Friday, November 16, 2007

Tutorial : To Remove Orkut Virus

Many users are facing a common problem, where Orkut.com, Youtube.com and Firefox are blocked in their systems and they get following error with a scary laugh:

Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!!

It happens because of "Heap41a / win32.USBworm" which spreads through USB pen drives and removable storage devices. There is a manual as well as an automatic method to remove the virus:

A. MANUAL METHOD:

Follow these instructions:

1. Open "Task Manager" and goto "Processes" tab.

2. Look for services with name "svchost.exe". There will be many services with the same name. Most of them will have "SYSTEM", "LOCAL SERVICE" OR "NETWORK SERVICE" as User Name but you have to look for "svchost.exe" service which has your currently logged in username as User Name.

3. You'll get approx. 2 services with the name "svchost.exe" which has your Windows username. End Task them by pressing key or by selecting them and clicking on "End Process" button. It'll confirm the action, accept it.

4. Now open "regedit" from RUN and goto following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
\Explorer\Run



And look for a key in right-side pane with the name "Winlogon" which will have "heap41a\svchost.exe" in its value field. If you find this key, delete it.

5. Now goto following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer
\Advanced\Folder\Hidden\SHOWALL


And in right-side pane, change value of "CheckedValue" to 1

6. Now enable "Show Hidden Files/Folders" option in "Tools -> Folder Options" in My Computer.

7. Right-click on Start button and select "Open". Now open "Programs" folder, here you'll see a folder "Startup". Open it and if you get a hidden file there, delete it. If its not there, then close it.

8. At last open "My Computer" and open C: drive. Disable "Hide Protected System files" option in "Tools -> Folder Options". You'll see a folder "heap41a" in C: drive. Delete it.

Thats it. After doing all this, restart your system and you'll get rid of the virus.

B. AUTOMATIC METHOD:

Just download following tool and run it:


Download Orkut blocking Worm Removal tool

Don't forget to format your pen drive or removable storage media which caused this virus infection because it would still contain the virus. If you don't want to format it, then delete following 2 files from pen drive:

microsoftpowerpoint.exe
autorun.inf

Original Source


I thank the original Author for writing such a nice tutorial.


Digg Technorati del.icio.us Stumbleupon Reddit Blinklist Furl Spurl Yahoo Simpy

2 comments:

Pavan Kumar AR said...

This comment has been removed because it linked to malicious content. Learn more.

Anonymous said...

Rid of those pesky bugs you pick when surfing the net.
One of the first things that I learned when I got my new computer was that if you own a PC then you better have a good antispyware scanner to help get rid of those pesky bugs you pick when surfing the net. Otherwise, your computer won’t keep running like new for very long. It will begin to slow down and eventually get so sluggish you won’t even be able to use it. I tried a variety of different scans before I ran across Search-and-destroy Antispyware at http://www.Search-and-destroy.com. So far I have been very happy with the antispyware solution from Search-and-destroy and very glad that I gave it a try.

Related Posts :