Skype LOL Profile Pic Worm

Wriggle wriggle… eeeeeeyuckkkk… *squishhh*
>>> All Credits go to the users and mods from the main Skype forum <<<


What’s this worm about?
It’s a Dorkbot worm, where in the program, has a ZeroAccess rootkit and a keylogger.

What does the worm do?
Exploits Skype’s API to spam messages that claim along the lines of “lol is this your new profile pic? along with a link.

What if you click the link?
Leads to a download of a ZIP file that contains executable files.

What does that files do if I unzip and click it? (omg… slap yourself in the face if you do that).
Once installed, the Trojan horse opens a backdoor to let a remote hacker take control of the infected PC, and communicates with a remote server via HTTP.

Who does it infect?
Anyone with a Windows OS computer.

Anything I can do to delete this file if I accidentally download it? >_>
AVAST! Antivirus is known to detect and delete the files.

Change your Skype password immediately

In Skype application,

Go to, Tools >> Options… >> Advanced Settings

Click Manage other programs’ access to skype

Remove any unknown application (if any)

download malwarebytes

Run Malwarebytes.

Make sure that you can see hidden files.

After that run FILEASSASSIN tools and delete the exe files found on…..




restore performance counter setting from backup

a)     Click Start.

b)     In the search box type cmd

c)     Right click and select Run as administrator.

d)     Type LodCtr.exe /R: PerfStringBackup.INI and press ENTER.

Note that, There is no SPACE after /R:


After you have used malwarebytes then do this online scan.
to make sure you have nothing else hiding away.
Additionally run msconfig.exe and disable any unknown startup programs.
Deleting any unknown entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In the processes tab of task manager just delete the process  named 8O6A. The process name is close to that.
Empty the recycling bin.
To be on the safe side, if you use that computer for any online transactions, change all your passwords.
For XP users:
1.look for the process MDM.EXE in the processes tab on task manager

when you find it right click and kill the process.

2.go into your C: drive and go to the infected user account assc with skype

delete anything modified by the virus or anything out of the ordinary with a bunch of jumbled letters and #’s once you locate that delete them all but keep the other folders needed.

once deleted empty the recycle bin and restart the pc and start hitting f8 asap.

3.activate safe mode with networking and then log into the admin account go into your C: drive and locate the infected user account and be sure to unhide hidden files and folders as a precaution. Upon doing that go into the skype folder and locate the virus file Ngqcqp.exe when you find that delete the virus file to the recycle bin and empty the bin upon doing so run a full scan in safe mode with your av scanner depends on what you use.

4.then Press the microsoft key and the R key to bring up the run menu for windows xp

and type into the box regedit hit enter and Hkey current user software microsoft windows Current version and click on the run folder in safe mode delete the registry the assc with the Ngqcqp.exe file once done with that empty the trash bin then go to msconfig and in the startup section uncheck the box assc with the virus and let the system do a reboot and you should be good to go but make sure you uninstall skype before logging in if you haven’t done so already and change the password assc with the account on the skype website. hope this helps anyone with windows xp

Malicious activity in Skype chats.

By My status Leonas Sendrauskas on October 9, 2012.

We take the user experience very seriously, particularly when it comes to security.
We are aware of this malicious activity and are working quickly to take appropriate action to protect users.
We continue to recommend upgrading to the latest version of Skype and applying updated security features on your computer.
Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.


Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s