Jump to content

Skype Crashing


Recommended Posts

Hey. Recently I recieved a keymaker.exe file. It was identified by Avast! as a Rootkit-Gen attempting to infect explore.exe. I've tracked the virus around my system and deleted it using Avast since MBAm my main scanner couldn't detect it. I sent the file in and all is well now. Except when I try to restore the file to investigate it a little further it says "file in use at Skype." I've scanned it using both my AV and MBAM and it isn't detecting anything. On top of this, Skype will periodically crash now. I've not seen any other indication it's infected something succesfully. Everything boots normally, just as quickly as normal. Any ideas?

 

Link to post
Share on other sites

man , i thought that sounded familiar ... from back in 2005 !

just how did you receive it ?

 

a little google-foo indicates that "keymaker.exe" is supposedly  a "random password generator based on ..." : http://www.scanwith.com/download/keymaker.htm

of course , it also shows up as a nasty bit of work as well : http://www.threatexpert.com/files/keymaker.exe.html

it has been associated with other software items : http://www.411-spyware.com/file-keymaker-exe

a look through the google returns shows typical/similar results .

disclaimer ... the sites listed are for demonstration/reference only ... do not download anything from them .

 

i may be wrong here but the program was originally designed to innocuously generate passwords but was infected by some nefarious types ; it is a vector for various infections .

that said , i would (personally) head over to the malware removal section .

Link to post
Share on other sites

Correct CWB. I recieved the file from a friend of mine via Skype IM. When it was downloaded successfully Avast! went nuts saying there was a virus in it. I thought it was cleaned but I thought wrong. Skype won't load and I'm now worried that the Rootkit has indeed managed to infect me. If you wish I can upload a Zipped copy of it with the extension .part if Avast will co-operate enough to let the virus go. Will it pose a threat as a spambot and send its self to everyone on my contact list? When I went through the coding in it I saw some key things indicating it was originally a regular program generating passcodes like key names Bandicam (Screen Recorder).

 

Here's what Notepad is giving me. <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">

<assemblyIdentity
    version="1.0.0.0"
    processorArchitecture="x86"
    name="Bandisoft"
    type="win32" />
<description>Bandicam</description>
<dependency>
    <dependentAssembly>
       <assemblyIdentity   type="win32"
        name="Microsoft.Windows.Common-Controls"
        version="6.0.0.0"
        publicKeyToken="6595b64144ccf1df"
        language="*"
        processorArchitecture="x86" />
    </dependentAssembly>
</dependency>
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.