Many people are facing a common problem, where Orkut.com, Youtube.com and Firefox are blocked in their systems and they get following error with a scary laugh:
Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!!
So here I’m posting a detailed procedure to solve this problem.
It happens bcoz of “Heap41a / win32.USBworm” which spreads through USB pen drives and removable storage devices. I’ll tell you manual as well as automatic method to remove the virus:
————————-
A. MANUAL METHOD:
Follow these instructions:
1. Open “Task Manager” and goto “Processes” tab.
2. Look for services with name “svchost.exe“. There will be many services with the same name. Most of them will have “SYSTEM“, “LOCAL SERVICE” OR “NETWORK SERVICE” as User Name but you have to look for “svchost.exe” service which has your currently logged in username as User Name.
3. You’ll get approx. 2 services with the name “svchost.exe” which has your Windows username. End Task them by pressing <Delete> key or by selecting them and clicking on “End Process” button. It’ll confirm the action, accept it.
4. Now open “regedit” from RUN and goto following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Policies\Explorer\Run
And look for a key in right-side pane with the name “Winlogon” which will have “heap41a\svchost.exe” in its value field. If you find this key, delete it.
5. Now goto following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\explorer\Advanced\Folder\Hidden\SHOWALL
And in right-side pane, change value of “CheckedValue” to 1
6. Now enable “Show Hidden Files/Folders” option in “Tools -> Folder Options” in My Computer.
7. Right-click on Start button and select “Open“. Now open “Programs” folder, here you’ll see a folder “Startup“. Open it and if you get a hidden file there, delete it. If its not there, then close it.
8. At last open “My Computer” and open C: drive. Disable “Hide Protected System files” option in “Tools -> Folder Options“. You’ll see a folder “heap41a” in C: drive. Delete it.
Thats it. After doing all this, restart your system and you’ll get rid of the virus.
————————-
B. AUTOMATIC METHOD:
Just download following tool and run it:
Download Orkut blocking Worm Removal tool
————————-
Don’t forget to format your pen drive or removable storage media which caused this virus infection coz it would still contain the virus. If you don’t want to format it, then delete following 2 files from pen drive:
microsoftpowerpoint.exe
autorun.inf
If you liked this article, you can share it with others using the following link:
You can also subscribe to our RSS feed to get regular updates:
Subscribe to RSS Feed
Or you can subscribe to our daily newsletter. Do not worry, You will receive only one e-mail per day and you can unsubscribe any time using the "Unsubscribe" link given in the mail:
Subscribe to Newsletter
Manan said:
thanx for putting it up here now i wont have to search everytime a friend calls up
VG said:
^^ My pleasure.
Arnab said:
Hey, one of my frnd had this prob too… But I’s not affected by the worm so I was not able to know about it. Thanx for the tut.
But one question was ur PC too affected by it? unless how u come to know about the soln? 
VG said:
^^ bcoz I have fixed so many systems infected with the same virus.
krishna said:
when we type of youtube web site name
he creat a message youtube IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!!
karthik said:
thanks a lot……….i have the same problem…….. i am doing the the method which u have specified as “manual method” for weeks……thanks for a permanant solution……
VG said:
^^ Welcome.
krishna said:
hello
Pushpakarthi said:
Prasad said:
Hi,
The solution is worked alot
. Long back i’m not able to logon to Youtube & Orkut. 
& 
Now this helped me a lot and now i’m able to logon.
Thanks a lot,
Prasad
Teejay said:
thanks a lot dude…many of ma frnds were facin this prob….great work dude!
VG said:
You all are welcome.
Entermediate said:
hi, Vishal,, tnx for d above info i finally gt rid of d worm but gt anther prob hir..can’t open my drive D: it display ” can’t find script file “D:FS6519.dll.vbs”, how cn i fix it..tnx a lot
VG said:
^^ Enable “Show Hidden files” option and disable “Hide Protected system files” option in “Folder Options” and then look for “Autorun.ini” file in D:\ drive. If you find it, delete it.
Entermediate said:
ravi said:
nice vg…
Aadeesh B said:
Thanks for the new tricks u share with all of us….
A que for u,
)
if orkut is banned by the administrators then, is thr ne way to open the website without ne proxy sites… (coz they r also banned some times !!
i searched for it but cant find nething…
Regards Aadeesh !!
Enjoy !!!
VG said:
^^ Thats other case. Here we are talking about virus attack and in your case it has been banned by the administrator using policies. Only proxy sites can help in this case and if they have banned the proxy sites too, then I think there is no way to open it.
aadeesh said:
Okay . . . thanks for the reply . . . .
Can you please tell me some proxy sites …..
VG said:
These are a few proxy sites:
rohan said:
can u tell what r these proxy sites………………
VG said:
^^ Proxy sites help in opening sites which have been blocked by administrator. Not always but sometimes.
Ashooo said:
That was so relieving… thanks man…100% voted….
VG said:
Welcome.
Chirag Raut said: