Update August 2019. What is Skype virus? Because of their popularity and large adoption by users worldwide, applications such as Skype and Facebook are targeted by malware authors quite often. This article is dedicated to Skype malware, often referred to as simply “Skype virus”. Keep in mind that Skype virus is a generic name for all types of Skype-related malware.
Threat Summary
| Name | Skype Virus |
| Type | Trojan |
| Short Description | Skype Virus is a generic name for various malware threats that are delivered over Skype. |
| Symptoms | The user may be affected by a malicious ad served over Skype, his account may be hijacked, etc. |
| Distribution Method | Malicious links and ads sent via Skype, pages hosting malware |
| Detection Tool | See If Your System Has Been Affected by Skype Virus Download Malware Removal Tool | User Experience | Join Our Forum to Discuss Skype Virus. |
Depending on the purpose of attackers, some Skype viruses are targeting user accounts and hijacking them, and others are using the application to infiltrate the operating system. Continue reading to learn more about the various types of Skype viruses and how to remove them, or better – evade infection.
Goo.gl Skype Virus: Technical Overview
One of the most common Skype viruses is the so-called Goo.gl Skype virus. It is also one of the oldest pieces of such malware. As it turns out, the malicious campaigns that deliver goo(.)gl spamming URLs in Skype are still active.
Users on various forums report to receive strange messages from their Skype friends. The messages usually contain pictures and shortened goo(.)gl links. When clicked, these spamming URLs land on suspicious web pages that offer a download of a malicious file. Once such data is saved on the system, it may cause severe malware infections or serve as a gateway for further threats. Users are highly advised not to interact with these links.
In case you have clicked on such a compromised link, it is a good idea to run a scan with an advanced anti-malware tool as the malware may have sneaked into the system.
Goo.gl Skype Virus: Distribution Methods
This Skype virus relies on some clever distribution techniques. Initially, the malware was distributed via a web link using goo(.)gl services, such as the following one, along with a luring message:
[skype.user]: haha you wouldn’t believe it http://goo(.)gl/lLGdM?foto=user
The web link then redirects to a 4shared, hotfile or other file-sharing services:
http://e.4shared(.)com/linkerror.jsp?ed=63617573653d333034666e756c6c5f6f725f64656c
Then, the link may download a .Zip or another type of file containing the same malware. Symantec researchers have reported two main malware pieces associated with this Skype virus:
- W32.IRCBot.NG
- W32.Phopifas
After one of the above malicious bots has been downloaded and activated on the compromised computer, it would immediately connect to a C&C (Command and Control) server. After connecting to the server, the malware may download other malware types such as:
- Trojans;
- Ransomware;
- Adware;
- Spam Bots;
- Rootkits;
- Botnet kits.
It should also be noted that attacks of this character use obfuscators so that the malware remains undetected for longer times on infected computers. Attackers are typically using reputable services to spread malicious files and using affected users to spread spam messages to people in their contact list on Skype.
Skype.exe Virus: Technical Overview
Malware is known to use legitimate files that belong to legitimate programs. Such is the case with the Skype.exe virus. According to Hybrid Analysis, the malicious file is able to read terminal service related keys that may be RDP related. It also acts as spyware, being able to access sensitive information from local browsers, open the clipboard and retrieve keyboard strokes.
Here is a resume of its malicious capabilities:
- Modifying auto-execute functionality by setting/creating a value in the registry;
- Reading the active computer name;
- Reading the cryptographic machine GUID;
- Possibly capable of evading analysis by sleeping many times;
- Opening the MountPointManager (often used to detect additional infection locations);
- Contacting 2 domains and 2 hosts;
- Modifying of Proxy settings.
It should be noted that the Skype.exe file actually belongs to Microsoft. However, the file which was uploaded to Hybrid Analysis appears to have been modified by an unpaid evaluation copy of Resource Tuner 2. It is a tool for disassembling .exe and .dll files.
Malicious Ads Served Over Skype
Skype has been abused to serve malicious ads not once or twice. Last year, users reported that ads served through the application were serving malicious downloads that were leading to a ransomware infection. The ads triggered a download of an HTML application which was designed to look like a legitimate app. Upon opening the ad would download a malicious payload, a piece of ransomware, which would then encrypt the user’s files.
