Final method: Skypee virus removal

Categories:  Security
Labels:  virus

Today is my malware day wow! Today we will learn how to delete replicating “Skypee” virus from your windows operated pc. It is possible to delete any shortcut virus completely. If it replicates itself then I would suggest you to read this post final solution.

First of all, click on my computer icon->tools->folder options->view.

Uncheck hide protected system folders and files… and click on the show hidden folders and files… radio buttons.

Press ok.

Now open each drive. You must see some hidden folders/files in the infected drives/mmc.

Now open the skypee folder which must be hidden. you will find a hidden skypee folder in it which contains some files especially autoit3(.exe).

Copy its name(auto…) and then delete the skype folder and its content. Go to the start menu and click on Run. Type “regedit.exe” without quotes.
Press enter to open it. From its menu click on find and paste the strings that you copied previously.
Click on the find button. Thereafter delete those files containing that string. Click on find next button in regedit and do the same job.

In my case I also delete a hidden google folder (C:\google). I suspect that it is a malicious folder created by the same viruses, later time google chrome browser ran normally without problems.

Go to the start menu and click on Run (Win+R keys shortcut). Type “msconfig” without quotes, then cycle to the Windows startup tab. Thereafter uncheck those suspects entries containing the strings “Google”, “adobe”, adopeflash pointing to C:\Google\tmpE0D.tmp.Google.exe, adopeupdate pointing to C:\Google\GoogleUpdate.lnk, “Windows Update” pointing to C:\Google\Windowsupdate.lnk; in the windows startup programs tab. They have “unknown” in the manufacturer field and make autorun the viruses on startup.

Moreover, press The home button (key+R) and type “msconfig” without quotes then cycle to the Services tab, check the Hide all Microsoft services checkbox and find AutoIT, Skypee and one more - always most hidden service weirdly called Google, Google Update, UNCHECK all these, click on Apply, then OK. If it prompts you to restart before exiting, click on the other option; RESTART LATER.
Then go back to the business of deleting those folders and files - Kinda lazy and tired to keep on repeating the same steps. Goodluck, After, restart your computer and verify that all go fine.


N.B :

  1. First of all, delete all Unknown hidden file from your SD card.

  2. Don’t double click on the files of the skypee folder.

  3. Don’t delete or modify any other file in regedit except those malicious files.

  4. Restart is not required.

  5. Always open your SD card using explorer.

Can anyone else with this issue confirm the proposed solution works?

Yes it works if the whole PC isn’t infected and the virus hasn’t replicated.

However, if it is infected, probably it wont allow you to delete their contents of the file since some file would be running in.
First, combine keys (CTRL+ALT+Del) then click on Start Task Manger or Home button (key+R) and type taskmgr.exe and hit enter; whichever works for you.
Cycle to the processes tab and try to find AutoIT.exe, AutoIT3.exe, tmpE0D.tmp.Google.exe, or whatever that obstruct to delete the malware folder… then right-Click on it and click on End Process Tree. Go back to your drives and follow Muhammad’s method above exposed.

PSD: Remember delete the ^0] file in the windows folder XD;D.