F-Secure
Tools
Skyperise
Summary
IM-Worm.Win32.Skyperise is a worm that propagates by sending chat messages to all possible Skype accounts. This chat message supposedly contains a link to a copy of the worm. The link to the malware is currently unavailable.
Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Additional Details
Upon execution, Skyperise searches for the presence of the Skype application in the system by checking the following registry entry:
It displays the following error message if the application is not found, and then it terminates:
Otherwise, it executes the Skype program and shows this Warning message:
Once the user has confirmed the Warning message, Skyperise randomly searches for users every three minutes. It then sends the following message to the discovered users:
Note: The path to which this link leads is unavailable at the time of this writing.
- HKEY_LOCAL_MACHINE\SOFTWARE\Skype\Phone
SkypePath = "[Skype application path]"
It displays the following error message if the application is not found, and then it terminates:
Otherwise, it executes the Skype program and shows this Warning message:
Once the user has confirmed the Warning message, Skyperise randomly searches for users every three minutes. It then sends the following message to the discovered users:
- Check this! http://marx2.altervista.org/[REMOVED].exe
Note: The path to which this link leads is unavailable at the time of this writing.