Orkut and YouTube Banned – Heap41a – win32.USBworm Removal

by on June 24th, 2008

ORKUT IS BANNED,Orkut is banned you fool,The administrators didn’t write this program guess who did??`r`r MUHAHAHA!!

This is caused by a worm called win32.USBworm. It also blocks Firefox from accessing the internet. The following message comes when opening Firefox:

I Dnt Hate Mozilla But Use IE Or Else… with title as Use Internet Explorer U Dope.

And it also blocks Youtube popping up the following message:

youtube IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!

Here is its removal procedure.

Follow the steps below to remove this worm from the infected machine:

Open Task Manager > Processes > Find svchost.exe under the user account (There will be others under network and system accounts. Don’t close them). There will be two svchost.exe under the user account. Kill both of them.
Then go to Start –> Run –> regedit and find the following key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun
Delete Winlogon key from the right hand pane.
Enable your ‘Show hidden files and folders‘ which is explained in the following article:
After completing step 3, issue the following commands from the command prompt:
Open command prompt and execute the following command:
attrib -S -H -R C:heap41a
After executing the above command, execute the following command:
rmdir /s /q C:heap41a
Replace C: with your system drive.
If you are using a flash drive, remove microsoftpowerpoint.exe and autorun.inf from the drive.
Go to your start menu > All Programs > Startup. Make sure there is no unnamed suspicious file in the startup folder.
Turn off system restore and turn it on again.
Restart your computer.


Share