What do you know, Skype are on my news once again, and once again not for very good ones. After the recent service outage last month, Skype now have new computer virus called “w32/Ramex.A” affecting their Windows users. Hey, I am using Skype for Windows myself...!
According to an official announcement now published on the Skype blog homepage Infected users appear to be sending chat messages to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message. The infection only occurs after downloading the linked file and running the malicious software. The chat message, of which there are several versions, is 'cleverly' written and may appear to be a legitimate chat message, which "may fool some users into clicking on the link".
Skype says they have been in contact with "the leading" antivirus software companies about this worm and that these companies are "updating their software to effectively stop this worm and as well as its side effects". By now F-Secure, Kaspersky Lab and Symantec have been reported already to update their products to detect and remove the worm.
Also according to Skype, expert users "and only expert users" who know what they’re doing can remove the worm manually with the following procedure:
- Restart the PC in safe mode
- Run regedit
- Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
- Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
- Go to windows/system32/drivers/etc
- Find file hosts
- Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
- Restart the PC.