I DNT HATE MOZILLA! ORKUT IS BANNED!!
I was asked by my friend that he is the only user in his computer, his account is having administrative rights, but he is not able to open Orkut, and it says Orkut is banned. Another friend had told that he is not able to use Mozilla Firefox and it asks him to use Internet Explorer. I just told it must be some virus, but really didn't care much about that. But none of the antivirus software could detect or remove this malware.
My friend had given me a pen drive. I remembered it while browsing net on Firefox. When I put that in my PC and double clicked, it didn't open. I knew at once: I had activated a virus. But I didn't have any idea about the kind of virus that might have come to my PC, until I switched back to Firefox. Immediately a message box was displayed: I DNT HATE MOZILLA BUT USE IE OR ELSE... with title as USE INTERNET EXPLORER U DOPE. I just remembered the experiences of my friends. I tried to locate the virus by running the Task Manager. But there were no suspicious entries there. I had to bow the owner of the virus. I used Internet Explorer to search about it. The first entry in Google took me to the Mozilla Forum page, and after going through some pages, I came to know that the same virus also displayed another message when you opened Orkut. Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!! with title ORKUT IS BANNED. Well, a similar message was displayed for YouTube also. So I went through all the posts, and finally found a solution given here:
UPDATE
It seems that they have named this malware as w32.USBWorm and according my friend, Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.
This virus is not responsible for disabling Folder Options in the Tools Menu and not allowing hidden files to be shown. It is some other virus, and the solution is explained in the post Hidden Files Not Shown
My friend had given me a pen drive. I remembered it while browsing net on Firefox. When I put that in my PC and double clicked, it didn't open. I knew at once: I had activated a virus. But I didn't have any idea about the kind of virus that might have come to my PC, until I switched back to Firefox. Immediately a message box was displayed: I DNT HATE MOZILLA BUT USE IE OR ELSE... with title as USE INTERNET EXPLORER U DOPE. I just remembered the experiences of my friends. I tried to locate the virus by running the Task Manager. But there were no suspicious entries there. I had to bow the owner of the virus. I used Internet Explorer to search about it. The first entry in Google took me to the Mozilla Forum page, and after going through some pages, I came to know that the same virus also displayed another message when you opened Orkut. Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!! with title ORKUT IS BANNED. Well, a similar message was displayed for YouTube also. So I went through all the posts, and finally found a solution given here:
- Press CTRL+ALT+DEL and go to the processes tab
- Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
- Press DEL to kill these files. It will give you a warning, Press Yes
- Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
- Now open My Computer
- In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
- Delete all the files here
- Now go to Start --> Run and type Regedit
- Go to the menu Edit --> Find
- Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
- Select that and Press DEL. It will ask "Are you sure you want to delete this value?", click Yes
- Now close the registry editor.
UPDATE
It seems that they have named this malware as w32.USBWorm and according my friend, Avast is able to detect and remove it. I hope the other antivirus software will also be able to remove it soon.
This virus is not responsible for disabling Folder Options in the Tools Menu and not allowing hidden files to be shown. It is some other virus, and the solution is explained in the post Hidden Files Not Shown
Like the post? You may want to...
|
|
170 comments:
good one le pappi. ..
Thanks for the comment le pappi :)
i did everything as above mentioned but i still can see the hidden files and folders , i could edit the keys for windows explorer but then if i revert back to do not show hidden files and folders , i cant change it back unless i edit the registry again , please help !
First thing you should kill the svchost.exe process. Then immediately delete that folder. After that go to the registry and delete that entry.
If it is coming back again and again, I guess you have System Restore enabled. Turn it off and then perform the steps.
Hey thanks a ton man...i think the post actually helped me to get over the problem...but is there somethin more than i can do to prevent more of such unwanated attacks...take care of yourself and ya before i forget i am grateful...
@nkj:
I'm glad that my post helped you get rid of this virus. Thanks for visiting and keep visiting :)
I have been using avast for more than 3 years now....Its really good and it doesn't too much resource...
@Byte Of Technology:
Yes, you are right. Avast has been my choice ever since I installed it for the first time
thank u yar,
thanks a lot.....
ur suggestions helped me a lot.
Thanks alot..It worked..
@Anonymous & Swati:
Thanks for your feedback
thanks dude...:-)
Dear Mr.Harish,
Thanks for your info for removing this irritant worm.
thanks for ur help...
virus has gone.....no need to format...
Hey Harish !
i have this virus in my computer but dont have any svchost file under my user name.
So should I skip this step(i.e deleting the svc host file) and continue with the other steps..
thanks a lot Harish. I could remove this virus following your detailed instructions.
