How can I find and delete the Trojans from the Chinese version of Skype (Skype Tom)?

Posted on 2011-10-13
Last Modified: 2013-12-06
How can I find and delete the Trojans from the Chinese version of Skype (Skype Tom)?

I found out a few days ago that the Chinese version of Skype (Skype Tom) is a complete SCAM. So I uninstalled it and installed an international version of Skype (I live in mainland China). But now, my computer is very slow and sometimes there is a popup-window in the Taskbar furthest down to the right on the screen in Chinese language (it pops up from time to time). The computer is really extremely slow, perhaps because I visited this site (which is reportedly full of Trojans): is the Chinese partner to Skype and to install Skype in China you automatically gets directed to

Will "Western" anti-virus and tools like ComboFix, Malwarebytes etc. be able to find a Chinese Trojan? Or are there any Chinese anti-virus and tools for removing Trojans that would be better?
Question by:hermesalpha
    LVL 7

    Assisted Solution

    Spybot Seek & Destroy is a goodie for killing things like this....

    What I'd do personally is:

    1) Do a system restore to a time EARLIER than when the Skype was installed
    2) Download Spybot S+D
    3) Run it will a FULL scan
    4) Go away for about an hour or two
    5) Run your favourite AV
    6) More coffee...

    Even though the language of the computer is different, as well as the alphabet set, programming code is universal :) Anti-viruses look at the "binary" form of data which is not biased to a particular character set, nor language. It looks at programming patterns and finds viruses like that.


    Someone in china is coughing and sniffing: They have a cold
    SOmeone in england is coughing or sniffing: They have a cold

    Describing the symptoms to each person would be different, but the symptoms are exactly the same as well as how to recognise the symptoms.

    Author Comment

    Thanks pegasys, I'll try your suggestions right away. But I'll have to omit the first step (system restore) because I've had Chinese Skype for so long that probably the system restore point doesn't exist anymore. Anyway, I can't remember when I installed Chinese Skype either. Are my efforts wasteless do you think if I can't do a system restore to the time before Chinese Skype was installed?

    Or should I go ahead with Spybot S&D without doing the system restore? And after Spybot, perhaps run ComboFix and Malwarebytes, and finally my AV ESET Smart Security?
    LVL 8

    Accepted Solution

    If you have had Chinese Skype for that long, I probably wouldn't bother with a system restore.  I just spent the past week trying system restores and .NET Framework fixes for a similar reason.  In the end I found I could do a system restore only about three months back.  

    I tried one of them from almost three months ago but that ended up causing so many problems that it was better just to try to clean up things from where I was.   The reason a system restore from that far back ago was problematic was because of all the upgrades and service packs that had been installed since then.  And because of that, all my apps were all mixed up about what patches/upgrades were installed and what weren't.  Which caused me to do many registry modifications and other system hacks just to get my laptop working again.

    Anyway, that's my comment on your question about a system restore to a point quite a long time ago.

    Re steps for clean up, be sure to run Malwarebytes too.  I always run two or three of these kinds of things (Malwarebytes,, AVG Rootkit, etc), until they all each run clean, and only then I would start with my favorite AV.  

    It may require several runs of each before they all run clean since different ones will find different problems and once one item is fixed, others sometimes come to light.

    Hope this helps!

    LVL 4

    Assisted Solution

    by:Anuj Bhatia
    Hey Buddy,

    Run a Full Scan of Malware Bytes in Safe Mode ... it should remove the infection from the computer .. but make sure your Malwarebytes is up to date ..

    if this doesn't wrk then download Hitmanpro that should remove it ..

    Awaiting reply

    LVL 29

    Assisted Solution

    by:Sudeep Sharma

    Running any removal tool in safe mode is not recommended unless user is unable to work in Normal mode.


    Please run the Full System Scan of MalwareBytes in Normal Mode and before that you might want to run Rogue Killer and immediately MalwareBytes.

    Post the logs once you are finished cleaning the system for further analysis.

    I would also like you to go through the articles below for general troubleshooting and help (Rogue-Killer-What-a-great-name) (Stop-the-Bleeding-First-Aid-for-Malware) (Basic Malware Troubleshooting)

    I hope that would help.

    LVL 7

    Expert Comment

    Just to reiterate, do a system restore to an earlier time than when the infection happened. This will ensure that any major system changes are undone before running the cleaner.
    LVL 38

    Assisted Solution

    For info of experts.  Hermesalpha originally asked this question:
    and has subsequently uninstalled the Chinese version of "Skype" and replaced it with the international real Skype application, but has been left with adware/malware that was (probably) installed by the Chinese fake.


    Have you looked in your Add/Remove Programs?
    It is possible (although unlikely) that some of the programs causing the popups could actually be uninstalled normally.  I think you should check anyway.

    If you need help to identify any of the programs listed in your Add/Remove Programs, then download "MyUninstaller" from here:
    Direct Link - RIGHT-Click > Save TARGET As:

    Unzip that to a folder and you should have:
    myuninst.exe <----- The standalone program
    myuninst.chm (the help file)

    Download the following batch file to the same folder as "myuninst.exe" and double-click on it to create a report named "Add-Remove_Report.txt".
    Either open the report and look yourself for odd programs, or else attach it here and we can look through it for you.  I would imagine that you will be better equipped to know which are the applications you installed and want to keep.

    If you have done this and the popups do not stop, then carry on digging deeper with malware detectors.

    LVL 38

    Expert Comment

    Thank you hermesalpha

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
    Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now