Win32:SkiMorph (Cryp) Virus Found: What Do I Do/

This is the first time I have posted here, and I need help as I’m completely lost as to what to do. I ran a complete virus scan today, and for the first time, was warned of having a virus (named in title of thread). I have no idea what it is or what it’ll do to my computer, or what to do to get rid of it. I ran the scan for over 6 hours: it’s never taken that long to run a scan previously: I eventually got fed up with it taking so long and stopped the scanning process. Supposedly, the scan was 100% complete according to the status while it was still running, but the scan kept running anyway. About every 5 minutes the “warning” siren sounded and when it did, I dumped the virus into the virus chest. I checked the log after stopping the scan, and it reported that there were 74 infected files - 2 of which were successfully dumped into the virus chest, and the rest were unsuccessfully dumped. I have no idea how many more files were potentially infected, because I stopped the scan before it was supposedly completed. I have no idea what’s going on, or what to do to get rid of the virus. Please help!! ??? :-[

Hi LostInCyberspace

Win32:SkiMorph is how avast refers to this detection - as yet still a little elusive, but first detections by avast 2008

December 2009
http://www.virustotal.com/analisis/e555e125a8b03cb125477347f9d4f1641a79718ff0f616b80a59d2b60987705d-1260682863

here a McAfee analysis
http://vil.nai.com/vil/content/v_187411.htm

bitdefender
http://www.bitdefender.com/VIRUS-1000480-en--Adware.NaviPromo.Gen.5.html

Take care until know the exact detail on this detection.
This malware is probably not as bad as it looks, but will still need some work to remove it.

try Malwarebytes to start with - http://forum.avast.com/index.php?topic=53253.0

Thanks for responding, MKIS. :slight_smile: Unfortunately, I really am lost as to what you’re recommending to do. I get the gist of it, but I really can’t decipher what I should do to get rid of the virus/worm. All that technical talk is foreign to me. ??? It sounds as if it’s not too dangerous, but still, I’d like to get rid of it: I don’t like the thought of any virus being in my computer, ya know? Mainly because I don’t know what it’ll do, or if it’s one that could possibly steal any personal information. I don’t even know HOW I picked up the virus, as I’m always very careful about those things. I apologize for sounding like a complete idiot, but I really am lost here on what to do. I’ve never had to deal with a virus till now. I’m probably gonna need step-by-step instructions, in layman’s terms. :-[

no you’re not not an idiot at all. what I am doing is identifying the virus for others to see.
so you can get help with removal

mbam is a removal tool - download it from here (look in top right-hand corner where says 5.64MB)
http://forum.avast.com/index.php?topic=53253.0

Install on yr system - update using the Update tab - then Scan yr computer

Quarantine the detections/infections that are listed at the end of scan and reply post the log here.

I have to go out for a while but someone should be along shortly

[b]I downloaded the mbam (and also spybot) as you recommended, MKIS, but didn’t see any update tab anywhere to click on. ??? Also, how do you reply post the log? (told ya I wasn’t too computer savvy :-[).

I appreciate your help! :)[/b]

did mbam find any infections?

for mbam - reply post by just copying the log and pasting into post editor (right here)

I think try this tool next - (unless things have greatly improved - but wont hurt to try it anyway)
http://www.gmer.net/

go to Download.EXE (under the large image on screen)

  • click to download and type in yr own name for the file, since virus might know the gmer name
  • run the program and reply post here, so we can read the analysis / removal log

Also - run gmer ideally with internet disconnected and antivirus / spyware programs not running

  • remember to turn these protections programs back on after gmer scan has run

[b]Okay, I downloaded & installed the MBAM and ran a scan: according to the scan, no viruses/infections were found - which kind of confuses me because Avast tells me I have infected files. ??? I also downloaded & installed SpyBot, but didn’t run the scan because it’s telling me to do things that I don’t understand: I’m totally lost on that one. I’m thinking that maybe I should just uninstall the SpyBot program because I don’t know what I’m doing. Is MBAM enough to help protect me and should I not worry about SpyBot?

Again, I really appreciate all your help, MKIS. :)[/b]

mbam scans for spyware, which you dont seem to have so dont worry about for now

can you run an online scan with bit defender just so we can see what comes up
http://www.bitdefender.com/scanner/online/free.html

I havent used this scan before, but need something a bit more solid to work with.

Do you know how to run avast bootscan?

  • if you click avast icon, open avast user interface, then go to Help Center in top right hand corner
  • Help Center, left-hand column, scroll down to scanning for viruses, and find Boot-time scan

When time comes - boot-time scan is found under SCAN COMPUTER in the left column of avast user interface

  • but you need to know how to schedule it first - Help Center tells you how to do that

I tried running the quickscan with Bitdefender, but FireFox blocked me from doing so. I can unblock it and install the Bitdefender, but is it really safe to trust their website? I don’t mean to sound paranoid, but AM now since getting infected (if I really am). Could it be a false positive?

No, I don’t know how to run a bootscan. ???

I meant to reply sooner, but didn’t get around to it before now.

Bitdefender is safe

How to bootscan with avast 5
http://www.schmahl.net/avastbootscan.php

How to bootscan with avast 4.8
http://www.digitalred.com/avast-boot-time.php

I downloaded the Bitdefender, but according to their TOS, it sounds as if I need to purchase something so I didn’t accept. ??? Is that just if you want to purchase better protection or something?

I really feel like an idiot for asking all these questions! But I really am not too computer savvy on a lot of things! :-[

I appreciate your help too, Pondus. :slight_smile:

I am not familiar with the bitdefender scanner …

but you can try these, download and save to desktop and run from there. They are fully updated when downloaded
They are not installed so when they have done the job you can just drag and drop in the resycle bin

DrWeb CureIt http://www.freedrweb.com/cureit/?lng=en
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/
Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en-us