Does someone need me to recreate the incident or something? I’m comfortable with attempting to delete all my friends and add just a couple people and get Skype up in a VM and capture exactly what happens. I don’t care what must be done to stop/fix this, I just want this sht fixed. I’ve reinstalled Skype twice, renamed the Skype EXE. I’ve tried to replace explorer, every SINGLE damn time I load up Skype the ram goes up to fkin 300,000 usage and CPU chills at 25-50… also, when I try sending messages to people it does NOT send them as it is busy trying to spread/infect others I believe.
I’ll post an example picture in a second.
This is my Skype.exe renamed:
X
EVERY DAMN TIME, this is like ten seconds into logging in.
It doesn’t stop there, the RAM just climbs… just seconds later it ended up chilling around at 277,000.
Now this s**t keeps making file transfer noises:
X
I’m sure you can understand the frustration. My Skype is rendered unusable as whatever the hell I do, It’s like trying to swim through piles of sh*t. My entire Skype randomly locks up. It’s clear as day that my Skype is being abused for some purpose. I don’t know if it is using my Skype as a bot or if I’m backdoored. I am clueless as to how the hell this is working. If anyone would like to tackle this with me, I’ll give you an e back rub.
Typing in the friend search textbox results in it being cleared. Example: typing “friendname”, you end up with f… cleared r… cleared i… cleared. Once in a while I’ll get two or three characters in before it clears, but what the SERIOUS FCK? Who makes this stupid sht???!?!?!
Eventually it anal screws my Skype so hard to the point of it just doing absolutely nothing but spreading.
http://i.imgur.com/dGdeWi3.png
Does someone want me to create a damn .dmp(dump) file of the exe… I don’t know how useful that would/could be. When it comes to malware analysis consider me a scrub/noob. I’m just good with website security, though I do have interest in malware destruction/removal. I want a damn patch for this bullsh*t because anyone that feels the pain I’m in right now shouldn’t have to. It’s more than annoying to have a stupid little notification appear and all the sudden you’re infected, no clicking or anything. I’m so clueless right now, because I’m not retarded. I don’t click links, I don’t install random software that is untrusted. I check md5s of exe files before I run them. I’m borderline paranoid. I’m going complete psycho if I don’t get this fixed as I said earlier within two days of this occurring. I believe this has something to do with Microsoft ending API support by December ending(2014), so that pushed some pissy Skype bnet creators to quickly hop on abusing a forceful API hook or something similar. I’ve probably got some damn hidden Skype IMs right now to “chinese.leet.haxor” -.- ffs, this is so laaaaaaaaaaaame
Side-note: When you close/exit Skype it appears to be entirely exited/closed, but you still have your EXE open under process list. That’s the only way I usually close programs anyways is by ending the task, so I’m not bothered much… but for someone a little less experienced, they would likely just exit the software and continue spreading or being a slave.
I would suggest only running Skype as a guest user or an account with VERY limited system privs, but then again… as I’ve already said, I have wiped Skype off my system, wrecked the app data files, tried crawling registry in search of anything Skype. I’m stuck… I looked for newly added services or irregular ones that I’ve not noticed or seem suspicious. I’m stumped to hell right now and as I’ve said, I will do ANYTHING at all someone wants me to do. I don’t even care if someone gets access to my Skype account. Hell, I will give people my Skype user/pass if they want to figure this out. I advise not running this on a system you love. I don’t know if it infects the account itself or the system… perhaps both. I’m thinking it infects individuals from friends on a list. Whatever needs to be DONE, ANYTHING… I beg you Avast guys to help me out. This could be a really nasty widespread Skype botnet or something of that sort. Whatever it is, it is doing some really weird stuff with my Skype. Maybe it is mining such as bitcoin mining or something of that nature. I’m not sure how malicious this is in nature, but whatever it is… It’s pretty much a certain DoS for Skype and makes me really sketched out to do anything on my computer for the fear of having my accounts jacked.
An additional potentially helpful note is that I’ll notice that when the RAM usage shoots up high and CPU is demanded highly by the Skype EXE, especially when it is starting… when I click different windows in Skype everything just loads black. I’ll try to get a picture to demonstrate in a second.
Okay, so I just executed the Skype EXE and my windows explorer showed that “Please select how you want to open this file.” for a fraction of a second. I happened to catch that it had the radio box selected “Choose how you want to open this with your own selected application.”, so there appears to be some sort of way that my Skype exe is being ran within another SOMESHIT… I DONT FREAKINGGGG KNOOOOOWWWW… this makes me want to punch holes in my wall so hard -.- ugghhhhh.
Cancelling a file will look like this sometimes:
http://i.imgur.com/mWlLgGp.jpg
While doing something like opening up a conversation window with a friend can sometimes be entirely transparent or sometimes opaque/solid black as if my graphics card is doing some work.
http://www.coindesk.com/litecoin-radeon-shortage/
I suppose I should give launching Skype a go and checking into my GPU usage. That would be a pretty smart idea, so then I can know if these lame kids are just mining coins or whut. -.-
X
And now… I’ve just found out that when those file send noises randomly come up, my GPU goes up a bit. What the hell is going on x_0 the GPU load normally idles at about 1%/0% in GPU-Z. The second one of those send notifications appeared, my GPU load went up to 15%. I’m not making sense of this at all.