Site Sponsor:

mcafee_logo.gif
line

Now Available:

Featured Resource:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Dan or post a comment to the blog.

« Google Looking More Like Enterprise Software Vendor | Main | Unified Threat Management (UTM) at the Enterprise Scale »

Skype Worm Hits Windows

No sooner did I download the Skype client for my new laptop this morning than I see a new worm is out menacing Skype users. The attack requires a user to click a link to download the malicious file so social engineering-aware users (some call us paranoid) shouldn't be at much risk but if you're rushing through the message and end up clicking do download the worm, here is how to get rid of it. From the Skype blog:

If the user accepts the file, however, their Windows PC will be infected with the w32/Ramex.A virus. The worm uses Skype’s public Application Program Interface (API) to access the PC.

There are two ways to get rid of the worm: the normal way and the techhead way. Most users should NOT attempt to edit their computer’s registry manually. For most people, downloading and/or updating their anti-virus software, and scanning their computer to detect and remove the worm, is the way to go.

Expert users — and only expert users — who know what they’re doing can also remove the worm manually.

1. Restart the PC in safe mode
2. Run regedit
3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
5. Go to windows/system32/drivers/etc
6. Find file hosts
7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
8. Restart the PC.

Tags:      
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Dan Sullivan on September 10, 2007 12:44 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-websecurity.com/type/mt-tb.cgi/418

Comments

I used to use Skype quite heavily until I downloaded a new version and something just went wrong to my pc. contacted skype about the issue (2nd August 2007) and no replies from them yet.

Ended up formatting the computer...and said goodbye to Skype. Now using openwengo which is open source and has a good community support that Skype doesn't have.

Posted by: Paranoid | September 12, 2007 5:54 AM

Sounds like you may have hit a problem with the combination of components on your machine. We saw earlier how complex the dynamics of Skype are when the service went down in August. There is a good article in the New York Times on systems complexity and it dicusses Skype, too. I have a post at http://www.realtime-websecurity.com/2007/09/complexity_is_the_enemy_of_sec.html

Posted by: Dan | September 12, 2007 8:08 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Latest White Papers

line

Blog Roll

line

Dan Sullivan's Bio:

Dan Sullivan is a systems architect with 20 years of IT experience that includes engagements in enterprise security, application design, and systems architecture. His experience includes a broad range of industries, including financial services, manufacturing, government, retail, gas and oil production, power generation, and education. Dan’s security-related project work has ranged from requirements analysis for enterprise information security to designing and implementing security for database applications and enterprise portals. Dan has written about information security and other enterprise information management topics for Business Security Advisor, DM Review, Intelligent Enterprise, and E-Business Advisor. You can contact Dan at: dan_sullivan@realtimepublishers.net