Update August 2019. What is Skype virus? Because of their popularity and large adoption by users worldwide, applications such as Skype and Facebook are targeted by malware authors quite often. This article is dedicated to Skype malware, often referred to as simply “Skype virus”. Keep in mind that Skype virus is a generic name for all types of Skype-related malware.
|Short Description||Skype Virus is a generic name for various malware threats that are delivered over Skype.|
|Symptoms||The user may be affected by a malicious ad served over Skype, his account may be hijacked, etc.|
|Distribution Method||Malicious links and ads sent via Skype, pages hosting malware|
|Detection Tool|| See If Your System Has Been Affected by malware |
Malware Removal Tool
|User Experience||Join Our Forum to Discuss Skype Virus.|
Depending on the purpose of attackers, some Skype viruses are targeting user accounts and hijacking them, and others are using the application to infiltrate the operating system. Continue reading to learn more about the various types of Skype viruses and how to remove them, or better – evade infection.
Goo.gl Skype Virus: Technical Overview
One of the most common Skype viruses is the so-called Goo.gl Skype virus. It is also one of the oldest pieces of such malware. As it turns out, the malicious campaigns that deliver goo(.)gl spamming URLs in Skype are still active.
Users on various forums report to receive strange messages from their Skype friends. The messages usually contain pictures and shortened goo(.)gl links. When clicked, these spamming URLs land on suspicious web pages that offer a download of a malicious file. Once such data is saved on the system, it may cause severe malware infections or serve as a gateway for further threats. Users are highly advised not to interact with these links.
In case you have clicked on such a compromised link, it is a good idea to run a scan with an advanced anti-malware tool as the malware may have sneaked into the system.
Goo.gl Skype Virus: Distribution Methods
This Skype virus relies on some clever distribution techniques. Initially, the malware was distributed via a web link using goo(.)gl services, such as the following one, along with a luring message:
[skype.user]: haha you wouldn’t believe it http://goo(.)gl/lLGdM?foto=user
The web link then redirects to a 4shared, hotfile or other file-sharing services:
Then, the link may download a .Zip or another type of file containing the same malware. Symantec researchers have reported two main malware pieces associated with this Skype virus:
After one of the above malicious bots has been downloaded and activated on the compromised computer, it would immediately connect to a C&C (Command and Control) server. After connecting to the server, the malware may download other malware types such as:
- Spam Bots;
- Botnet kits.
It should also be noted that attacks of this character use obfuscators so that the malware remains undetected for longer times on infected computers. Attackers are typically using reputable services to spread malicious files and using affected users to spread spam messages to people in their contact list on Skype.
Skype.exe Virus: Technical Overview
Malware is known to use legitimate files that belong to legitimate programs. Such is the case with the Skype.exe virus. According to Hybrid Analysis, the malicious file is able to read terminal service related keys that may be RDP related. It also acts as spyware, being able to access sensitive information from local browsers, open the clipboard and retrieve keyboard strokes.
Here is a resume of its malicious capabilities:
- Modifying auto-execute functionality by setting/creating a value in the registry;
- Reading the active computer name;
- Reading the cryptographic machine GUID;
- Possibly capable of evading analysis by sleeping many times;
- Opening the MountPointManager (often used to detect additional infection locations);
- Contacting 2 domains and 2 hosts;
- Modifying of Proxy settings.
It should be noted that the Skype.exe file actually belongs to Microsoft. However, the file which was uploaded to Hybrid Analysis appears to have been modified by an unpaid evaluation copy of Resource Tuner 2. It is a tool for disassembling .exe and .dll files.
Malicious Ads Served Over Skype
Skype has been abused to serve malicious ads not once or twice. Last year, users reported that ads served through the application were serving malicious downloads that were leading to a ransomware infection. The ads triggered a download of an HTML application which was designed to look like a legitimate app. Upon opening the ad would download a malicious payload, a piece of ransomware, which would then encrypt the user’s files.
Severe Security Flaws in Skype
There have been a number of serious security vulnerabilities in Skype which increase the vulnerability of the operating system and may lead to malware and spyware infections, or in other words – to variations of the Skype virus. Such a severe security flaw was discovered in February 2018. The severe could could allow attackers to obtain full access to the compromised host. This would happen through gaining system-level privileges to a local user with no privileges. The flaw was discovered by security researcher Stefan Kanthak who reported it to Microsoft. The flaw resides in Skype’s update installer found to be vulnerable to DLL hijacking.
The severity of the DLL hijacking vulnerability, however, is not the only issue here. Apparently, Microsoft, the owner of Skype, isn’t planning on fixing the flaw any time soon. The reason is not because the flaw can’t be patched. It’s because patching it would require the software to be entirely re-written. What does this mean? Instead of simply releasing a patch, Microsoft would have to release a brand new version of the messenger.
The attack leveraging the Skype DLL hijacking flaw can happen using a range of DLL files with various loading processes. The worst part is that no trails are left in both the registry and file system indicating that an incorrect DLL had been previously loaded.
In case of a successful hijacking of the update process, the attacker would download and place the maliciously crafted DLL into a temporary folder. When Skype’s update installer attempts to locate the relevant DLL, it will locate the malicious one instead, and will install the maliciously crafted code.
Even though Kanthak, the researcher who reported the flaw, tested the attack on the Windows desktop version of Skype, he believes that the same DLL hijacking technique could be used against other operating systems like Linux and macOS. It should be noted that the exploit of the flaw works on the desktop version of Skype.
