Just in via a Skype blog posting from Skype's Villu Arak:
Skype has learned that a computer virus called “w32/Ramex.A” is affecting users of Skype for Windows. Users whose computers are infected with this virus will send a chat message to other Skype users asking them to click on a web link that can infect the computer of the person who receives the message.
Please note that Skype users ONLY become infected after they have downloaded the link and run the malicious software. The chat message, of which there are several versions, is cleverly written and may appear to be a legitimate chat message, which may fool some users into clicking on the link.
Skype has been in contact with the leading antivirus software companies about this worm, and we know that they are updating their software to effectively stop this worm and as well as its side effects. Currently, F-Secure and Kaspersky Lab have already updated their antivirus products to detect and remove the worm.
We would like to encourage our users to ensure that they are running anti-virus software on their computers and to download the latest anti-virus updates in order to provide the best protection against this and other viruses.
- There's also a techhead way to fix this manually. Villu only recommends this for highly experienced Skype users:
- Restart the PC in safe mode
- Run regedit
- Go to HKLM/software/microsoft/windows/currentversion/runonce find entry with mshtmldat32.exe. Delete this entry.
- Go to Windows\System32 directory and delete following files: wndrivs32.exe, mshtmldat32.exe, winlgcvers.exe, sdrivew32.exe
- Go to windows/system32/drivers/etc
- Find file hosts
- Open it with notepad, ctrl+a and delete all entries (this will resume your antivirus updates), save, close.
- Restart the PC