Skype Virus/Hacked that sends automated messages to your contact list

[JachuPL 300]

Since I'm not using Skype so often, it will be hard for me to explain. Today a friend of mine sent me a message on Facebook saying that probably someone hacked one of my skype accounts. Shit started to rain from the sky on 21st July, according to dates on skype:

What's the interesting part, the bot/malware/hacker has sent the same links to everyone on my contact list (except Echo, that sound/microphone testing bot). Each message included receivers Skype name. I did a quick research what might be the cause of this weird behaviour, but until none nothing has been found. Kaspersky still scans my HDD so I'll update as soon as it finishes. I haven't installed anything that day, so that's probably a virus I grabbed while browsing MPC or EPVP or M2Dev.

Remember - if you see ANY dangerous link sent or received, NEVER click it. It might harm your PC. I'd like to apologize for the following situation to @.InyaProduction and @GunnerMBT (there were more ppl the bot sent links to, but those are the ones that have account here). I hope you understand  I will update the topic with the screenshot after Kaspersky completes a full scan. Cheers.

[JachuPL 300]

As I promised, here's a screenshot of scan result:

Translation:

Full scan
No threats were found
Found 0, Neutralised 0, Non-processed 0
Databases state in the moment of scan initialization: Today, 2015-08-10, 05:17
ETA: 6 hours 33 minutes
Scan finish time: Today, 2015-08-10, 15:58

So probably someone hacked my account, but I wonder how and why.

[Dr3Ame3r 32]

First of all , make a scan with

Farbar Recovery Scan Tool

Then post here the results.

 

Thanks.

[Maslovicz 76]

Kaspersky is really not a good antivirus.
Use ESET or Malwarebytes for this virus.

[Metin2Dev12345 0]

Kaspersky is not good.. why not use ESET or restart ur computer?

[Metin2Dev12345 0]

Maslovicz i love what u said

[Aurora 46]

Whahahshahahahah its kinda funny that they say kaspersky is not good its the best anti-virus system in the world. And how can you say eset is better lol.

[Ayaka 291]

Whahahshahahahah its kinda funny that they say kaspersky is not good its the best anti-virus system in the world. And how can you say eset is better lol.

And where did you get this superior knowledge? there is no algorithm that can perfectly detect all possible viruses so there cant be a "best" anti-virus system. Not even kaspersky can handle all pests. It based all on up-to-date Software to be "safe" and the use of good identification methods to identify malware. Kaspersky as well as other Software (Bitdefender and many others) are well-suited for the job.

[Aurora 46]

Whahahshahahahah its kinda funny that they say kaspersky is not good its the best anti-virus system in the world. And how can you say eset is better lol.

And where did you get this superior knowledge? there is no algorithm that can perfectly detect all possible viruses so there cant be a "best" anti-virus system. Not even kaspersky can handle all pests. It based all on up-to-date Software to be "safe" and the use of good identification methods to identify malware. Kaspersky as well as other Software (Bitdefender and many others) are well-suited for the job.

I meant the best of all anti virus there are reviews from experts and video reviews that show that

[JachuPL 300]

Kaspersky is not good.. why not use ESET or restart ur computer?

Kaspersky is really not a good antivirus.
Use ESET or Malwarebytes for this virus.

I disagree with your opinions, guys. Kaspersky is always 2nd/3rd in top antivirus rankings, not only in Poland, but also in the worldwide rankings. It really is a good software (despite the unconfirmed rumors that Kaspersky collaborates with FSB)
 

First of all , make a scan with

Farbar Recovery Scan Tool

Then post here the results.

 

Thanks.

I will download it in a minute and use it, thanks.


//edit: Result of Farbar scanning - nothing to fix, but in log I found an error that's not related with Skype (Windows Phone 8.1 SDK and Nuget [VS package manager])

Edited August 11, 2015 by JachuPL
scan result update

[Ayaka 291]

Reviews with informations like "superfluous tools" in each software? All to know is what identification methods are used and detection rates on several malicious software in comprehensive tests. Pull the other leg if you want to show me reviews like google matches with "best anti-virus software". I dont want to discuss about the best Anti-Virus software because the is no best. If you really want to know read some stuff from Frederick B. Cohen and you will understand.

Edited August 11, 2015 by Ayaka

[Dr3Ame3r 32]

Kaspersky is not good.. why not use ESET or restart ur computer?

Kaspersky is really not a good antivirus.
Use ESET or Malwarebytes for this virus.

I disagree with your opinions, guys. Kaspersky is always 2nd/3rd in top antivirus rankings, not only in Poland, but also in the worldwide rankings. It really is a good software (despite the unconfirmed rumors that Kaspersky collaborates with FSB)
 

First of all , make a scan with

Farbar Recovery Scan Tool

Then post here the results.