One of these ads was a “fake Flash” one, which was especially designed for Windows, pushed a download which would trigger obfuscated JavaScript code. The code started a new command line, then deleted the application that the user just opened, and runed a PowerShell command. The command was set to download a JavaScript Encoded Script (JSE) from a domain that is no longer available. The domain was part of a group of disposable domains used to hide malicious operations.
Severe Security Flaws in Skype
There have been a number of serious security vulnerabilities in Skype which increase the vulnerability of the operating system and may lead to malware and spyware infections, or in other words – to variations of the Skype virus. Such a severe security flaw was discovered in February 2018. The severe could could allow attackers to obtain full access to the compromised host. This would happen through gaining system-level privileges to a local user with no privileges. The flaw was discovered by security researcher Stefan Kanthak who reported it to Microsoft. The flaw resides in Skype’s update installer found to be vulnerable to DLL hijacking.
The severity of the DLL hijacking vulnerability, however, is not the only issue here. Apparently, Microsoft, the owner of Skype, isn’t planning on fixing the flaw any time soon. The reason is not because the flaw can’t be patched. It’s because patching it would require the software to be entirely re-written. What does this mean? Instead of simply releasing a patch, Microsoft would have to release a brand new version of the messenger.
The attack leveraging the Skype DLL hijacking flaw can happen using a range of DLL files with various loading processes. The worst part is that no trails are left in both the registry and file system indicating that an incorrect DLL had been previously loaded.
In case of a successful hijacking of the update process, the attacker would download and place the maliciously crafted DLL into a temporary folder. When Skype’s update installer attempts to locate the relevant DLL, it will locate the malicious one instead, and will install the maliciously crafted code.
Even though Kanthak, the researcher who reported the flaw, tested the attack on the Windows desktop version of Skype, he believes that the same DLL hijacking technique could be used against other operating systems like Linux and macOS. It should be noted that the exploit of the flaw works on the desktop version of Skype.
Skype Virus: How to Remove It from the System
If you believe that your system was affected by a Skype virus, you can refer to the instructions provided below.
In case of the Goo.gl Skype virus, you should consider disconnecting your computer from the internet while scanning, since this will break any active connection with attackers’ C&C servers.
Note! Your computer system may be affected by Skype Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Skype Virus.
Keep in mind, that SpyHunter’s scanner is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter’s malware removal tool to remove the malware threats. Read our SpyHunter 5 review. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.
To remove Skype Virus follow these steps:
Boot Your PC Into Safe Mode
1. For Windows XP, Vista and 7.
2. For Windows 8, 8.1 and 10.
Fix registry entries created by malware and PUPs on your PC.For Windows XP, Vista and 7 systems:
1. Remove all CDs and DVDs, and then Restart your PC from the “Start” menu.
2. Select one of the two options provided below:
– For PCs with a single operating system: Press “F8” repeatedly after the first boot screen shows up during the restart of your computer. In case the Windows logo appears on the screen, you have to repeat the same task again.
– For PCs with multiple operating systems: Тhe arrow keys will help you select the operating system you prefer to start in Safe Mode. Press “F8” just as described for a single operating system.
3. As the “Advanced Boot Options” screen appears, select the Safe Mode option you want using the arrow keys. As you make your selection, press “Enter“.
4. Log on to your computer using your administrator account
While your computer is in Safe Mode, the words “Safe Mode” will appear in all four corners of your screen.
Step 1: Open up the Start Menu.
Step 2: Click on the Power button (for Windows 8 it is the little arrow next to the “Shut Down” button) and whilst holding down “Shift” click on Restart.
Step 3: After reboot, a blue menu with options will appear. From them you should choose Troubleshoot.
Step 4: You will see the Troubleshoot menu. From this menu choose Advanced Options.
Step 5: After the Advanced Options menu appears, click on Startup Settings.
Step 6: From the Startup Settings menu, click on Restart.
Step 7: A menu will appear upon reboot. You can choose any of the three Safe Mode options by pressing its corresponding number and the machine will restart.
Some malicious scripts may modify the registry entries on your computer to change different settings. This is why cleaning your Windows Registry Database is recommended. Since the tutorial on how to do this is a bit long and tampering with registries could damage your computer if not done properly you should refer and follow our instructive article about fixing registry entries, especially if you are unexperienced in that area.
