Quick Way to Remove the Skype Worm - gHacks Tech News

Quick Way to Remove the Skype Worm

If you do not know yet there is a Skype worm spreading around that is affecting Skype Windows clients. The virus automatically sends a chat message to other Skype users containing a link to an image on a website where users are prompted to download a file with the .scr extension using a simple redirection. SCR files are screensaver files usually but also often used by malware to infect systems and bypass security software that is mainly looking out for .exe files.

If a user runs the downloaded .scr file on the computer it will become infected with the w32/Ramex.A virus which uses Skype’s public API to access the infected pc.If you are lucky, your resident antivirus software may block the execution of the file, if not, you may need to follow the guide below to uninstall it from your system.Many antivirus companies like Symantec, Kaspersky and F-Secure have already updated their virus definitions to detect and remove the worm.

It is however also possible to remove the worm manually by following the steps outlined below:

  1. Restart the PC in safe mode
  2. Run regedit by using the Windows-R shortcut to open a run dialog box, typing regedit, and hitting the enter key.
  3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
  4. Go to Windows\System32 directory and delete the following files there: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe. Use the search if you can't find the files immediately or do not want to browse the large list of files manually.
  5. Go to windows/system32/drivers/etc
  6. Find the hosts file there.
  7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close. If you have used the hosts file previously make sure you keep legit entries in there and only delete the entries that block your antivirus software from updating.
  8. Restart the PC.

via Skype blog

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Alan Pollock said on September 12, 2007 at 10:56 pm
    Reply

    I have a computer running Windows XP Home with SP 2. This computer has been infected with the Skype Worm, Ramex, and we cannot logon any more. Each time you try and logon it simply goes back to “Saving your settings” and returns you to the logon screen.

    Can anyone help with any advice on how to get around this. I cannot access Regedit, nor can I edit the hosts file from the Repair utility.

    I am really desperate, please help.

    Alan

  2. Martin said on September 12, 2007 at 11:12 pm
    Reply

    Did you try starting in safe mode ? If yes, I would start the command line mode only and delete all the files mentioned above.

    You could also try system restore.

  3. Nemus said on October 10, 2012 at 8:14 am
    Reply

    hey there

    thanks for taking your time to provide us with this article.. i found it easily on a search and thus attempted it.. Thanks for a phenomenal waste of my time… None of the filenames you mentioned to search for existed in safe mode or otherwise. Not wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe or mshtmldat32.exe

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.