Did you get this message while opening Mozilla firefox “Use IE, You Dope. I don’t hate Mozilla but use IE or else….”and closes the browser window. When the user tries to get into Orkut or Youtube again the annoying pop-up splash the message, “Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!! “
While this might seem funny, some of the users who are addicted to Mozilla and Orkut find it really frustrating. Some of them had to format their entire hard-disk while others used Windows XP’s System Restore utility to terminate the virus.Unfortunately, none of the anti virus programmes including Nortan, McAfee and AVG has been able to detect the Virus.
The worm spreads via thumbdrives, data cards and storage discs, using the computer’s Autorun feature.
I was asked by my friend that he is the only user in his computer, his account is having administrative rights, but he is not able to open Orkut, and it says Orkut is banned with a laugh MUHAHAHA!! . Well, a similar message was displayed for YouTube also.
Here is the fix for Orkut, Youtube, Fireox Blocker (Heap41a / win32.USBWorm)
This tool can be used to remove the Blocker worm as well as prevent the Worm further to get infected on the same machine.
1) Download the fix and run on infected machine.
2) It will ask for a re login.
3) After logging again run the fix again. The worm will be removed succesully.
Press CTRL+ALT+DEL and go to the processes tab
Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
Press DEL to kill these files. It will give you a warning, Press Yes
Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
Now open My Computer
In the address bar, type C:heap41a and press enter. It is a hidden folder, and is not visible by default.
Delete all the files here
Now go to Start –> Run and type Regedit
Go to the menu Edit –> Find
Type “heap41a” here and press enter. You will get something like this “[winlogon] C:heap41asvchost.exe C:heap(some number)std.txt”
Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes
Now close the registry editor.
Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive and never doubleclick open a pendrive.
It seems that they have named this malware as w32.USBWorm . Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.