Answered by:
SKYPE Dubious Background Process

Question
-
Hello,
First of all I want to mention that I don't use Skype.
So here's the event that I'm seeking some help on.
On 11/21/2020, using my laptop, I encountered a very strange event. The only application I had manually open was my Firefox browser and I left my laptop idle. After idling for about 10 minutes, I began to hear a person talking in Spanish or Portuguese as if I was hearing another phone call conversation. At first I thought Firefox homepage was playing a video, so I scrolled up and down the homepage without finding any sort of video playing. I closed the Firefox browser and I could still hear the man speaking in Spanish/Portuguese. Once I had closed the browser, I saw multiple windows opened to my local 'DOWNLOAD' folder with multiple gibberish alphanumeric '.TMP' files and they're all time stamped within the same time I began to encounter the mysterious issue. My hunch was that I was hacked and that someone had breached my laptop.
I pulled up my task manager and notice that 'SKYPE' was running in the background and extremely utilizing my PC's CPU and Disk I/O. Once I stopped the Skype process, the erroneous phone call I was hearing stopped. That brings me to question if SKYPE was compromised? So quickly disconnected my laptop WIFI from the network.
I have zipped up the unknown .tmp files that were created and deleted the original .tmp files.
So this morning, Nov 22, 2020, I started up my laptop and I saw one dubious .tmp file create into my 'DOWNLOAD' folder around the same time I had logged onto my PC. I open up Windows Task Manager and I could see that SKYPE was on the top of the list for utilizing CPU and Memory usage. In Task Manager, I clicked on the drop down for the running SKYPE process and notice one process that seem out of place. This one SKYPE process had the following URL --- https://www.jabajo.pw/get/files?com: & the path properties for this strange SKYPE process is
C:\Users\Chiefs Bulls Family\AppData\Local\Packages\Microsoft.Windows.Skype_cw5n1h2txyewy
Hope this makes some sense.
Like I mention before, I don't use Skype and I'm worried that Skype has a backdoor that has allowed someone access to my laptop or that SKYPE is actively eavesdropping even though I never use SKYPE nor even logged into it.
Sunday, November 22, 2020 4:43 PM
Answers
-
I'd try asking for help over here.
https://answers.microsoft.com/en-us/protect/forum
https://answers.microsoft.com/en-us/skype/forum
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Monday, November 23, 2020 7:07 AM
- Marked as answer by Guido Franzke Friday, November 27, 2020 7:04 AM
Sunday, November 22, 2020 5:03 PM
All replies
-
I'd try asking for help over here.
https://answers.microsoft.com/en-us/protect/forum
https://answers.microsoft.com/en-us/skype/forum
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.- Proposed as answer by Guido Franzke Monday, November 23, 2020 7:07 AM
- Marked as answer by Guido Franzke Friday, November 27, 2020 7:04 AM
Sunday, November 22, 2020 5:03 PM -
Thank you for the provided links to the correct forum.
- Proposed as answer by KHURRAM RAHIM Thursday, December 3, 2020 7:28 AM
Thursday, December 3, 2020 3:58 AM -
You're welcome.
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows Server] Datacenter Management
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.Thursday, December 3, 2020 4:03 AM