Wriggle wriggle… eeeeeeyuckkkk… *squishhh*
>>> All Credits go to the users and mods from the main Skype forum <<<
What’s this worm about?
It’s a Dorkbot worm, where in the program, has a ZeroAccess rootkit and a keylogger.
What does the worm do?
Exploits Skype’s API to spam messages that claim along the lines of “lol is this your new profile pic? along with a link.
What if you click the link?
Leads to a download of a ZIP file that contains executable files.
What does that files do if I unzip and click it? (omg… slap yourself in the face if you do that).
Once installed, the Trojan horse opens a backdoor to let a remote hacker take control of the infected PC, and communicates with a remote server via HTTP.
Who does it infect?
Anyone with a Windows OS computer.
AVAST! Antivirus is known to detect and delete the files.
Change your Skype password immediately
In Skype application,
Go to, Tools >> Options… >> Advanced Settings
Click Manage other programs’ access to skype
Remove any unknown application (if any)
Make sure that you can see hidden files.
After that run FILEASSASSIN tools and delete the exe files found on…..
restore performance counter setting from backup
a) Click Start.
b) In the search box type cmd
c) Right click and select Run as administrator.
d) Type LodCtr.exe /R: PerfStringBackup.INI and press ENTER.
Note that, There is no SPACE after /R:
After you have used malwarebytes then do this online scan.
to make sure you have nothing else hiding away.
Additionally run msconfig.exe and disable any unknown startup programs.
Deleting any unknown entry in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
1.look for the process MDM.EXE in the processes tab on task manager
when you find it right click and kill the process.
2.go into your C: drive and go to the infected user account assc with skype
delete anything modified by the virus or anything out of the ordinary with a bunch of jumbled letters and #’s once you locate that delete them all but keep the other folders needed.
once deleted empty the recycle bin and restart the pc and start hitting f8 asap.
3.activate safe mode with networking and then log into the admin account go into your C: drive and locate the infected user account and be sure to unhide hidden files and folders as a precaution. Upon doing that go into the skype folder and locate the virus file Ngqcqp.exe when you find that delete the virus file to the recycle bin and empty the bin upon doing so run a full scan in safe mode with your av scanner depends on what you use.
4.then Press the microsoft key and the R key to bring up the run menu for windows xp
and type into the box regedit hit enter and Hkey current user software microsoft windows Current version and click on the run folder in safe mode delete the registry the assc with the Ngqcqp.exe file once done with that empty the trash bin then go to msconfig and in the startup section uncheck the box assc with the virus and let the system do a reboot and you should be good to go but make sure you uninstall skype before logging in if you haven’t done so already and change the password assc with the account on the skype website. hope this helps anyone with windows xp
We are aware of this malicious activity and are working quickly to take appropriate action to protect users.
Additionally, following links – even when from your contacts – that look strange or are unexpected is not advisable.