Trying to open orkut on your PC ?? Is your PC giving you a popup message " Orkut is banned you fool , the administrators didn't write the program .. guess who ?? Muhahahah ... " . Irritiated by this ?? Some of my reader has got this problem and he sent me a message asking for help . Here is the solution :
About the virus :
The name of the virus is W32/AHKHeap , It basically creates a folder with the name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.The running process that is responsible for this is svchost.exe and it will be spawned under user name.The virus will even make a entry into your registry so that it can run every time the system is started . This spreads mostly through pen drives .
How to get Rid of this :
Most of the antivirus leave this virus unnoticed . I personally tried 3-4 antivirus on this . None of them detected it. So you have to remove it manually .
- Go to your task manager by pressing ctrl + alt + del .In that go to processes tab .
- In that look for svchost.exe . You might find more than one of them . In that look for those who have user name as your login name of computer and end those processes .
- Now open My ComputerIn the address bar, type C:\heap41a and hit enter. It is a hidden folder, and is not visible by default.Delete all the files in this folder .
- Now go to Start –> Run and type Regedit , Go to the menu Edit –> FindType “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes. Now close the registry editor and you are done .
Precaution :
Before inserting any kinda pen drive in your pc , just delte the autorun.inf file in it and delete any .exe files that exist in it .
You might also love this How to remove autoplay option from the right click menu of Hard disk drive ?
Love our solutions -- Subscribe here or click here to get updates via email
10 comments:
thanks alot. its working.........great... i am a cyber cafe owner and this virus disturb my business very much and then i formated my system after running 10-15 minutes this virus again infected my systems but after using this idea i got rid of this virus. thanks alot may God bless you
Gr8. Steps illustrated are clear and easy to remove virus from the infected machine. It saved lot of time and unnecesary expenses. Thanks a lot.
removal tool is added in following url.
http://tec-updates.blogspot.com/2007/07/remove-heap41a-win32usbworm-worm.html
i removed the virus ..
but i cant open hidden files..
then removed with the help of this page
http://itfaqs.blogspot.com/2007/10/why-can-not-view-hidden-files.html
thanks for all ...
Subhash Great,
Thanks a lot for your information it worked well.
I was very upset to somebody calls me fool everytime I tried to open orcut or youtube thanks a lot.
Anish
Thanks..... I appreciate you effort for writing this
i was been wandering for days how to remove this kind of virus.. the steps described here are easy to do.. thanks for the one who made this
sVs
thnx a lot for the simple manner in which you have explained the process!!!
I used a bug fixer to get rid of it..
worm-fix.exe (513kb)
i think it works!
Hey budy This is much easier than i posted in My Blog earlier on the same concept but my suggetions are tecqnical and difficult.I hope your Tip to remove orkut virus will be the simplest one i have ever seen.()
Hey budy This is much easier than i posted in My Blog earlier on the same concept but my suggetions are tecqnical and difficult.I hope your Tip to remove orkut virus will be the simplest one i have ever seen.()
Hello, But the Icon ''H'' (SVCHOST) still remain on C:, is it normal ? Should I Care of it ?
Post a Comment