If you are not finding svchost.exe, then search for that hidden folder C:\heap41a. If that doesn't exist, then I guess it is not Win32.USBWorm, but something else
Hi,
Nice info it helped me lot.
thanks bro!!!
Hey Thanks Dude ..it helped a lot
Hey Thanks a ton Dude,
I was facinng the same damn problem, but now i have got rid of it.
Prateek
Hey Harish,
Thanx a ton brother..thanks alot!!!
...Biju
Thanks a lot man, great help and it solved my problem...take care.
Harish,
tumba tumba thanks kanree. You made my day. sakkat tale novu aagitthu ee virus.
Google search results pointed to your blog entry, and now the virus is gone! Thanks a ton. nimage olledaagli.
thanks dude ...for the nice solution.....
Thanx man.. This solved my problem.. That LAME SCRIPT KIDDIE who has done this Virus goes to hell..
Thats why I scan the Pen drives everytime but this time I was in a hurry..
Hey Avast dint worked for me..
THANKS ONCE AGAIN
nice one man i had removed tht
Thanks for all the feedback. The information about Avast is based on my friend's information. I haven't personally been able to test it :)
hi harish, Thanks for your help, it was really irritating to me, i followed your process, upto regedit no problem. but once i run regedit i am getting message "Registry editing has been disabled by your administartor". what i should do. now i can open mozilla. Awaiting for reply
Your account may not be having admin rights. If it is so, login to administrator account and follow the procedure and remove that entry.
But that is a last trace of the virus, and won't do any harm even if it exists
Newbies can also look at this site... which has got screen shots and gif images...
www.freewebs.com/mgsujith/worm/remove.html
Mr Harish......
what should i do in Windows Vista OS...Where in i am not able to entry into Desktop only... it give a message SVC host and then if i cancel or continue my sys will restart....so what should i do...can u help in this regard....
Sorry Anand, I've no idea about Vista :(
Hey Thanks a miLLion Dude,yu truLy a geniuz i was fAcin wid da saMe damN pro n finally i've got rid of it once again tHanz a Lot but den i need 1 more favour naw wad all data i've in my pen drive shd i need 2 delete dem??? r els simply scan it wid AVAST???
thanks sirjee. the virus gone .Tons of thanks to u.
one more thing do i need to format my computer now can it harm my computer now also if it has gone.pls answer.
thanks
Thanks a ton Harish..I was doubting a friend that he has done something!! Thanks of a ton..
There is no need to format the computer :)
hey man i have small prob theres some kinda virus which isn't allowing me to access my hidden files i gotta change somethin in the registry from 1 to 0 but cant remember where can u help me
Hey, I have written a new post to make the hidden files appear as before. Please see this
http://mgharish.blogspot.com/2007/06/hidden-files-not-shown.html
Thanks for all the feedbacks
Hi,
Thanks Harish.. i was able to get rid of the worm.. thanks a lot..
man i did as mentioned in ya post still hidden files cant be accessed u think theres any virus problem sorry for the trouble
Please see my other post to make the hidden files and folders visible
Thanks for the info. I was facing the same problem. By the looks of the content of the folder, it looked like a simple program and not a virus. Just a Virus-like program. Didnt harm the PC. On running svchost.exe, it created a text file. Apparently this nifty script (virus?) has been created using AutoHotKey (http://www.autohotkey.com/)!! So its not a geek, or a computer wizard who has written, but just some poor old jobless guy.
Harish,mate!! Thanks a bunch...Ur solution worked brilliantly. I just removed it....I had got it from my iPod which i recently happened to use to transfer photos from my friend's computer...And since ur post helped a lot, I am gonna soon paste the virus removal info on me blog!! Cheers buddy!
is there a way where i can get this virus. i actually wanted the source code. thanx
nityareddy17@yahoo.com
Thanksree Harish.. Ee article bardu bahaLa upkaara madidri nodri..
Hi Harish,
Thankyou very much......
Tanks harish! u rock!!it worked
thanx a ton man...im so grateful to u
thank u so much dude /11 u seriously rock !! i almost panicked !!actually started the news channel to find out what actually happened to this site and all !!! man it was freaky !!! anyways !!! i did all those things u mentioned but can u let me know how to delete the C:\heap41a ( hidden folder)itself ... please e mail me on parasgala1985@gmail.com!!! shall be a great favour from ur end !! thank u so much !
My Kaspersky Internet Security pack detected them and deleted them successfully...Though the blog did help in wiping the folder and the registry off my system completely. Thank u!!!
