Worm that affects Skype for Windows users

Villu Arak posted the following on the Skype blog: “The new week has started with a bang. And not the kind of bang we like. Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message.

Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link.

Skype has been in contact with the leading antivirus software companies about this worm, and we know that they are updating their software to effectively stop this worm and as well as its side effects. Currently, F-Secure, Kaspersky Lab and Symantec have already updated their antivirus products to detect and remove the worm.”

Mr. Arak also provided some tips for expert users on removing the worm manually:

1. Restart the PC in safe mode
2. Run regedit
3. Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
4. Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
5. Go to windows/system32/drivers/etc
6. Find file hosts
7. Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
8. Restart the PC.