Search News
Site
Web
|
IM-Worm:W32/Pykse.A. serang Skype
IM-Worm:W32/Pykse.A. serang Skype
Date 17/04/2007
• M-Worm:W32/Pykse.A. sedang menyebar melalui Skype melalui API
Latest update 10 Sep 2007 W32/Pykse.D
IM-Worm:W32/Pykse.A. sedang menyebar melalui Skype melalui API.
Berukuran 179kb ditemukan 15 April 2007, bila terinfeksi maka status user akan menampilkan DnD -Don't distrub. Worm ini menyiasati seseorang untuk mengclick sehingga diarahkan ke sebuah situs lain. Bila Worm dijalankan akan tampil gambar buram dengan kesan telanjang.
F-Secure
How to remove by 2-Spyware
Pykse manual removal:
Kill processes:
skype.exe, [X].exe
HELP:
how to kill malicious processes
Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\SkypeStartup
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SkypeStartup
HKEY_CLASSES_ROOT\AppID\invisible.dll
HKEY_CURRENT_USER\Software\SkypeWorm
HKEY_CLASSES_ROOT\CLSID\{7FB39839-665D-4D47-873C-D3FD9009FC3B}
HKEY_CLASSES_ROOT\Interface\{7FB19539-665D-4D47-873C-D3FD9719FC3B}
HKEY_CLASSES_ROOT\TypeLib\{7FB29539-665D-4D47-873C-D3FD9719FC3B}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FB39839-665D-4D47-873C-D3FD9009FC3B}
HELP:
how to remove registry entries
Unregister DLLs:
invisible002.dll
HELP:
how to unregister malicious DLLs
Delete files:
skype.exe, [X].exe, invisible002.dll
HELP:
how to remove harmful files
Misc:
[X] is a combination of random characters.
Exact file location:
[X].exe - C:\WINDOWS\Temp or C:\WINNT\Temp
skype.exe, invisible002.dll - C:\WINDOWS\System32 or C:\WINNT\System32
How to remove by Sophos
Mal/Pykse-A is a worm for the Windows platform.
Mal/Pykse-A is most likely to be installed by clicking on a link contained in a received Skype message. The worm spreads by sending messages to online contacts using the Skype API. If the recipient clicks on the link, a Trojan dropper (detected as Troj/Dropper-OI) is downloaded. When Troj/Dropper-OI is executed, an enticing image is displayed, and Mal/Pykse-A is dropped and silently executed.
Mal/Pykse-A installs itself as Skype.exe in the Windows system folder. A dll component is also installed to the system folder, as Invisible002.dll
The following Registry entries are added to hook system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SkypeStartup
(system)\Skype.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SkypeStartup
(system)\Skype.exe
The following Registry entries are added to install the dropped dll as a browser helper object:
HKCR\CLSID\(7FB39839-665D-4D47-873C-D3FD9009FC3B)
HKCR\Interface\(7FB19539-665D-4D47-873C-D3FD9719FC3B)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
(7FB39839-665D-4D47-873C-D3FD9009FC3B)
The worm also adds the following Registry entry:
HKCU\Software\SkypeWorm
Once running, Mal/Pykse-A attempts to connect to a number of remote websites.
How to remove by Mwti Win32.Pykse.a
To remove the virus, please follow the steps below:
1) The latest virus vaccine update of eScan removes the worm from your system. Ensure that Internet access for your system is running. Right click on and click Download eScan update. The latest updates are downloaded,your system is scanned and the worm is removed.
OR
2) Download the free MicroWorld Anti Virus Toolkit (MWAV Tool Kit). The tool checks your machine for viruses. If any illegal dialers or sniffer tools have been installed they are detected.
MWAV Tool Kit
(Download the free MicroWorld Anti Virus Toolkit that detects viruses in system registry and running processes)
Link 1
Link 2
Link 3
eScan Internet Security Suite (ISS)
(Download MicroWorld`s eScan that detects viruses in system registry,running processes and has a real time monitor)
Link 1
Link 2
Link 3
Link 4
Link 5
Link 6
How to remove by Symantec
|
|
|