 

Thanks.

I will download it in a minute and use it, thanks.


//edit: Result of Farbar scanning - nothing to fix, but in log I found an error that's not related with Skype (Windows Phone 8.1 SDK and Nuget [VS package manager])

That's a little bit strange .

Have you tried to run Emsisoft Emergency kit ? ( it's an advanced antivirus for virus developers and rootkit scans )

 

Edit:// I found some news  as i read some topics about this problems , it seems that the newer version of skype is vulnerable to botnet and remote connections atm . You should downgrade to a older version or you can still try my antithreating archive.

 

https://mega.co.nz/#!RBJyRL7L!4Hw64TB66KxoBOwH1hjWWhj4jRBwb7k5OkFFv7chnAQ

Edited August 11, 2015 by Dr3Ame3r

[JachuPL 300]

By now, someone sent me a very strange e-mail. The original version is in polish and was sent three days ago. It - of course - was found in spam folder.
The original post (in polish):

Szanowny Panie,

 

Dziekujemy za skontaktowanie sie Dzialem Obslugi Klienta Skype'a.

 

Przykro mi, za zaistniala sytuacje. Rozumiem jak frustrujace musi to byc dla Pana.

Nazywam sie Vasilika, bedzie dla mnie przyjemnoscia asystowac Panu podczas rozwiazywania tej kwestii.

 

Pragne poinformowac Pana, iz abym mogla kontynuowac udzielanie dalszej pomocy, bardzo prosze o podanie informacji zawartych w kwestionariuszu. Prosze kliknac na lacze ponizej:

 

 

https://support.microsoft.com/skype/hostpage.aspx?language=pl&locale=pl-PL&oaspworkflow=start_1.0.0.0&needslogin=false&wfname=skype&supportoption=email&SupportTopic_L1=32090814&SupportTopic_L2=32090831

 

 

Po wypelnienie ankiety bardzo prosze o poinformowanie mnie.

W sprawie dodatkowych informacji lub pomocy prosze ponownie skontaktowac sie z nami.

Z powazaniem,

Vasilika P.

Dzial Obslugi Klienta Skype

 

* Uprzejmie informuje, ze Pana zgloszenie zostalo odnotowane w naszym systemie, podaje numer tego zgloszenia, którego nalezy uzyc w tresci wiadomosci w razie potrzeby ponownego kontaktu dotyczacego tej konkretnej sprawy.

Numer zgloszenia:1299728966

Bardzo prosze miec na uwadze ankiete, która moze Pan od nas otrzymac. Bylabym niezmiernie wdzieczna, jesli poswiecilby Pan chwile na jej wypelnienie i wyrazil poziom zadowolenia w odniesieniu do udzielonego przeze mnie wsparcia.

English version:

Dear Sir,

 

Thank you for contacting with Skype Customer Service.

 

I'm sorry for this situation. I understand how frustrating can it be for you.

My name is Vasilika, it would be a pleasure for me to assist you during solving this  issue.

 

I'd like to inform you, that so I need to continue my help, please bring more details found in this form. Please click the hyperlink below:

 

 

https://support.microsoft.com/skype/hostpage.aspx?language=pl&locale=pl-PL&oaspworkflow=start_1.0.0.0&needslogin=false&wfname=skype&supportoption=email&SupportTopic_L1=32090814&SupportTopic_L2=32090831

 

 

After filling this form, please let me know.

If you need any more info, please let us know.

Yours faithfully,

Vasilika P.

Skype Customer Service

 

* Hereby I inform, that your ticket was registered in out system,  here's a number that you have to write in message in the case of need to contact again in a relation to that case.

Ticket number:1299728966

Please keep in mind that you can receive a poll from us. I'd be very grateful if you could spend some time to fill it and to show us how much you are satisfied with my help.

What makes it 'weird'?

• no polish letters (like: ąćęłńóźż)
• non-polish name
• link that points to the same form I used to send first ticket
• no solution tips
• weird e-mail address that message came from: Skype Customer Support <SKYPE.SKYP.WW.00.PL.TPR.ATH.CS.T01.REC.00.WB@css.one.microsoft.com>
• no images in the entire message
• No 'legal notice' in the bottom of the mesasge (like 'this email was sent to you because you filled a ticket on our site. Copyrigth (C) Microshit bla bla bla')

In the form I've written that I already have changed my password and described the entire situation. What should I write more? That I ate a breakfast at 7:53 am? What the fuck this has to do with someone probably stealing my password. What the fuck is going on, lulz.

