run msconfig if yu still have it there do steps 3-5.

 

It have helped me.

Message 5 of 11 (26,311 Views)
Community Manager
It seems part of this trojan is installing the "ZeroAccess" trojan. There's a removal tool for this from Symantec: http://www.symantec.com/security_response/writeup.jsp?docid=2012-100303-2452-99&tabid=3

Found a helpful message? Give it a Kudo below to say "thanks" ¦ Latest Community News
Did my reply answer your question? Accept it as a solution to help others, Thanks.
Message 6 of 11 (26,146 Views)
Novel Adventurer

how will i know if i got rid of it? it only sent it around once for me but its repeating for my friend

 

Message 7 of 11 (24,948 Views)
Super Aviator

try this.

http://community.skype.com/t5/Windows/Skype-spam-virus/m-p/1092504/highlight/true#M82322

Regards,
Tamim
__________________________________________________________________________________________
Location - Dhaka | Bangladesh - Standard Time Zone: GMT/UTC + 06:00 hour

If one of my replies has adequately addressed your issue, please click on the “Accept as Solution” button. If you found a post useful then please "Give Kudos" at the bottom of my post, so that this information can benefit others.
Message 8 of 11 (24,306 Views)
Casual Adventurer

Try this howto

 

http://www.youtube.com/watch?v=5wWkErYwiuU

 

Message 9 of 11 (23,732 Views)
Novel Adventurer
Solution
Accepted by Claudius (Community Manager)
‎28-08-2015 11:00

The file that is downloading through the goo.gl shortened address redirecting to [invalid URL].

First, I sent an abuse report to google and hotfile.

The analysis of this file on virustotal ([invalid URL]) show that this file is infected with a new virus found only by 4 antivirus. (they were only 2 one hour ago).

 

Here is some more informations on this virus :

[invalid URL]

[invalid URL]

[invalid URL]

 

It looks like this virus modifies startup information and is launched each time the PC starts.

Check startup values using a tool like CCleaner, and check for exe on you AppData folder.

 

Message 10 of 11 (24,225 Views)
Discussion Stats
  • 10 replies
  • 26573 views
  • 17 kudos
  • 10 in conversation