if you have this mesege

labas
kaip tau tokia?
kaip tau tokia?
http://www.papai.ru/foto_galerija/sandra.jpg
http://www.papai.ru/foto_galerija/sandra.jpg
oi netau cia turejo but sory
uj netau sry
(devil)


THIS boot came from Lithuania pile its works sample you pres link hi instals to you pc and send this meseges all you frens

OMG DO SAMFING STOP THIS (SPEMER VIRUS OR BOOT)

IF you have this meseges in you pm do not pres this link

any ideas how to get rid of it?

find same remover start pc to msdos find all *.bat tmp. .lnk files
adn star windows same sourcuts disaper but do not need reinstall win

if you followed the link given, delete
SkypeStart from your registry in:

HKLocalMachine/Software/Microsoft/Windows/CurrentVersion/Run
HKCurrentUser/Software/Microsoft/Windows/CurrentVersion/Run

Also skype.exe and invisible002.dll from C:\windows\system32

Follow RcK's instructions for removal, that is the best way.

i cant find the invisible002.dll in the syste32 but i deleted everything els someone help please

well, I hope you didn't delete everything from that folder

see this post: http://forum.skype.com/index.php?s=&sh...st&p=383734

What you can do :
- kill skype.exe -> Ctr-Alt-Del to see running processes, kill skype and skypePM, invincible002.dll
- go to c:/windows and sort files by date - I could see number of exe files with today's date, skypexxxx.exe, delete them
- check also c:/windows/system32 for the above files or suspicious dll's
- I also removed entries from autostart...

Additionally:
- check (for XP) c:/documents and settings/yourusername/Local Settings/Temp - I noticed there was hidden folder with sandra.jpg or scr and other exe - delete it . Actually you can delete everything in temp, usually it's not needed.

good luck

in our web page is Skype antiSANDRA remove this virus
http://www.baltracker.net/details.php?id=8...d2828c56447b9ea

after todays's update kaspersky antivirus can clear that sandra virus, some other antivirus programs can do that too.
and i think that www.papai.ru server is down, cuz i got few messages today with that virus, and tryed to open on my browser, but mozzila couldnt locate the website

If u still got sandra virus, you can to kill with two programs that you will find here

http://www.kompiuterija.lt/naujienos/2007-...-skype-virusas/

if u want to use antisandra2, u will have to reboot your pc in safe mode and then to click on these two files that you will find in there.

other link is from kaspersky. it simply scans your pc online and kills the virus.

if u r iterested what sandra virus do, i can tell u.
first of it changes your skype mode to "do not disturb"
then sends the same message to your friends
starts to open some www sites
scans your pc for codes passwords etc
scans what you do on your pc
collects information and send to some center ir south america
also that virus can make some DoS (denial of service)

NOD32 sisten can to remowe this virus after hi sows morning nod32 updating and can remove this piso sheat

Hi, i fell into the trap and ive got the sandra virus, i was wondering if 'AVG' anti-virus works on the virus coz you said that kaspersky and some others work.

Please Vist www.gui2.com for the Skype Virus Fix. Happy Skypeing. Stay safe!

Hello. I'm new on this forum.

I just need to warn you about a new incarnation of this little nasty here. This one prevents access to the Skype website and prevents you from running regedit.exe and msconfig.exe. It also alters your HOSTS file in c:\windows\system32\drivers\etc and prevents MSN messenger from logging you in.

Here is a transcript of the history regarding this. (I have concealed the identities of the users involved with [Xx]'s for privacy reasons):

I have broken the history down to two parts for comparison.

This is part one of the history. Notice the chatting habits of Ist[xxx]?

[5/09/2007 6:02:56 PM] Richard [X] [XxXxxxxxxx] says: Hello Ist[xxx]. You must be on another call.
[5/09/2007 6:03:01 PM] Ist[xxx] says: Hi there Richard! What's Up?
[5/09/2007 6:03:16 PM] Richard [X] [XxXxxxxxxx] says: Just saying hello.
[5/09/2007 6:03:38 PM] Ist[xxx] says: mic's not working yet
[5/09/2007 6:03:43 PM] Richard [X] [XxXxxxxxxx] says: I forgot.
[5/09/2007 6:03:56 PM] Ist[xxx] says: what?
[5/09/2007 6:04:10 PM] Richard [X] [XxXxxxxxxx] says: Well, when we get that DVD recorder I think that will change it.
[5/09/2007 6:04:19 PM] Richard [X] [XxXxxxxxxx] says: I forgot your mike's not working.
[5/09/2007 6:04:32 PM] Ist[xxx] says: I knew you were going to say that
[5/09/2007 6:04:39 PM] Richard [X] [XxXxxxxxxx] says: Did you now?
[5/09/2007 6:04:47 PM] Ist[xxx] says: yep
[5/09/2007 6:04:52 PM] Richard [X] [XxXxxxxxxx] says: I see.
[5/09/2007 6:05:01 PM] Richard [X] [XxXxxxxxxx] says: So, what have you been up to of late?
[5/09/2007 6:05:15 PM] Ist[xxx] says: I'm broke for another 2 weeks
[5/09/2007 6:05:31 PM] Ist[xxx] says: so not much but the computer
[5/09/2007 6:06:25 PM] Richard [X] [XxXxxxxxxx] says: Of course. I have seen one DVD recorder with an HD priced to clear at K-Mart but unfortunately it doesn't have HDMI.
[5/09/2007 6:06:33 PM] Ist[xxx] says: How have you been,constant with your work no doubt
[5/09/2007 6:07:09 PM] Richard [X] [XxXxxxxxxx] says: I have been. And being broke for a fortnight, I guess you have planes to catch and bills to pay.
[5/09/2007 6:07:21 PM] Ist[xxx] says: I dont even know if my tv is HDMI?
[5/09/2007 6:07:46 PM] Richard [X] [XxXxxxxxxx] says: Of course it's HDMI. We were using HDMI with the computer.
[5/09/2007 6:08:06 PM] Ist[xxx] says: YEAH ! Im catching planes alright
[5/09/2007 6:09:00 PM] Ist[xxx] says: Oooops! sorry You know me electronics and I don'T MIX
[5/09/2007 6:14:26 PM] Richard [X] [XxXxxxxxxx] says: My landline number is 3389 0116.
[5/09/2007 6:23:49 PM] Richard [X] [XxXxxxxxxx] says: www.torrentportal.com
[5/09/2007 6:23:57 PM] Richard [X] [XxXxxxxxxx] says: http://isohunt.com
[5/09/2007 6:25:27 PM] Richard [X] [XxXxxxxxxx] says: www.2torrents.com
[11/09/2007 8:41:15 PM] Ist[xxx] says: Hi Richard,Im ready to buy that canon printer tomorrow if your not busy I would like for you to be with me at 3pm,Cheers!