Edited August 13, 2015 by JachuPL

[Maslovicz 76]

It's looking like a someone is trying to recover your password via skype support.

Don't answer on this email.

[Magdaaka 0]

Few days ago my account was also changed, but no messages were sent. It looks like a random guy created an account and there was some error on Skype server. I just got an email that my password got changed, and if it wasn't me I should contact Skype support etc. And I did exactly what you did and got the same reply (but this time the name was Polish, but with just a first letter of a surname :P)

So I was wondering, if you have figured out anything. So far I'm in a dead end, as I try to report it, I only get replies from this weird email.

Greets,

Magda

[TheMt2 11]

Solution Ultime :

Comodo + Bitdefender + MalwareBytes = Fuck Virus

[Rideas 163]

Solution Ultime :

Comodo + Bitdefender + MalwareBytes = Fuck Virus

Yesss 

[JachuPL 300]

Few days ago my account was also changed, but no messages were sent. It looks like a random guy created an account and there was some error on Skype server. I just got an email that my password got changed, and if it wasn't me I should contact Skype support etc. And I did exactly what you did and got the same reply (but this time the name was Polish, but with just a first letter of a surname :P)

So I was wondering, if you have figured out anything. So far I'm in a dead end, as I try to report it, I only get replies from this weird email.

Greets,

Magda

Hello @Magdaaka,
I've send apologies to the people that received those messages from my account and described situation. I didn't respond on that e-mail from support, but few days later I received an e-mail from [email protected].
Here's the original text in polish:

Drogi Kliencie firmy Microsoft,  dziękujemy za korzystanie z naszych usług. Bylibyśmy wdzięczni, gdyby zechciał/a Pan/Pani poświęcić nam 2 minuty i udzielić odpowiedzi na kilka pytań dotyczących niedawnego kontaktu z naszym zespołem. Sprawa ta miała numer 1299728966 została zamknięta w dniu 10 sierpnia 2015. Pana/Pani opinie pomogą nam podnieść jakość naszych usług.  Aby rozpocząć wypełnianie ankiety, należy kliknąć tutaj. Prosimy pamiętać, że to zaproszenie jest ważne tylko do dnia 24 sierpnia 2015. Dziękujemy za Pana/Pani cenne uwagi i poświęcony nam czas. — Zespól firmy Microsoft

Badanie satysfakcji firmy Microsoft — Zasady zachowania poufności informacji: Firma Microsoft dokłada wszelkich starań, aby chronić Pana/Pani prywatność. W ramach niniejszej ankiety nie jest wymagane podawanie żadnych dodatkowych informacji osobistych, a tego rodzaju informacje nie będą również zbierane. Aby dowiedzieć się więcej, proszę kliknąć: Zasady zachowania poufności informacji. Jeśli nie pamięta Pan/Pani swojego ostatniego kontaktu z działem pomocy technicznej Microsoft Support, należy kliknąć tutaj, aby nas o tym powiadomić. Nie będziemy wysyłać więcej wiadomości e-mail dotyczących tego kontaktu.  Ta wiadomość została wysłana na adres [email protected] z adresu [email protected]. Wysyłamy tę wiadomość, ponieważ Pan/Pani lub ktoś inny, korzystając z tego adresu e-mail, kontaktował się z pomocą asystowanąMicrosoft. Jeśli nie chce Pan/Pani figurować na liście adresowej ankiety badania zadowolenia użytkownika pomocy asystowanejMicrosoft, należy kliknąć tutaj. Microsoft Corporation One Microsoft Way Redmond, WA 98052

And an english translation:

Dear Microsoft Customer, thank you for using our services. We would be grateful if you wish to spend two minutes of time and answer some questions in regard to your contant with our team. That case had its number 1299728966 and was closed 10th august 2015. Your opinion might really help us to raise the level of our services. Click here to start solving the questionaire. Please remember, that this invitation is valid only before 24 sierpnia 2015. Thank you for your priceless annotations and your time. — Microsoft Team

Microsoft satisfaction research — Terms of Privacy: Microsoft does its best to protect your privacy. Therefore no additional information won't be collected or needed to solve the questionaire. If you want to know more, please click the following link: Privacy Terms. If you don't remember your last contact with Microsoft Support, please click here, to let us know. We will not send any more messages in regard to this contant.  This message was sent to <my email address> from [email protected]. We send this, because you or someone else using this e-mail address has contacted with assisted Microsoft help. If you don't want to figure on assisted Microsoft help list, please click here. Microsoft Corporation One Microsoft Way Redmond, WA 98052

 

I also ignored this e-mail. I changed the password to my skype account to a new one and monitored the app for a few days to see if it repeats. This was enough.
Greethings,
Jachu