W32.Skyhoo.Worm
W32.Skyhoo.Worm is a computer worm that is being propagated by means of Yahoo instant messaging and Skype programs. W32.Skyhoo.Worm is embedded as a link in a message sent by a friend usually in a JPG format. This was purposely trying to mislead users into clicking the link that will result to a worm infection. When W32.Skyhoo.Worm infected a computer, it will gather email address and sends the same malicious message to contacts.
Aside from instant messaging, it was also discovered that W32.Skyhoo.Worm is spreading via email as an attached link, infected document or JPG file. When executed on the computer, this worm will setup an IRC connection that will allow a remote attacker to gain unauthorized access.
Alias: Win32.Skyhoo, Worm Skyhoo
Damage Level: Low
Systems Affected: Windows
Removal of W32.Skyhoo.Wormusing TrendMicro’s SysClean
1. Temporarily Disable System Restore in Windows XP.
Note: You must have an Administrator Privilege to be able to disable System Restore on Windows XP. It is advised to enable it after this procedure.
a) On the Desktop, Right Click on My Computer
b) Select the System Restore Tab
c) Mark the “Turn Off System Restore” to disable and Uncheck to Enable
d) Click Apply on the Bottom of the Dialog Box to save the settings.
e) A message “This deletes all existing restore points” will appear, click Yes to disable.
f) Click OK.
2. Download Sysclean, Pattern Files and Spyware Pattern Filesby TrendMicro here and save them on the same directory on your Desktop. Please create a new Directory.
3. Extract the contents of the lptxxx.zip and ssapiptnXXX.zipon the folder where Sysclean is located.
6.Restart Windows in SafeMode
a) During BootUp process Press F8 continuously until selection appears
b) Use Arrow Up+Down to select SafeMode on the selections menu.
c) Hit Enter to proceed.
7.If it requires you to login please use the login name with administrative rights. Without this privilege, Sysclean will not delete/clean infected files located on System folder.
8.Browse the Sysclean folder on on your Desktop and Double-click Sysclean.exe (Sysclean.com) to run and do a full system scan. This may take time. Reboot when finished, repeat as desired to make sure that all threats associated with W32.Skyhoo.Worm are removed.