Skype Goo.gl Virus

Have you encountered the Goo.gl virus in Skype or Facebook? This article aims to help you understand the nature of this virus as well as show you how to remove it from your device completely.


Goo.gl virus is the name used by users to label the malicious application spreading malware infection through Skype, Facebook and other social networks. The Goo.gl virus is in fact a Trojan horse in disguise but we will get to that in a brief moment. Before that though, let’s clear something up.

What is Goo.gl?

Goo.gl is a legitimate service provided by Google for shortening of URLs. What is essentially does is take long URL addresses and crunch them inside far fewer characters. In this way a link gets easier to share, email, retweet, whatever social network interaction you can think of would benefit from a shorter web link. And while the EULA for this service states that “short URLs do not publicly reveal the identity of the user who created that URL mapping” and “short URL history for a user is accessible only when signed in using that Google Account” this is a preferred method for malware spreading. Why? You can’t see the full link before opening it, thus it is much easier to trick the victim into clicking on the link.

Skype Goo.gl Virus

Goo.gl Virus in Skype

Skype Goo.gl Virus – What is it?

If you are interested in this article it is most likely that you have received a skype message from one or more of your Skype friends with a somewhat strange message contained inside as well as a goo.gl link. Unfortunately the user that has sent you the message is infected with the Skype Goo.gl virus and if you clicked and followed the link inside the message you are probably infected as well. You probably have a type of malware known as a Trojan horse and very soon if not already you will find out that you have started sending similar skype messages to people in your contact list as well. Regrettably this might not be the worst of it.

If you indeed have a Trojan in your system you might be in a big trouble. Trojan horses have seen regular use as backdoors for far more dangerous malware known as Ransomware. This type of software encrypts your files making them completely inaccessible and a Ransom payment is demanded to get a decryption key. Even if you don’t get a Ransomware, which we sincerely hope you won’t, there are other way for which the Trojan horse might make your life miserable:

  • The use of your computer as a malware spreading or spamming machine (we already established that).
  • Your device might be used for Bitcoin mining, greatly shortening the life-span of your hardware and significantly increasing your electricity bill.
  • Your PC might be used as a “proxy of sorts” to launch cyber attacks and other cyber criminal activities, much like the Skype messages sent to your friends without your knowledge or participation.
  • Your personal information might be in immediate danger. Including user names and passwords. If you are using any type of online payments methods you should be extremely alarmed and change your passwords immediately after you remove the Goo.gl virus.
  • If you notice that some of your files are corrupted or missing that might be a direct effect of the presence of a Trojan horse virus in your system.

In additional to our removal instructions, please do not forget to change your Skype and/or Facebook password, depending on how far this infection has spread. This is a problem that should not be taken lightly. You should also consider contacting your friends and warning them not to open the malicious goo.gl links. If they have already done so send them a link to this article, we are trying to help as many of the affected users as possible.


Name Skype Goo.gl Virus
Type Trojan Horse Malware
Danger Level High (relatively).
Symptoms Strange messages sent to your Skype/Facebook contacts without your knowledge.
Distribution Method Clicking on infected links, downloaded executable files from unsafe locations.
Detection Tool


If the removal guide helps you, remember: a thank you in the comments goes a long way to warm our hearts!
1: Enter Safe Mode.
2: Uninstall the virus from your Add/Remove Programs.
3: Permanently delete Goo.gl virus from Task Manager’s processes.
4: Uninstall the virus from Regedit and Msconfig.

Skype Goo.gl Virus Removal

Readers are interested in:

Skype Goo.gl Virus

Reboot in Safe Mode (use this guide if you don’t know how to do it).

This is the first preparation.

Skype Goo.gl Virus

The first thing you absolutely must do is Reveal All Hidden Files and Folders.

  • Do not skip this. Goo.gl virus may have hidden some of its files and you need to see them.

Hold together the Start Key and R. Type appwiz.cpl –> OK.

Skype Goo.gl Virus

You are now in the Control Panel. Look for suspicious entries. Uninstall it/them. If you see a screen like this when you click Uninstall, choose NO:

Skype Goo.gl Virus

Type msconfig in the search field and hit enter. A window will pop-up:

Skype Goo.gl Virus

Go in Startup —> Uncheck entries that have “Unknown” as Manufacturer.

Skype Goo.gl Virus

Hold the Start Key and R copy + paste the following and click OK:

notepad %windir%/system32/Drivers/etc/hosts

A new file will open. If you are hacked, there will be a bunch of other IPs connected to you at the bottom. Look at the image below:

Skype Goo.gl Virus

If there are suspicious IPs below “Localhost” – write to us in the comments.

Open the Start Menu, type “Control Panel” in the search box —> Enter. Network and Internet —> Network and Sharing Center —> Change Adapter Settings. Right-click your Internet connection —> Properties.

In Networking, left click Internet Protocol Version 4 —> Properties. If everything is normal, your window will look like the picture below. If it doesn’t, click on the two “automatic” choices. NOTE: If you are in a domain network (check here if you don’t know what that is), contact your Domain Administrator so he can make these settings, or this may break your Internet Connection.

Skype Goo.gl Virus

Skype Goo.gl Virus

Press CTRL + SHIFT + ESC simultaneously. Go to the Processes Tab. Try to determine which ones are a virus. Google them or ask us in the comments.


