Computer Security & Viruses/trojan.mailskinner

Advertisement

Expert: Sean Oriyano - 9/27/2007


Question
Hi,

So apparently my Spyware Doctor detected a trojan.mailskinner, but is unable to get rid of it. Kaspersky doesn't detect anything though and I'm wondering why. These are the scan results from Spyware doctor:

Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin
Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin##
Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin##FriendlyName
Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin##Description
Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin##LoadBehavior
Trojan.Mailskinner HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\OutlookAddin.Addin##CommandLineSafe

What exactly is this and how do I get rid of it?

Thank you for your time.

Answer
Hi Christine,

I found an answer to this question that my colleague Christine provided previously for someone else so I'll just send that along.

Check out the following for information:

http://www.liutilities.com/products/wintaskspro/processlibrary/mailskinner/

Go to:

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Click the GO button, then under Virus Detection, click Start. You might be told that you need to download and install ActiveX Controls for the scan to work, answer Yes.

Write down exactly anything it finds, then go to: http://www.symantec.com/search/  and do a search for what was found. Symantec usually has a removal tool and/or directions for removing manually. Make sure that you follow the instructions for removal, step by step, especially the part regarding disabling System Restore.

I would suggest downloading Spybot - Search & Destroy 1.4, a program that removes spyware, available from:

http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

Once installed, enable Tea Timer. Open the Spybot Search & Destroy, click  the "+" sign next to Tools on the left side of the screen, click System Startup, then on the right side of the page check HK_CU Run Spybot Tea Timer.

The Resident TeaTimer is a new tool of Spybot-S&D which perpetually monitors the processes called/initiated. It immediately detects known malicious processes wanting to start and terminates them giving you some options, how to deal with this process in the future.

Check for updates before running. If you have trouble getting the updates, near the top of the Update Window, click the little arrow next See-Cure  #1(Europe), highlight the next one on the list, See-Cure #2 and try to download the updates. If that doesn't work, try the next one the list. until you get one you can download from. Being a free program, if too many people are using the same site to download the updates, some people will not get them.

Computer Security & Viruses

All Answers

Answers by Expert:

Ask Experts

Volunteer

Sean Oriyano

Expertise

I can answer questions relating to viruses, worms, trojans, logic bombs and other types of malicious code. I can answer your questions relating to how such code spreads, how they work and how to prevent and remove such.

Experience

I am a security specialist who instructs for the US Military and Federal Government as well as private organizations. I also consult and lecture frequently on the topic of Information Security.

Organizations
BECCA, ISSA, Infraguard, EC Council

Education/Credentials
CISSP (Certified Information Systems Security Professional), CEH (Certified Ethical Hacker), CHFI (Computer Hacking Forensic Investigator), SCNP/SCNS (Security Certified Network Professional/Specialist), Security , CEI (Certified EC Council Instructor).

©2012 About.com, a part of The New York Times Company. All rights reserved.