By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more

Steps to Stop and Remove the Skype Malware/Virus

This topic has been archived. To keep discussions in the Skype Community relevant we archive topics that haven't seen activity in the past 6 months. Read more about about archiving
Novel Adventurer

I've seen a lot of steps posted for this, and as far as I can tell not one actually works.

Here's what I have done. Keep in mind this is considering users with roaming profiles and widows 7.

 

Sign out of Skype

 

Check these areas: (and looking at date stamps helps)

Local Machine

  • Users Local machine Downloads : remove any files that look like zips from skype
  • Users Local machine c:\windows\csc\v2.0.6 (maybe a different version)
  • Give the admin ownership of the v.0.6 folder and apply to subfolders
  • In v2.0.6 delete the 2 files and the 2 folders (this is cached data from offline files)
  • Ensure offline files is disabled
    • Regedit HKCU\Software\Microsoft\Windows\CurrentVersion\Run  look for a reg entry for a random string of characters. Note the string of characters. Delete this entry
    • Set to view hidden files/folders
    • c:\users\<username>\appdata\roaming : Look for and delete file with the name of the string of characters you found in registry entry above

In skype ->  tools -> options -> manage advanced settings -> manage other programs accessing skype remove snkb0pt (user must be logged in, also if you see snkb0pt anywhere you should remove it)

 

Check msconfig -> startup for rogue files (with name of snkb0pt and/or strings of characters found in the registry) and disable them

 

User homdir

  • If you view folders in homedir (i.e. c:\users or whatever drive\users) the folders that are hidden (transparent) are affected users (or open cmd cd to the users path (i.e. c:\users or whatever), then type dir /ah (this will display only the files/folders with the hidden attribute to get a fast list of all affected users, and sometimes even with fiew hidden files/folders on, you won’t be able to view the hidden files/folders that this thing hid)
  • Give yourself full control to the folder
  • Open cmd and navigate to to the homedir path (c:\users or whatever)
  • Type attrib <username> -h -s /s /d  (makes the folder unhidden)
  • Type cd  <username> to navigate inside the users folder
  • Type attrib *. -h -s /s /d (unhides all subfolders and files in users folder)
  • Remove yourself from security permissions of user
  • Navigate to users folder c:\users\<username> or users share\<username>: look for a file named Snkb0pt - maybe have icon of remote desktop connection or quicktime. Delete this.
  • There will probably be a lot of Folder Shortcuts with a recent date and most likely all dated the same. DELETE all of these shortcuts. They are fake shortcuts that launch the malware. If you view the properties of the shortcuts you will see in the target the Snkb0pt.exe file being pointed to.
  • There will probably be an autorun.inf with the same date. DELETE this as well. If you open it to edit it, you will see this is an autorun to also launch the Snkb0pt.exe file.
6 Replies
Novel Adventurer

Is this confirmed these actions are risky if done improperly so I'd like to make sure take these steps will resolve the issue.

Message 2 of 7 (33,806 Views)
Tourist

It is risky if you don't do the permissions right and could indeed make hackers easier to hack your computer so ask a friend that knows alot about this stuff or just try it!

Message 3 of 7 (32,082 Views)
Novel Tourist

I'm confused and don't understand what to do

Message 4 of 7 (24,906 Views)
Novel Adventurer

manage advanced settings isn't an option in advanced settings on skype.

Message 5 of 7 (24,853 Views)
Novel Adventurer

These steps weer accurate in April of 2013. I'm sure with skype updates some things have changed slightly.

Message 6 of 7 (24,513 Views)
Novel Tourist

Having Skype is not an advantage if it comes with malware and requires such draconian steps to "clean" it. I just "upgraded" today and this malware warning comes up. I may just forgo Skype altogether and go with Google.

Message 7 of 7 (23,693 Views)
Discussion Stats
  • 6 replies
  • 34865 views
  • 0 kudos
  • 5 in conversation