What Is Skype Virus and How to Remove It
THREAT REMOVAL

What Is Skype Virus and How to Remove It

OFFER

SCAN YOUR PC
with SpyHunter

Scan Your System for Malicious Files
Note! Your computer might be affected by Skype Virus and other threats.
Threats such as Skype Virus may be persistent on your system. They tend to re-appear if not fully deleted. A malware removal tool like SpyHunter will help you to remove malicious programs, saving you the time and the struggle of tracking down numerous malicious files.
SpyHunter’s scanner is free but the paid version is needed to remove the malware threats. Read SpyHunter’s EULA and Privacy Policy

Because of their popularity and large adoption by users worldwide, applications such as Skype and Facebook are targeted by malware authors quite often. This article is dedicated to Skype malware, often referred to as simply “Skype virus”. Keep in mind that Skype virus is a generic name for all types of Skype-related malware.

Threat Summary

NameSkype Virus
TypeTrojan
Short DescriptionSkype Virus is a generic name for various malware threats that are delivered over Skype.
SymptomsThe user may be affected by a malicious ad served over Skype, his account may be hijacked, etc.
Distribution MethodMalicious links and ads sent via Skype, pages hosting malware
Detection Tool See If Your System Has Been Affected by Skype Virus

Download

Malware Removal Tool

User ExperienceJoin Our Forum to Discuss Skype Virus.


Depending on the purpose of attackers, some Skype viruses are targeting user accounts and hijacking them, and others are using the application to infiltrate the operating system. Continue reading to learn more about the various types of Skype viruses and how to remove them, or better – evade infection.

Related Story: Facebook Virus – How to Remove It (for PCs and Smartphones)

Goo.gl Skype Virus: Technical Overview

One of the most common Skype viruses is the so-called Goo.gl Skype virus. It is also one of the oldest pieces of such malware. As it turns out, the malicious campaigns that deliver goo(.)gl spamming URLs in Skype are still active.

Users on various forums report to receive strange messages from their Skype friends. The messages usually contain pictures and shortened goo(.)gl links. When clicked, these spamming URLs land on suspicious web pages that offer a download of a malicious file. Once such data is saved on the system, it may cause severe malware infections or serve as a gateway for further threats. Users are highly advised not to interact with these links.

In case you have clicked on such a compromised link, it is a good idea to run a scan with an advanced anti-malware tool as the malware may have sneaked into the system.

Goo.gl Skype Virus: Distribution Methods

This Skype virus relies on some clever distribution techniques. Initially, the malware was distributed via a web link using goo(.)gl services, such as the following one, along with a luring message:

[skype.user]: haha you wouldn’t believe it http://goo(.)gl/lLGdM?foto=user

The web link then redirects to a 4shared, hotfile or other file-sharing services:

http://e.4shared(.)com/linkerror.jsp?ed=63617573653d333034666e756c6c5f6f725f64656c

Then, the link may download a .Zip or another type of file containing the same malware. Symantec researchers have reported two main malware pieces associated with this Skype virus:

  • W32.IRCBot.NG
  • W32.Phopifas

After one of the above malicious bots has been downloaded and activated on the compromised computer, it would immediately connect to a C&C (Command and Control) server. After connecting to the server, the malware may download other malware types such as:

  • Trojans;
  • Ransomware;
  • Adware;
  • Spam Bots;
  • Rootkits;
  • Botnet kits.

It should also be noted that attacks of this character use obfuscators so that the malware remains undetected for longer times on infected computers. Attackers are typically using reputable services to spread malicious files and using affected users to spread spam messages to people in their contact list on Skype.


Skype.exe Virus: Technical Overview

Malware is known to use legitimate files that belong to legitimate programs. Such is the case with the Skype.exe virus. According to Hybrid Analysis, the malicious file is able to read terminal service related keys that may be RDP related. It also acts as spyware, being able to access sensitive information from local browsers, open the clipboard and retrieve keyboard strokes.

Here is a resume of its malicious capabilities:

  • Modifying auto-execute functionality by setting/creating a value in the registry;
  • Reading the active computer name;
  • Reading the cryptographic machine GUID;
  • Possibly capable of evading analysis by sleeping many times;
  • Opening the MountPointManager (often used to detect additional infection locations);
  • Contacting 2 domains and 2 hosts;
  • Modifying of Proxy settings.

It should be noted that the Skype.exe file actually belongs to Microsoft. However, the file which was uploaded to Hybrid Analysis appears to have been modified by an unpaid evaluation copy of Resource Tuner 2. It is a tool for disassembling .exe and .dll files.


Malicious Ads Served Over Skype

Skype has been abused to serve malicious ads not once or twice. Last year, users reported that ads served through the application were serving malicious downloads that were leading to a ransomware infection. The ads triggered a download of an HTML application which was designed to look like a legitimate app. Upon opening the ad would download a malicious payload, a piece of ransomware, which would then encrypt the user’s files.

One of these ads was a “fake Flash” one, which was especially designed for Windows, pushed a download which would trigger obfuscated JavaScript code. The code started a new command line, then deleted the application that the user just opened, and runed a PowerShell command. The command was set to download a JavaScript Encoded Script (JSE) from a domain that is no longer available. The domain was part of a group of disposable domains used to hide malicious operations.


Severe Security Flaws in Skype

There have been a number of serious security vulnerabilities in Skype which increase the vulnerability of the operating system and may lead to malware and spyware infections. Such a severe security flaw was discovered in February 2018. The severe could could allow attackers to obtain full access to the compromised host. This would happen through gaining system-level privileges to a local user with no privileges. The flaw was discovered by security researcher Stefan Kanthak who reported it to Microsoft. The flaw resides in Skype’s update installer found to be vulnerable to DLL hijacking.

The severity of the DLL hijacking vulnerability, however, is not the only issue here. Apparently, Microsoft, the owner of Skype, isn’t planning on fixing the flaw any time soon. The reason is not because the flaw can’t be patched. It’s because patching it would require the software to be entirely re-written. What does this mean? Instead of simply releasing a patch, Microsoft would have to release a brand new version of the messenger.

Related Story: Severe DLL Hijacking Flaw in Skype Won’t Be Patched by Microsoft

The attack leveraging the Skype DLL hijacking flaw can happen using a range of DLL files with various loading processes. The worst part is that no trails are left in both the registry and file system indicating that an incorrect DLL had been previously loaded.

In case of a successful hijacking of the update process, the attacker would download and place the maliciously crafted DLL into a temporary folder. When Skype’s update installer attempts to locate the relevant DLL, it will locate the malicious one instead, and will install the maliciously crafted code.

Even though Kanthak, the researcher who reported the flaw, tested the attack on the Windows desktop version of Skype, he believes that the same DLL hijacking technique could be used against other operating systems like Linux and macOS. It should be noted that the exploit of the flaw works on the desktop version of Skype.


Skype Virus: How to Remove It from the System

If you believe that your system was affected by a Skype virus, you can refer to the instructions provided below.

In case of the Goo.gl Skype virus, you should consider disconnecting your computer from the internet while scanning, since this will break any active connection with attackers’ C&C servers.

Note! Your computer system may be affected by Skype Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Skype Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.

To remove Skype Virus follow these steps:

1. Boot Your PC In Safe Mode to isolate and remove Skype Virus files and objects
2. Find files created by Skype Virus on your PC

Use SpyHunter to scan for malware and unwanted programs

3. Scan for malware and unwanted programs with SpyHunter Anti-Malware Tool

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...