One of the computers in my house was just infected by a virus that is spreading through Skype. Since I wasn’t the one using the computer at that time, I do not know exactly what or how it happened. All I know is that there was a message received by one of the people in the contact list with some message and a file. My guess is that the file name should be dsc027.scr (I could be wrong). The computer is infected once the file is opened.
Some of the symptoms that I experienced include:
- Unable to open skype even though the program is already running
- Internet browser closes automatically when entering certain websites (especially skype forums)
After checking the list of processes running from the task manager, I managed to identify an alien process — wndrivsd32.exe. Sure enough, that was the culprit. Below are the steps I took to remove the virus.
- Open up task manager (right click on the taskbar and select “Task Manager”)
- Select the “Processes” tab
- Click on the process name called “wndrivsd32.exe” and click on the “End Process” button
- Quickly run the regedit program (Start menu .. Run .. type “regedit” and click the OK button)
- If the Registry Editor closes automatically, you need to repeat step 3 again. Do it quicker this time.
- Go through the folders HKEY_LOCAL_MACHINE->Software->Microsoft->Windows->Current Version->RunOnce
- Delete the key that holds the value C:\Windows\System32\mshtmlsh32.exe
- Open up this file C:\Window\System32\Drivers\etc\hosts with a word editor like notepad. It will be filled with “garbage” inside. Just empty the whole file (delete everything in the file) and save it.
- Delete this file (if it exist) C:\Windows\System32\wndrivsd32.exe.
- Restart the computer and run Skype again. Play around with your computer. If everything is normal (including Skype), the virus is gone.
I found two other sources that helped me removed the virus that has slightly different steps. Some of the files they instructed to remove don’t exist in my computer. If they exist in yours, remove them as well. Check them out.