≡ Menu

Orkut banned by a virus!! (Removal included)


Did you get  this message while opening Mozilla firefox  “Use IE, You Dope. I don’t hate Mozilla but use IE or else….”and closes the browser window. When the user tries to get into Orkut or Youtube again the annoying pop-up splash the message, “Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!! “

While this might seem funny, some of the users who are addicted to Mozilla and Orkut find it really frustrating. Some of them had to format their entire hard-disk while others used Windows XP’s System Restore utility to terminate the virus.Unfortunately, none of the anti virus programmes including Nortan, McAfee and AVG has been able to detect the Virus.

The worm spreads via thumbdrives, data cards and storage discs, using the computer’s Autorun feature.

I was asked by my friend that he is the only user in his computer, his account is having administrative rights, but he is not able to open Orkut, and it says Orkut is banned with a laugh MUHAHAHA!! . Well, a similar message was displayed for YouTube also.

Here is the fix for Orkut, Youtube, Fireox Blocker (Heap41a / win32.USBWorm)

This tool can be used to remove the Blocker worm as well as prevent the Worm further to get infected on the same machine.

Click here to download.

Usage Instructions:

1) Download the fix and run on infected machine.
2) It will ask for a re login.
3) After logging again run the fix again. The worm will be removed succesully.

Manual Removal

Press CTRL+ALT+DEL and go to the processes tab

Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username

Press DEL to kill these files. It will give you a warning, Press Yes

Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!

Now open My Computer

In the address bar, type C:heap41a and press enter. It is a hidden folder, and is not visible by default.

Delete all the files here

Now go to Start –> Run and type Regedit

Go to the menu Edit –> Find

Type “heap41a” here and press enter. You will get something like this “[winlogon] C:heap41asvchost.exe C:heap(some number)std.txt”

Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes

Now close the registry editor.

Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive and never doubleclick open a pendrive.
It seems that they have named this malware as w32.USBWorm . Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.

Related articles:Orkut Accounts being Hacked :A Reality,Orkut Server Errors and Vulnerabilities

Comments on this entry are closed.

  • dhh July 21, 2007, 7:18 am

    Thx for giving the possible solution to fix up the bug. It was a pain in neck while operating Mozilla……….

  • Mayank Jain January 17, 2009, 9:15 am

    For manual solutions to the virus and trojan problems visit at http://virusexperts.blogspot.com