Many people are facing a common problem, where Orkut.com, Youtube.com and Firefox are blocked in their systems and they get following error with a scary laugh:
Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!!
So here I'm posting a detailed procedure to solve this problem.
It happens bcoz of "Heap41a / win32.USBworm" which spreads through USB pen drives and removable storage devices. I'll tell you manual as well as automatic method to remove the virus:
-------------------------
A. MANUAL METHOD:
Follow these instructions:
1. Open "Task Manager" and goto "Processes" tab.
2. Look for services with name "svchost.exe". There will be many services with the same name. Most of them will have "SYSTEM", "LOCAL SERVICE" OR "NETWORK SERVICE" as User Name but you have to look for "svchost.exe" service which has your currently logged in username as User Name.
3. You'll get approx. 2 services with the name "svchost.exe" which has your Windows username. End Task them by pressing <Delete> key or by selecting them and clicking on "End Process" button. It'll confirm the action, accept it.
4. Now open "regedit" from RUN and goto following keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Policies\Explorer\Run
And look for a key in right-side pane with the name "Winlogon" which will have "heap41a\svchost.exe" in its value field. If you find this key, delete it.
5. Now goto following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\explorer\Advanced\Folder\Hidden\SHOWALL
And in right-side pane, change value of "CheckedValue" to 1
6. Now enable "Show Hidden Files/Folders" option in "Tools -> Folder Options" in My Computer.
7. Right-click on Start button and select "Open". Now open "Programs" folder, here you'll see a folder "Startup". Open it and if you get a hidden file there, delete it. If its not there, then close it.
8. At last open "My Computer" and open C: drive. Disable "Hide Protected System files" option in "Tools -> Folder Options". You'll see a folder "heap41a" in C: drive. Delete it.
Thats it. After doing all this, restart your system and you'll get rid of the virus.
-------------------------
B. AUTOMATIC METHOD:
Just download following tool and run it:
Download Orkut blocking Worm Removal tool
-------------------------
Don't forget to format your pen drive or removable storage media which caused this virus infection coz it would still contain the virus. If you don't want to format it, then delete following 2 files from pen drive:
microsoftpowerpoint.exe
autorun.inf
This article was posted in Mozilla Firefox, Others, Troubleshooting.
Related Articles
Popular Articles
- Frequently Asked Problems with Solutions
- Is Your System Infected with a Virus / Spyware / Adware / Trojan?
- Transform Windows Vista into 7 without using Customization pack
- Transform Windows XP into 7 without using Customization pack
- Transform Windows XP into Vista without using Customization pack
- All About Resource Hacker in a brief Tutorial
- Master Tutorial to Make Your Windows 7 Super Fast
- Master Tutorial to Make Your Windows Vista Super Fast
- Master Tutorial to Make Your Windows XP Super Fast
- All Kinds of Restrictions for Windows XP, Vista and 7
Suma
Thanx
goldi
Hey vishal i have trick of how to remove pen drive virusu. When u connect pen drive to pc if it shows any program as autorun then open my computer & tyen following command in address bar ur pendrive address followed by autorun.inf means x:\autorun.inf where x is ur pendrive name. now it open autorun.inf file read the name of program which is said as autorun for example dungi.exe . Then go to windows folder copy explorer.exe to desktop. then rename it as dungi.exe & paste in pen drive. Now remove pen drive & again connect it then after opening it just delete dungi.exe & autorun.inf files . Now ur pendrive virus is removed & no need of formet to it. I also have a program named USB VIRUS SCAN. it is also good. goldi7515@rediffmail.com
Rohit
hello vishal i have a very serious problem...............................whenever i use to login to my orkut account then a conformation message popsup..............n i use to click continue using the service..........................but now when i am trying to log in to my account then mesage is coming that unwanted issues causing problem................n they r writing that you have been suspended from orkut....................please help my all the scraps are deleted n all frnds also..........plz help.................
VG
^^ Seems someone hacked your account. Are you able to log into your e-mail account which you use for log into orkut?
Rohit
yes i am able to log in to that account.......................but google service providers are saying that u are suspended from orkut ...................because u have not verifed your account.................................plz help bro.????????????????????
Rohit
helo sir plz help..................
Rohit
VG
Then check your Inbox and look for a mail from Orkut to verify your account. It might be in Spam box.
Rohit
its not helpful yaar i did all those things..................i thought u might help me but u also........ok thats fine......................
Ankur Agarwal
good dear u r superv bose ,.,.,.,.,.,.,.,
& always give new & different ideas that make me smart