Jump to content

JS/Retefe.T trojan from SkypeBrowserHost.exe

Recommended Posts


today I have gotten a notification that a threat was removed from my computer. I am very responsible and careful, so this was a first time in years something like this has happened, and has me worried. It was a .js file with some long, hash-like string that was stored in %username%\AppData\Local\Microsoft\Windows\INetCache\IE\FREZXU48\ folder:


Now, apparently this file was created and accessed by SkypeBrowserHost.exe, which is a component of Skype, that seems to share browser cache with Internet Explorer. The file is in a legit folder and it itself results in negative when tested by ESET Internet Security. I believe that SkypeBrowserHost.exe is specifically used to display ads in Skype using the IE framework.

I did not do anything questionable from security standpoint in recent days, or even months. I do not use, and have never used Internet Explorer in recent years. I don't think I've launched it once since last clean Windows install.

The way I see it there are two possibilities:

1, This is a false positive.

2, The advertising platform Skype uses to display ads has been compromised and SkypeBrowserHost.exe is being taken advantage of to deploy malicious software.

The latter option concerns me a bit. If that could be the case, shouldn't this be something that should be reported to Microsoft?


I am getting this removed threat warning now every single time I launch Skype (Classic version for Windows desktop).

Edited by rawalanche
Link to comment
Share on other sites

Having the same exact problem starting today - yesterday I had no problem when starting Skype. The file flagged was JS file, located in the same folder as OP stated.

Edited by Enriqo
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...