bUgS oF a DEeBugGEr

Wednesday, July 18, 2007

Removing Heap41a / win32.USBworm Worm

If your system is affected by this worm then you will get a message when you vist orkut or youtube. This worm is spread through USB flash drives.

When you try orkut the message will be: ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??

And for youtube: youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??

If you use firefox the message will be: USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE

Steps for removing Manually removing Heap41a / win32.USBworm Worm

  1. Restart the system in safe mode.
  2. Press CTRL+ALT+DEL and go to the processes tab
  3. Look for svchost.exe . There will be more than one process with that name. End that process but make sure that the username of that process should be your username.
  4. End all svchost.exe process with your username.
  5. Goto your "C:\" drive and delete the folder heap41a. That folder is an hidden folder. So you must enable the option for showing the hidden files( Seletct Tools from the menu bar and select Folder options. Then select view tab. there you can find the option for showing the hidden files).
  6. Search for entries named "heap41a" in the Registery as follows
  7. Go to Start --> Run and type Regedit. Press Enter
  8. Go to the menu Edit --> Find
  9. Type "heap41a" and press enter.
  10. Delete all those entires with the name "heap41a". It will be in HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer\Run
  11. Restart in normal mode.

Labels: , ,

11 Comments:

  • hi arun,
    i have tried this , and yes it is really working.
    thanks
    gaurav rajput
    JNU,newdelhi

    By Anonymous Anonymous, At 7/24/2007 10:19:00 AM  

  • Yes,it worked for me too..Thanks..
    how my pen drive go it?

    By Anonymous Anonymous, At 7/25/2007 04:17:00 PM  

  • hey arun...thas a good atempt to explain things..but i still have doubts cuz this didnt work on my system...

    First of all i have Win2k on C:\, and xpsp2 on D:\.... and i found a shortcut to this heap41a folder and deleted all the files in it....now..how do i remove this folder itself...its hidden and doesnt show up anyhow...no software has been able to help so far..so i guess i have to do it on my own...

    ya and also i tried rebooting to win2k but it doesnt show up there too...plus...win2k safe mode is locked out due to this i guess.

    the task mngr has svchost.exe but all in system all network service names..not in my name...

    registries have been checked....

    all i want to do now is to get rid of this C:\heap41a folder

    can u help me whti this pls

    tahnks al ot

    By Blogger Vibhor, At 7/27/2007 10:48:00 AM  

  • hi arun

    try this:
    http://sarathlakshman.info/?p=94
    find a fixing tool there.

    By Blogger Unknown, At 7/29/2007 09:22:00 AM  

  • hi my task manager has been diabled by some you tube virus please let me know the process to end the problem

    By Anonymous Anonymous, At 7/31/2007 04:25:00 PM  

  • read this post for enabling task manager
    http://arunmvishnu.blogspot.com/2007/05/enabling-regedit-and-task-manager.html

    By Blogger Arun Vishnu M V, At 7/31/2007 06:06:00 PM  

  • Download and run this http://arunmvishnuf.googlepages.com/ShowHdnFlsFldrs.reg to view hidden files and folders

    By Blogger Arun Vishnu M V, At 8/19/2007 02:29:00 AM  

  • hii,my computer is sufrng 4m hipe41a.my task manager has also get locked i think due to this virus.wen i clk ctr+alt+del it shows task manager has been disabled by your administrator. plz help me.i m also not able to run my compu in safe mode.its also due to this hipe41a.plz help me.

    By Blogger Unknown, At 9/02/2007 02:41:00 AM  

  • Hi Arun, trued to follow the steps provided but am stumped at the 'ending the svchost.exe' portion.

    When the tast manager appeared, and I looked at the Processes tab, I found 3 svchost.exe files, but the username portion is blank, leaving me no clue which is under my user name.

    So I decided to try my luck and end all 3. The 1st one ended o.k, but when I tried ending the 2nd one, the computer prompt that some processes has been stopped and forced me to wait for the automated shut down it initiated.

    I dare not try it again as I fear I might harm my laptop. Do u have an alternative or solution to my problem?? Thanks very much!!

    By Anonymous Anonymous, At 10/05/2007 02:00:00 PM  

  • very nice i wasd fed up with this so called orkut is banned

    By Anonymous Anonymous, At 1/07/2008 01:25:00 PM  

  • This comment has been removed by a blog administrator.

    By Anonymous Anonymous, At 1/20/2008 12:34:00 PM  

Post a Comment

Subscribe to Post Comments [Atom]



<< Home