Find files created by Skype Virus
1. For Windows 8, 8.1 and 10. 2. For Windows XP, Vista, and 7.For Newer Windows Operating Systems
Step 1:
On your keyboard press + R and write explorer.exe in the Run text box and then click on the Ok button.
Step 2:
Click on your PC from the quick access bar. This is usually an icon with a monitor and its name is either “My Computer”, “My PC” or “This PC” or whatever you have named it.
Step 3:
Navigate to the search box in the top-right of your PC’s screen and type “fileextension:” and after which type the file extension. If you are looking for malicious executables, an example may be “fileextension:exe”. After doing that, leave a space and type the file name you believe the malware has created. Here is how it may appear if your file has been found:
N.B. We recommend to wait for the green loading bar in the navination box to fill up in case the PC is looking for the file and hasn’t found it yet.
For Older Windows Operating Systems
In older Windows OS’s the conventional approach should be the effective one:
Step 1:
Click on the Start Menu icon (usually on your bottom-left) and then choose the Search preference.
Step 2:
After the search window appears, choose More Advanced Options from the search assistant box. Another way is by clicking on All Files and Folders.
Step 3:
After that type the name of the file you are looking for and click on the Search button. This might take some time after which results will appear. If you have found the malicious file, you may copy or open its location by right-clicking on it.
Now you should be able to discover any file on Windows as long as it is on your hard drive and is not concealed via special software.
Use SpyHunter to scan for malware and unwanted programs
Scan your PC and Remove Skype Virus with SpyHunter Anti-Malware Tool and back up your data
1. Install SpyHunter to scan for Skype Virus and remove them.2. Scan with SpyHunter, Detect and Remove Skype Virus.
Back up your data to secure it from malware in the future.It is recommended to run a scan before purchasing the full version of the software to make sure that the current version of the malware can be detected by SpyHunter. Click on the corresponding links to check SpyHunter’s EULA, Privacy Policy and Threat Assessment Criteria.
Step 2: Guide yourself by the download instructions provided for each browser.
Step 3: After you have installed SpyHunter, wait for it to update automatically.
Step 1: After the update process has finished, click on the ‘Malware/PC Scan’ tab. A new window will appear. Click on ‘Start Scan’.
Step 2: After SpyHunter has finished scanning your PC for any files of the associated threat and found them, you can try to get them removed automatically and permanently by clicking on the ‘Next’ button.
Step 3: If any threats have been removed, it is highly recommended to restart your PC.
Back up your data to secure it against attacks in the future
IMPORTANT! Before reading the Windows backup instructions, we highly recommend to back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats. We recommend you to read more about it and to download SOS Online Backup .
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me:
- Guide 1: How to Remove Skype Virus from Windows.
- Guide 2: Get rid of Skype Virus from Mac OS X.
- Guide 3: Remove Skype Virus from Google Chrome.
- Guide 4: Erase Skype Virus from Mozilla Firefox.
- Guide 5: Uninstall Skype Virus from Microsoft Edge.
- Guide 6: Delete Skype Virus from Safari.
- Guide 7: Eliminate Skype Virus from Internet Explorer.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
How to Remove Skype Virus from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove Skype Virus
Step 2: Uninstall Skype Virus and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it. To do that:
Follow the instructions above and you will successfully uninstall most programs.Step 3: Clean any registries, created by Skype Virus on your computer.
The usually targeted registries of Windows machines are the following:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
You can access them by opening the Windows registry editor and deleting any values, created by Skype Virus there. This can happen by following the steps underneath:
Tip: To find a virus-created value, you can right-click on it and click "Modify" to see which file it is set to run. If this is the virus file location, remove the value.Before starting "Step 4", please boot back into Normal mode, in case you are currently in Safe Mode.
This will enable you to install and use SpyHunter 5 successfully.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Get rid of Skype Virus from Mac OS X.
Step 1: Uninstall Skype Virus and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove Skype Virus via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
→ ~/Library/LaunchAgents
/Library/LaunchDaemons
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove Skype Virus files from your Mac
When you are facing problems on your Mac as a result of unwanted scripts and programs such as Skype Virus, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Remove Skype Virus from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Erase Skype Virus from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Uninstall Skype Virus from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Delete Skype Virus from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Skype Virus will be removed.
Windows Mac OS X Google Chrome Mozilla Firefox Microsoft Edge Safari Internet Explorer
Eliminate Skype Virus from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.