Skype Virus: How to Remove It from the System
If you believe that your system was affected by a Skype virus, you can refer to the instructions provided below.
In case of the Goo.gl Skype virus, you should consider disconnecting your computer from the internet while scanning, since this will break any active connection with attackers’ C&C servers.
Note! Your computer system may be affected by Skype Virus and other threats.
Scan Your PC with SpyHunter
SpyHunter is a powerful malware removal tool designed to help users with in-depth system security analysis, detection and removal of threats such as Skype Virus.
To remove Skype Virus follow these steps:
Use SpyHunter to scan for malware and unwanted programs
- Guide 1: How to Remove Skype Virus from Windows.
- Guide 2: Get rid of Skype Virus from Mac OS X.
- Guide 3: Remove Skype Virus from Google Chrome.
- Guide 4: Erase Skype Virus from Mozilla Firefox.
- Guide 5: Uninstall Skype Virus from Microsoft Edge.
- Guide 6: Remove Skype Virus from Safari.
- Guide 7: Eliminate Skype Virus from Internet Explorer.
How to Remove Skype Virus from Windows.
Step 1: Boot Your PC In Safe Mode to isolate and remove Skype Virus
Step 2: Uninstall Skype Virus and related software from Windows
Here is a method in few easy steps that should be able to uninstall most programs. No matter if you are using Windows 10, 8, 7, Vista or XP, those steps will get the job done. Dragging the program or its folder to the recycle bin can be a very bad decision. If you do that, bits and pieces of the program are left behind, and that can lead to unstable work of your PC, errors with the file type associations and other unpleasant activities. The proper way to get a program off your computer is to Uninstall it.
Step 3: Clean any registries, created by Skype Virus on your computer.
The usually targeted registries of Windows machines are the following:
You can access them by opening the Windows registry editor and deleting any values, created by Skype Virus there. This can happen by following the steps underneath:
Get rid of Skype Virus from Mac OS X.
Step 1: Uninstall Skype Virus and remove related files and objects
1. Hit the ⇧+⌘+U keys to open Utilities. Another way is to click on “Go” and then click “Utilities”, like the image below shows:
- Go to Finder.
- In the search bar type the name of the app that you want to remove.
- Above the search bar change the two drop down menus to “System Files” and “Are Included” so that you can see all of the files associated with the application you want to remove. Bear in mind that some of the files may not be related to the app so be very careful which files you delete.
- If all of the files are related, hold the ⌘+A buttons to select them and then drive them to “Trash”.
In case you cannot remove Skype Virus via Step 1 above:
In case you cannot find the virus files and objects in your Applications or other places we have shown above, you can manually look for them in the Libraries of your Mac. But before doing this, please read the disclaimer below:
You can repeat the same procedure with the following other Library directories:
Tip: ~ is there on purpose, because it leads to more LaunchAgents.
Step 2: Scan for and remove malware from your Mac
When you are facing problems on your Mac as a result of unwanted scripts, programs and malware, the recommended way of eliminating the threat is by using an anti-malware program. Combo Cleaner offers advanced security features along with other modules that will improve your Mac’s security and protect it in the future.
Remove Skype Virus from Google Chrome.
Step 1: Start Google Chrome and open the drop menu
Step 2: Move the cursor over "Tools" and then from the extended menu choose "Extensions"
Step 3: From the opened "Extensions" menu locate the unwanted extension and click on its "Remove" button.
Step 4: After the extension is removed, restart Google Chrome by closing it from the red "X" button at the top right corner and start it again.
Erase Skype Virus from Mozilla Firefox.
Step 1: Start Mozilla Firefox. Open the menu window
Step 2: Select the "Add-ons" icon from the menu.
Step 3: Select the unwanted extension and click "Remove"
Step 4: After the extension is removed, restart Mozilla Firefox by closing it from the red "X" button at the top right corner and start it again.
Uninstall Skype Virus from Microsoft Edge.
Step 1: Start Edge browser.
Step 2: Open the drop menu by clicking on the icon at the top right corner.
Step 3: From the drop menu select "Extensions".
Step 4: Choose the suspected malicious extension you want to remove and then click on the gear icon.
Step 5: Remove the malicious extension by scrolling down and then clicking on Uninstall.
Remove Skype Virus from Safari.
Step 1: Start the Safari app.
Step 2: After hovering your mouse cursor to the top of the screen, click on the Safari text to open its drop down menu.
Step 3: From the menu, click on "Preferences".
Step 4: After that, select the 'Extensions' Tab.
Step 5: Click once on the extension you want to remove.
Step 6: Click 'Uninstall'.
A pop-up window will appear asking for confirmation to uninstall the extension. Select 'Uninstall' again, and the Skype Virus will be removed.
Eliminate Skype Virus from Internet Explorer.
Step 1: Start Internet Explorer.
Step 2: Click on the gear icon labeled 'Tools' to open the drop menu and select 'Manage Add-ons'
Step 3: In the 'Manage Add-ons' window.
Step 4: Select the extension you want to remove and then click 'Disable'. A pop-up window will appear to inform you that you are about to disable the selected extension, and some more add-ons might be disabled as well. Leave all the boxes checked, and click 'Disable'.
Step 5: After the unwanted extension has been removed, restart Internet Explorer by closing it from the red 'X' button located at the top right corner and start it again.