Attention COTH Skype users: Skype Virus Warning

[Ormica]

Pfft you people are saying good advice and I'm such a nub D: BUT how can mac users tell if their spending it? Before a friend yells at you for spreading it?

[Harmonic]

Alert your friends of the possibility, and tell them to let you know. Perform what scans you can to make sure that it's safe.

[cartoonkarl]

For those who are still affected I found this post to be quite useful. It removed the trojans for me. I am still keeping my scanners up just to make sure the problem is gone though. http://community.skype.com/t5/Windows/Sk...504#M82322

[Norael]

I suggest Microsoft Security Essentials if you guys want a sure-fire, free to use AV.

I'm mildly masochistic and have purposely gone to places that will give me a virus, and this baby never fails.

...In other news, I've yet to receive that link. 8D

[Ural]

What I did was, as Imm's tutorial suggested, was to download Autoruns and reboot in safe mode. Then I found that program in my C:/ drive and started it. This program allowed me to easily see what starts up outside of critical Windows programs.

The trojan itself was named Ziliik or something, and was easily recognizable because even though it looked like a valid Skype program, the source folder it was in was the AppData Roaming folder, (where Skype keeps its temporary data) instead of where Skype is installed. For my case, C:/Program Files.

I went to the folder loaction again in my case, C:/Users/Ural/AppData/Roaming/Skype. Honestly I just did a search for "roaming" and it got me there. Inside the folder was several files with four digits random-names such as DB34 NA21 UB67 and of course the program spawning them, Ziliik. I recognized these as they were trying to run through Skype, and send the message to my contact lists.

I deleted them, and the other hostile program Ziliik. Then for good measure I deleted them from my Recycle Bin. I rebooted back into normal mode and haven't had any problems since. The whole process only took maybe ten minutes.

[Hawk]

I clicked the link, and my browser opened up. I saw something with the name "Skype" in my downloads box, but everything just closed after that. I don't remember if whether or not it was me who actually closed this when I saw "hacked" in Mezrin's Skype status and was spamming keys.

I haven't found any new .zip file, no roaming file, no Ziliik, no unusual programs running in task manager and I haven't been sending people links. I think this means I'm safe.

[BountyHunter]

[Geoni]

I got this because I felt bold and safe since I already had Avast and MalwareBytes but those two programs weren't able to keep this virus from infecting me. Sure, when I did a full scan in both Avast and then MalwareBytes, I caught and quarantined some of the incoming keylogger trojans, but even though I've followed through with the tutorial posted here and done some additional things that another tutorial told me to do, I keep seeing MalwareBytes block incoming viruses from Bit Torrent. Closed that connection off, but now I don't feel safe because I think somebody out there has my IP and info.

This is some nasty stuff, guys. Not just something any old script kiddie can do.

[Reigen]

Make sure you change any important passwords, just in case you feel compromised. There's no telling what it did when in someone's computer.

[Ormica]

So I am not affected by the virus...but I'm a carrier of it, don't open links from me!