I cannot login to orkut when ever i type ' orkut ' in my browser address bar i will get the message "orkut is banned muhahaha" I tried iexplore,firefox,opera but result is the same. i get the message orkut is banned.
Some miscreants on the web have created this worm, it comes through pen-drives. You may not be able to access Orkut and Youtube as well. What happened to my system? It creates a folder with name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder. The running process that is responsible for this is svchost.exe and it will be spawned under user name. It will make an entry into registry so that it will be started automatically every time the system gets rebooted. Warning: Most of the Anti-virus softwares, even the latest versions do not detect this worm. Just follow the following simple steps and start enjoying your favorite browser.
How to remove this virus:
Step 1: Press CTRL+ALT+DEL (Task Manager Opens up) and go to the processes tabLook for svchost.exe under the image name. There will be many but look for the ones which have your username under the usernamePress DEL to kill these files. It will give you a warning, Press YesRepeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
Step 2: Now open My ComputerIn the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.Delete all the files here
Step 3: Now go to Start -> Run and type RegeditGo to the menu Edit -> FindType "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number) \std.txt"Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes. Now close the registry editor. Now the virus is gone.
Step 4: Over to Pendrive:But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive. That's it folks!
Some miscreants on the web have created this worm, it comes through
ReplyDeletepen-drives. You may not be able to access Orkut and Youtube as well.
What happened to my system?
It creates a folder with name heap41a in C drive that will be
disguised as system folder with hidden attributes enabled and copies
all its contents in that heap41a folder.
The running process that is responsible for this is svchost.exe and it
will be spawned under user name.
It will make an entry into registry so that it will be started
automatically every time the system gets rebooted.
Warning: Most of the Anti-virus softwares, even the latest versions do
not detect this worm. Just follow the following simple steps and start
enjoying your favorite browser.
How to remove this virus:
Step 1: Press CTRL+ALT+DEL (Task Manager Opens up) and go to the
processes tabLook for svchost.exe under the image name. There will be
many but look for the ones which have your username under the
usernamePress DEL to kill these files. It will give you a warning,
Press YesRepeat for more svchost.exe files with your username and
repeat. Do not kill svchost.exe with system, local service or network
service!
Step 2: Now open My ComputerIn the address bar, type C:\heap41a and
press enter. It is a hidden folder, and is not visible by
default.Delete all the files here
Step 3: Now go to Start -> Run and type RegeditGo to the menu Edit ->
FindType "heap41a" here and press enter. You will get something like
this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)
\std.txt"Select that and Press DEL. It will ask "Are you sure you
wanna delete this value", click Yes. Now close the registry editor.
Now the virus is gone.
Step 4: Over to Pendrive:But be sure to delete the autorun.inf file
and any folder whose name ends with .exe in the pen drive. That's it
folks!