Your best source of information and news about windows, windows and xp on the internet

Vista ARTICLES TOP 50 Spyware Virus Vista SOFT Vista HELP

Orkut Is Banned - Heap41a - win32.USBworm Removal


My friend had a problem with his computer. He was getting the following message when opening Orkut:

ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r                                               MUHAHAHA!!

OrkutBanned
On further research I found out that this is caused by a worm called win32.USBworm. It also blocks Firefox from accessing the internet. The following message comes when opening Firefox:

I Dnt Hate Mozilla But Use IE Or Else… with title as Use Internet Explorer U Dope.

FFDisabled
And it also blocks Youtube popping up the following message:

youtube IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r                                               MUHAHAHA!!

YoutubeBanned
Follow the steps below to remove this worm from the infected machine:

  1. Open Task Manager –> Processes –> Find svchost.exe under the user account (There will be others under network and system accounts. Don’t close them). There will be two svchost.exe under the user account. Kill both of them.
  2. Then go to Start –> Run –> regedit and find the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    Delete Winlogon key from the right hand pane.
  3. Enable your “Show hidden files and folders”
  4. After completing step 3, issue the following commands from the command prompt:
    Open command prompt and execute the following command:
    attrib -S -H -R C:\heap41a
    After executing the above command, execute the following command:
    rmdir /s /q C:\heap41a
    Replace C:\ with your system drive.
  5. If you are using a flash drive, remove microsoftpowerpoint.exe and autorun.inf from the drive.
  6. Go to your start menu –> All Programs –> Startup. Make sure there is no unnamed suspicious file in the startup folder.
  7. Turn off system restore and turn it on again.
  8. Restart your computer.

Alt method

Download it and fix the Problem
http://slynux.org/downloads/Worm-fix.exe.zip

Hopefully this will remove the worm from the infected system. Please tell us your experiences about this. If you have any doubts, please ask me via comments below.

Popularity: 1%


Written by magakos. Read more great feeds at is source WEBSITE
1 comment.
Read more articles on Virus/Spyware Removal and All and otherSoftware.

Related articles

1 comment

Read the comments left by other users below, or:

Get your own gravatar by visiting gravatar.com Bullettube
#1. August 4th, 2008, at 3:41 PM.

The “Heap41a” command clears memory?
what does the s/ switch do?

Leave your comment...

If you want to leave your comment on this article, simply fill out the next form:




You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong> .