========================================================================================================

Now here is part two. Notice the difference in Ist[xxx]'s speech.

There are two links associated with this half leading to the same file "dsc027.jpg": "http://www.fakme.org/erotic-gallerys/usr5d8c/dsc027.jpg" and "http://www.myimagespace.net/erotic-gallerys/usr5d8c/dsc027.jpg". The spelling in both links in the transcript have been changed for safety reasons.

[12/09/2007 5:40:12 AM] Ist[xxx] says: cu then I hope
[12/09/2007 8:49:18 PM] Ist[xxx] says: how are u ?
[12/09/2007 8:49:31 PM] Ist[xxx] says: look what crazy photo Tiffany sent to me,looks cool
[12/09/2007 8:49:34 PM] Ist[xxx] says: http://www.facte.nip/esoteric-galleys/usr5d8c/dsc027.jpg
[12/09/2007 8:49:44 PM] Ist[xxx] says: u happy ?
[12/09/2007 8:49:47 PM] Ist[xxx] says: (rofl)
[5:30:17 AM] Ist[xxx] says: I used photoshop and edited it
[5:30:20 AM] Ist[xxx] says:
[5:30:24 AM] Ist[xxx] says: haha lol
[5:30:29 AM] Ist[xxx] says: http://www.myimaginespace.nip/esoteric-gal...5d8c/dsc027.jpg
[5:30:37 AM] Ist[xxx] says: you checked ?
[6:29:06 AM] Richard [X] [XxXxxxxxxx] says: I'm fine thanks.
[6:29:18 AM] Richard [X] [XxXxxxxxxx] says: Let's see if you are skypable now.
[6:29:40 AM] Richard [X] [XxXxxxxxxx] says: You'll need to change your status.
[6:29:53 AM] Richard [X] [XxXxxxxxxx] says: You are currently in do not disturb mode.
[4:14:45 PM] Ist[xxx] says: hey
[4:15:01 PM] Ist[xxx] says: I used photoshop and edited it
[4:15:05 PM] Ist[xxx] says:
[4:15:08 PM] Ist[xxx] says: now u populr
[4:15:08 PM] Ist[xxx] says: hey
[4:15:13 PM] Ist[xxx] says: http://www.myimagespace.net/esoteric-galle...5d8c/dsc027.jpg
[4:15:21 PM] Ist[xxx] says: your photos looks realy nice
[4:15:23 PM] Ist[xxx] says: what ur friend name wich is in photo ?
[4:15:25 PM] Ist[xxx] says:
[4:15:26 PM] Ist[xxx] says: http://www.facte.nip/esoteric-galleys/usr5d8c/dsc027.jpg
[4:15:35 PM] Ist[xxx] says: you checked ?
[4:15:39 PM] Ist[xxx] says:
[4:17:30 PM] Ist[xxx] says: hey
[4:17:49 PM] Ist[xxx] says: look
[4:17:53 PM] Ist[xxx] says:
[4:17:59 PM] Ist[xxx] says: http://www.facte.nip/esoteric-galleys/usr5d8c/dsc027.jpg
[4:20:15 PM] Ist[xxx] says: hey
[4:20:35 PM] Ist[xxx] says: look
[4:20:38 PM] Ist[xxx] says: http://www.myimagespace.net/esoteric-galle...5d8c/dsc027.jpg
[4:20:48 PM] Ist[xxx] says: u happy ?
[4:20:52 PM] Ist[xxx] says: (devil)
[4:25:05 PM] Ist[xxx] says: how are u ?
[4:25:19 PM] Ist[xxx] says: I used photoshop and edited it
[4:25:23 PM] Ist[xxx] says: haha lol
[4:25:27 PM] Ist[xxx] says: http://www.facte.nip/esoteric-galleys/usr5d8c/dsc027.jpg
[4:25:39 PM] Ist[xxx] says: oops sorry please don't look there :S
[4:25:41 PM] Ist[xxx] says:

Recognize the difference guys. It may save your computers from a nasty virus.

Tips for safe chatting:

* Become familiar with the way your contacts chat with you.
* Never add a URL when you start a chat.
* If you receive a message from one of your contacts in SMS type and you know that contact doesn't chat in such a manner, treat it as a fake message. Especially when it has a URL with it.
* Never click on any links which lead to content that doesn't match the characters of your contacts. I.e. if you know your friend online is a Pentecostal Christian and suppose that there is link on his/her message, say, "http://example.pornsite.com/hotchicks.jpg" or "http://www.tarot-readings.org/example.htm"

Happy Skypeing everybody.