Removing Heap41a / win32.USBworm Worm
If your system is affected by this worm then you will get a message when you vist orkut or youtube. This worm is spread through USB flash drives.
When you try orkut the message will be: ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??
And for youtube: youtube IS BANNED,youtube is banned you fool`,The administrators didnt write this program guess who did??
If you use firefox the message will be: USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE
Steps for removing Manually removing Heap41a / win32.USBworm Worm
- Restart the system in safe mode.
- Press CTRL+ALT+DEL and go to the processes tab
- Look for svchost.exe . There will be more than one process with that name. End that process but make sure that the username of that process should be your username.
- End all svchost.exe process with your username.
- Goto your "C:\" drive and delete the folder heap41a. That folder is an hidden folder. So you must enable the option for showing the hidden files( Seletct Tools from the menu bar and select Folder options. Then select view tab. there you can find the option for showing the hidden files).
- Search for entries named "heap41a" in the Registery as follows
- Go to Start --> Run and type Regedit. Press Enter
- Go to the menu Edit --> Find
- Type "heap41a" and press enter.
- Delete all those entires with the name "heap41a". It will be in HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\Explorer\Run
- Restart in normal mode.
11 Comments:
hi arun,
i have tried this , and yes it is really working.
thanks
gaurav rajput
JNU,newdelhi
By Anonymous, At 7/24/2007 10:19:00 AM
Yes,it worked for me too..Thanks..
how my pen drive go it?
By Anonymous, At 7/25/2007 04:17:00 PM
hey arun...thas a good atempt to explain things..but i still have doubts cuz this didnt work on my system...
First of all i have Win2k on C:\, and xpsp2 on D:\.... and i found a shortcut to this heap41a folder and deleted all the files in it....now..how do i remove this folder itself...its hidden and doesnt show up anyhow...no software has been able to help so far..so i guess i have to do it on my own...
ya and also i tried rebooting to win2k but it doesnt show up there too...plus...win2k safe mode is locked out due to this i guess.
the task mngr has svchost.exe but all in system all network service names..not in my name...
registries have been checked....
all i want to do now is to get rid of this C:\heap41a folder
can u help me whti this pls
tahnks al ot
By Vibhor, At 7/27/2007 10:48:00 AM
hi arun
try this:
http://sarathlakshman.info/?p=94
find a fixing tool there.
By Unknown, At 7/29/2007 09:22:00 AM
hi my task manager has been diabled by some you tube virus please let me know the process to end the problem
By Anonymous, At 7/31/2007 04:25:00 PM
read this post for enabling task manager
http://arunmvishnu.blogspot.com/2007/05/enabling-regedit-and-task-manager.html
By Arun Vishnu M V, At 7/31/2007 06:06:00 PM
Download and run this http://arunmvishnuf.googlepages.com/ShowHdnFlsFldrs.reg to view hidden files and folders
By Arun Vishnu M V, At 8/19/2007 02:29:00 AM
hii,my computer is sufrng 4m hipe41a.my task manager has also get locked i think due to this virus.wen i clk ctr+alt+del it shows task manager has been disabled by your administrator. plz help me.i m also not able to run my compu in safe mode.its also due to this hipe41a.plz help me.
By Unknown, At 9/02/2007 02:41:00 AM
Hi Arun, trued to follow the steps provided but am stumped at the 'ending the svchost.exe' portion.
When the tast manager appeared, and I looked at the Processes tab, I found 3 svchost.exe files, but the username portion is blank, leaving me no clue which is under my user name.
So I decided to try my luck and end all 3. The 1st one ended o.k, but when I tried ending the 2nd one, the computer prompt that some processes has been stopped and forced me to wait for the automated shut down it initiated.
I dare not try it again as I fear I might harm my laptop. Do u have an alternative or solution to my problem?? Thanks very much!!
By Anonymous, At 10/05/2007 02:00:00 PM
very nice i wasd fed up with this so called orkut is banned
By Anonymous, At 1/07/2008 01:25:00 PM
This comment has been removed by a blog administrator.
By Anonymous, At 1/20/2008 12:34:00 PM
Post a Comment
Subscribe to Post Comments [Atom]
<< Home