?
Solved

How can I find and delete the Trojans from the Chinese version of Skype (Skype Tom)?

Posted on 2011-10-13
8
Medium Priority
?
1,054 Views
Last Modified: 2013-12-06
How can I find and delete the Trojans from the Chinese version of Skype (Skype Tom)?

I found out a few days ago that the Chinese version of Skype (Skype Tom) is a complete SCAM. So I uninstalled it and installed an international version of Skype (I live in mainland China). But now, my computer is very slow and sometimes there is a popup-window in the Taskbar furthest down to the right on the screen in Chinese language (it pops up from time to time). The computer is really extremely slow, perhaps because I visited this site (which is reportedly full of Trojans): www.tom.com 

Tom.com is the Chinese partner to Skype and to install Skype in China you automatically gets directed to http://skype.tom.com 

Will "Western" anti-virus and tools like ComboFix, Malwarebytes etc. be able to find a Chinese Trojan? Or are there any Chinese anti-virus and tools for removing Trojans that would be better?
0
Comment
Question by:hermesalpha
8 Comments
 
LVL 7

Assisted Solution

by:pegasys
pegasys earned 200 total points
ID: 36966624
Spybot Seek & Destroy is a goodie for killing things like this....

What I'd do personally is:

1) Do a system restore to a time EARLIER than when the Skype was installed
2) Download Spybot S+D
3) Run it will a FULL scan
4) Go away for about an hour or two
5) Run your favourite AV
6) More coffee...

Even though the language of the computer is different, as well as the alphabet set, programming code is universal :) Anti-viruses look at the "binary" form of data which is not biased to a particular character set, nor language. It looks at programming patterns and finds viruses like that.

Example:

Someone in china is coughing and sniffing: They have a cold
SOmeone in england is coughing or sniffing: They have a cold

Describing the symptoms to each person would be different, but the symptoms are exactly the same as well as how to recognise the symptoms.
0
 

Author Comment

by:hermesalpha
ID: 36966665
Thanks pegasys, I'll try your suggestions right away. But I'll have to omit the first step (system restore) because I've had Chinese Skype for so long that probably the system restore point doesn't exist anymore. Anyway, I can't remember when I installed Chinese Skype either. Are my efforts wasteless do you think if I can't do a system restore to the time before Chinese Skype was installed?

Or should I go ahead with Spybot S&D without doing the system restore? And after Spybot, perhaps run ComboFix and Malwarebytes, and finally my AV ESET Smart Security?
0
 
LVL 8

Accepted Solution

by:
ee_reach earned 600 total points
ID: 36967550
If you have had Chinese Skype for that long, I probably wouldn't bother with a system restore.  I just spent the past week trying system restores and .NET Framework fixes for a similar reason.  In the end I found I could do a system restore only about three months back.  

I tried one of them from almost three months ago but that ended up causing so many problems that it was better just to try to clean up things from where I was.   The reason a system restore from that far back ago was problematic was because of all the upgrades and service packs that had been installed since then.  And because of that, all my apps were all mixed up about what patches/upgrades were installed and what weren't.  Which caused me to do many registry modifications and other system hacks just to get my laptop working again.

Anyway, that's my comment on your question about a system restore to a point quite a long time ago.

Re steps for clean up, be sure to run Malwarebytes too.  I always run two or three of these kinds of things (Malwarebytes, SuperAntiSpyware.com, AVG Rootkit, etc), until they all each run clean, and only then I would start with my favorite AV.  

It may require several runs of each before they all run clean since different ones will find different problems and once one item is fixed, others sometimes come to light.

Hope this helps!

ee_reach
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 4

Assisted Solution

by:Anuj Bhatia
Anuj Bhatia earned 200 total points
ID: 36977511
Hey Buddy,

Run a Full Scan of Malware Bytes in Safe Mode ... it should remove the infection from the computer .. but make sure your Malwarebytes is up to date ..

if this doesn't wrk then download Hitmanpro that should remove it ..

Awaiting reply

Anuj.
0
 
LVL 30

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 600 total points
ID: 36980336
@bhatiavk,

Running any removal tool in safe mode is not recommended unless user is unable to work in Normal mode.

@hermesalpha,

Please run the Full System Scan of MalwareBytes in Normal Mode and before that you might want to run Rogue Killer and immediately MalwareBytes.

Post the logs once you are finished cleaning the system for further analysis.

I would also like you to go through the articles below for general troubleshooting and help

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

I hope that would help.

Sudeep
0
 
LVL 7

Expert Comment

by:pegasys
ID: 37004647
Just to reiterate, do a system restore to an earlier time than when the infection happened. This will ensure that any major system changes are undone before running the cleaner.
0
 
LVL 39

Assisted Solution

by:BillDL
BillDL earned 400 total points
ID: 37010975
For info of experts.  Hermesalpha originally asked this question:
http://www.experts-exchange.com/Q_27394346.html
and has subsequently uninstalled the Chinese version of "Skype" and replaced it with the international real Skype application, but has been left with adware/malware that was (probably) installed by the Chinese fake.

hermesalpha

Have you looked in your Add/Remove Programs?
It is possible (although unlikely) that some of the programs causing the popups could actually be uninstalled normally.  I think you should check anyway.

If you need help to identify any of the programs listed in your Add/Remove Programs, then download "MyUninstaller" from here:
http://www.nirsoft.net/utils/myuninst.html
Direct Link - RIGHT-Click > Save TARGET As:
http://www.nirsoft.net/utils/myuninst.zip

Unzip that to a folder and you should have:
myuninst.exe <----- The standalone program
myuninst.chm (the help file)
readme.txt

Download the following batch file to the same folder as "myuninst.exe" and double-click on it to create a report named "Add-Remove_Report.txt".
 MakeReport.cmd
Either open the report and look yourself for odd programs, or else attach it here and we can look through it for you.  I would imagine that you will be better equipped to know which are the applications you installed and want to keep.

If you have done this and the popups do not stop, then carry on digging deeper with malware detectors.

Bill
0
 
LVL 39

Expert Comment

by:BillDL
ID: 37119609
Thank you hermesalpha
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It started not too long ago. It was at first annoying. My keystrokes seemed to be randomly generated, not the ones I typed on the keyboard. For some reason this only happened in certain applications (especially browsers such as IE11, Firefox and Chr…
Ransomware - Defeated! Client opened the wrong email and was attacked by Ransomware. I was able to use file recovery utilities to find shadow copies of the encrypted files and make a complete recovery.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question