I was unable to figure this out because i was using AVG anti virus and updating it daily , nor i had clicked any suspected link..........this was not the only problem it also restricting me to open orkut and was showing "Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!" now this was pissing me off.
Till now i never bothered abt the problem faced by my friends but now i was the victim.Now how to get rid of this virus. I pressed ctrl+alt+del but didn't find any thing suspicious there. I tried to google this problem but it also didn't worked as it was not even allowing to search "orkut".
One Ramban(ultimate) solution was "FORMAT" but this is not what intelligent do. Luckily i was having one more Operating System installed . I rebooted my pc and then googled out this text gone through various post and discovered the worm named as w32.USBWorm. The worm spreads via usb , thumbdrives, data cards and storage discs, using the computer’s Autorun feature.
Let us see what this worm does
It runs a exe file which is name MicrosoftPowerpoint.exe which is located in the USB disk. The autorun.inf runs this file when double clicked. Once this program is run you are infected. It hides all your hidden folders, runs the process in the memory, makes the worm to start with windows and pops those annoying messages. This worm doesn’t destroy any system files. It just infects other USB drives and spreads to new hosts.
here i got my answer ...... yesterday i had copied a ppt from my college and plugged my USB at home . when i double clicked to open it nothing happened it was strange but i continued by right clicking and exploring it and copied the data. This was the way the virus got activated in my computer.
How to remove this worm
- Press CTRL+ALT+DEL and go to the processes tab
- Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
- Press DEL to kill these files. It will give you a warning, Press Yes
- Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
- Now open My Computer
- In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
- Delete all the files here
- Now go to Start --> Run and type Regedit
- Go to the menu Edit --> Find
- Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
- Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes
- Now close the registry editor.
The expert mode
Now to rectify this go to Start Menu>Run and type regedit . In the Registry Editor browse to this entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and in the “Checked all” key reset it back to 1 from 2. Now you can change the settings in the folders option. Now delete the folder C:\heap41a and clear all the key entries from this registry entry HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run which says heap41a.
Now the malware infection is removed 100%. Before you are done make sure you format the usb drive it doesn’t infect other systems too.
NOTE: Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the Usb flash drive.
For further further reference check out here
http://www.freewebs.com/mgsujith/worm/remove.html
http://digitalfort.net/?p=3k%20o
Liked the post? Give feedback through comments