It is very important to stop for a moment here and take the time to reflect on what would come next. The last part of our removal guide should be considered more complex and dangerous than anything you were instructed to do up until this point. It is preferable only users with previous manual malware removal experience continue. Since you will be dealing with important system processes any mistake might turn out to be extremely damaging to your device. For the less experienced users and for those who do not wish to take any chances we recommend an alternative solution – download and install a professional program to help you deal with the Goo.gl Virus and any other malware threats.

Skype Goo.gl Virus

Right click on each of the virus processes and select Open File Location, then End the process. Copy the folders somewhere (as a backup if you make a mistake) and delete the directories you were sent to.

Type Regedit in the windows search field and press Enter.

Once inside, press CTRL and F together and type the virus’s Name. Right click and delete any entries you find with a similar name. If they don’t show this way, go manually to these directories and delete/uninstall them:

  • HKEY_CURRENT_USER—-Software—–Random Directory. It could be any one of them – ask us if you can’t discern which ones are malicious.
    HKEY_CURRENT_USER—-Software—Microsoft—-Windows—CurrentVersion—Run– Random
    HKEY_CURRENT_USER—-Software—Microsoft—Internet Explorer—-Main—- Random

Skype Goo.gl Virus

If these things fail to help you find Goo.gl virus you need to resort to a professional scanner – obviously this is a malware that was created to steal your credentials and credit cards – meaning the people who created it spent a lot of resources to make it as dangerous as possible.

Remember to leave us a comment if you run into any trouble!


About the author


Bert L. Jackson

Bert L. Jackson has more then 13 years in the Cyber Security Industry consulting and collaborating. Distinguished for an entrepreneurial mindset, creative problem solving, cross-functional teams and a bottom-line orientation.


    • We cannot say for sure but if you aren’t experiencing any issues then it should probably be fine.

  • I opened a goo .gl skype link which led me to a “Earn a lot of money in a short time without doing much” website, which I instantly closed, but I got curious so I found this website… I followed step 1 and 2 and found a suspicious programm and unistalled it (it was a long number, but sadly I didn’t look at the date when it was installed), but I didn’t find anything in step 3 and 4… I downloaded and ran SpyHunter afterwards as well as Kaspersky and and didn’t find anything besides a few spyware cookies and a search bar thing (where marketing stuff gets manipulated), so nothing about the goo. gl virus or any other harmul malware. Am I safe now?

    • If nothing got detected and there are no issues with your PC, then your PC should be okay. If any issue arises, you can always come back here and we will try to help you.

  • Hi,
    I seem to have been infected by this virus (goo. gl) as my Skype friends received messages that I had not sent. I downloaded Combo Cleaner and run the virus scan. It found three infected files, two named as Flashplayer and one paintbrush. I cleared them obviously but I did not find anything else (more suspicious). Am I safe now?

    • We advise you to complete the steps from our removal guide. We cannot tell you for sure if you currently have no unwanted data on your PC. If there are no visible issues, it’s probably fine but you are still advised to follow the steps from the guide on this page.

  • Hey,
    On the Registry Editor, in the Software folder there are 2 folders that are really big lines of letters / numbers, like one of those redeemable codes or something. They have files in them that say under Type REG_SZ or REG_DWORD. Since I have no idea what these are and can’t search for then on the internet, figured I asked. The rest of the steps here didn’t reveal anything in my computer, yet I was clearly sending messages through skype. I don’t know what else I can do.

    • Can you send us a screenshot of the Registry entries that you noticed, this could help us determine if they need to be deleted (you can also copy their names and send them to us like that, this could work as well). Also, you can try re-installing Skype.

  • Hi guys,
    I received a friend request on Skype with the “goo .gl” icon/link. I confirmed the request, didn’t click on the link itself, though. To be sure, I went through your steps of virus removal, made it up to step 3 and everything looks good. I guess, I should be safe, am I right?
    Thanx for your help.

    • Hello there, you shouldn’t accept random friend requests if you do not know the other person. Still, it’s good you haven’t clicked on anything and that you have followed the steps – there should be no problem with your PC. Anyway, we advise you to remove your new “friend” from your contacts list for added safety if you don’t actually know them.

      • Hi, actually, I knew the person, that’s why I confirmed the request. Anyway, I already removed him from my friends list. Thanx for your reply!

  • Hi,
    earlier today my account send out goo .gl links to everybody in my skype list and i have followed every step and yet didnt find anything. malwarebytes also didnt find anything. i’m wondering if my pc or my skype account has been compromised but since i cant find any evidence that theres anything on my computer i have to assume its my skype account that has been hacked. i just wanted to ask you guys if theres a chance that my pc has a virus despite me not finding anything and if you may have heard of cases where this spam attack was found in connection with account hacks rather than viruses.

    • We cannot tell you for sure that there’s nothing on your PC so you got to stay watchful at least for the next couple of days/weeks. If it’s your Skype that’s been hacked, then we advise you to change its password and re-log. Have you recently downloaded or clicked on anything shady from the Internet?

  • I received a skype message from a known federal informant. That alone had my very cautious. the link sent was https:/ /goo .g l/KuKoXo#migjkukyqac ovag& 62032 Can anyone confirm if this is the virus/malware that is being talked about here?

    • It is definitely a scam and you are not advise to open it. Never click on links from such shady messages that get send to your e-mail, Skype or to any other messaging platform that you may use unless you are sure that the messages isn’t a scam.

Leave a Comment