Re: What is the skq.exe process?? virus ?? hacker??

From: Elvis-artist-of-the-millenium (Elvisartistofthemillenium_at_discussions.microsoft.com)
Date: 01/13/05


Date: Thu, 13 Jan 2005 12:37:04 -0800

And don't forget to disable the SKQ in msconfig

"Elvis-artist-of-the-millenium" wrote:

> I too have had this virus and after many days there are still no fixes.
> Best options are 1, remove Norton Anti Virus
> 2, goto C prompt change directory too windows\system32\skq and delete all
> the files within it the delete the main dir
> 3, change directory again to windows\software kings and queens delete all
> files in here.(you cannot delete the dir folder)
> reboot and reinstall your anti-virus update it. goto microsoft update
> download the anti-spyware 1.0 beta (this will clean your registry files) also
> download the fix KB835732.
> Worked for me
> all the best from a very tired Howard
> "toolman99" wrote:
>
> > Sounds like a reformat and install might be easier- I am almost at the end of
> > my rope- Now my norton willnot run in safemode- Just yesterday norton
> > detected 6 files with the w32.sillyp2p virus and quarinitned them but
> > computer get more finicky every day was fairly stabel after my first cleanup
> > but freezing up alot now Thanks for the info
> >
> > "mark25@hotmail.com" wrote:
> >
> > > I am the one who reported this nasty miscreant to both CA, makers of
> > > E-Trust Anitvirus, and Symantec in mid December. Each has updated
> > > their virus signature files to detect and isolate the executable. This
> > > virus is related to a group of Peer-to-peer viruses commonly referred
> > > to as "W32.SillyP2P" Unfortunately there is no "fix", but I was able
> > > to undo the damage manually. The SQK.SCR changes the file associations
> > > of most executable files to the .txt / Notepad extension, preventing
> > > you from running any executables. In the registry it changes
> > > HK_Local_Machine\SOFTWARE\Classes\ ".com", ".exe", ".scr", and ".pif"
> > > Multi-String values to "txtfile". It creates a sub-directory in the
> > > \windows\system32 directory called SKQ. It also writes hundres of 0
> > > byte hidden folders under the root directory of the C:\ drive. It
> > > deletes many common windows application executables and even the entire
> > > root directory of those applications ie: Outlook Express, WinZip, etc.
> > > If you have a second PC available you can refer to it for the correct
> > > file extensions (Windows Explorer -> Tools -> Folder Options -> File
> > > Types) and missing files. (Assuming the same version of each
> > > application). Once the correct file extensions are re-associated with
> > > thier applications, your icons will return to their previous state.
> > > Search your PC and your registry for "SKQ" and delete any residual
> > > files or entries.
> > >
> > > Best Wishes.
> > >
> > >