Hai Harish,
Thanks a millons for your guidance. i am so greatfull to you
thankssssssssssssssss
bye
vetri
taiwan
Thanx a lot for the post :)
Great man, It helped me to remove from my GF's computer. I am gonna give few lines about this experience in my blog.
thanks i have removed those entries virus is gone but after that still i cant view hidden files through tools folder option
thanks i have removed those entries virus is gone but after that still i cant view hidden files through tools folder option
Thanks for all the feedbacks
@Tushar: This virus is not responsible for hiding the hidden files..
See my other post for that
thanks a ton dude......u rock!
Thanks a lot man.
You really saved me.
That stupid virus was making me crazy. Just followed you instructions and I was surfing orkut like before.
hey harish thanks for this article.i removed my orkut virus.
I have another problem, i can not see my hidden files n folders in my comp.when i change settings to display all hidden files thru folder options it wont change n keep it as it is.i guess it is a virus.pls help me
Thanks buddy... It really worked
thanks a lot..it helped.
thanks a lot..it helped.
harish so nice of you..........great it really worked......and my wife really got happy........
Thanks alot bhayya...Pedha problem teerchav
Hi
though i couldn't find any svc.host running under my name but rest of the nusiance is same : regedit has been disabled by the administrator !! use IE u dope or else..... besides i did delete the contents of that folder hepa
kasper Av 6.1 did prompt me for some rewriting in the mozilla module which i denied yet it said that js..... .dll is not a valid image (even after reinstalling firefox
if somebody could help me
spicyindian2002@yahoo.com
@All:
Thanks for all the feedbacks.
@SpycyIndian2002:
Are you the administrator of the computer or is regedit really been disabled by a real adminstrator?
Were you able to delete all files in the folder heap41a ?
thanks dude... there was some virus prob. my pc was not showing the hidden files and orkut was not getting opened. now working properly.....
dude avast works.. only ppl will internet and regular updates are able to delete.. it. and perhaps bingo.... for programmers..
i guess in the heap41a there is the source code or some script for the worm!! its fun.. to play with this worm
@Praveen: Thanks barry :)
@Ravikrishnan: Yes, I too have that source code. Really a great source to know how a virus works
Hi harish, Thanx a ton for ur information.
Harish, what r u doing? I wat to do friendship with u.
Just fyi... The folder heap41a is invisible because the icon used by the folder is plain white colour icon. If you change the background of your folder display u will be able to see the folder as white patch.
Also, you can remove the folder by getting in c:/heap41a thru address bar and right click and change the icon of the folder. you will be able to delte the folder.
Thanx very much harish...
this is a very useful post.. i was struggling a lot wth this virus..
thanx yaar:)
thnks harish for help orkut banned
thanx a ton mate!! tht really helped.
And coming to the pen drive .. is it enough if i format it?
Realy thx man! you fix my problem! ^^
this work good =]
^^v
@All:
Thanks for all the feedbacks.
@Kalyan Chakravarthy:
Formatting pen drive will eliminate the problem for the moment. But don't let this malware to attack again!
So thanks dear..
I & my Freinds were looking for this solution from morning ...
very thanks.....G M Mahale..Nasik..Maharashra
fwmthanks a lot friend but......
i cant open my hidden files as soon as i change the setting of hidden files .to show hidden files and apply the settings.........
the option again gets changed to
do not show hidden files .
plz do help
i have deleted all the settings from registry and the task manager but still this is happening ..i cant access my hidden files due to this
thanks friend i can access my orkut account but still
there is problem i cant access my hidden files
whenever i change my settings to show hidden files it again changes the option to donot show hidden files so i cant delete those files in the c drive
and i have deleted all the processes and the registry keys of the worm.....
please help
hi, i'll try what u said. i've not visited orkut for weeks.
hey buddy
this is my problem since a long...
n u really solved my problem
thnxs dude.......
hey...by mistake i deleted the svchost.exe file with system username and not my username .....will there be some problem ....pls reply ASAP
hey i deleted svchost.exe file with system username and not my username by mistake....what will happen? what do i do?
@Varsha:
No file will be deleted just by ending a task manager process. So nothing will happen. No need to worry.
Hi My process tab is not accessable what to do? Pls help
Thanks
Sureh
Hi, I tried the way you had suggested for virus removal, but when I pressed ctrl+Alt del my process tab is greyed out and not accessable. What to do. Pls help.
Thanks,
Suresh
It is great !!!!
a
It worked like a charm to me...
Gr8 post
Thnx
Nice one buddy. Some other blogger have really confused me to fix this bug...
hi harish...
tanx a lot..it helpd one of m frnd..his computr was infectd wid same worm...he told me about it n found the remedy here...
tanx again..
thx a lot thanx u so much
hi man that was really useful thank you very much
Greetings from brazil... Nice work!
thanks buddy...it helped me get rid of tht virus
Thanks a lot buddy...it helped me get rid of tht stupid virus
Thanks a lot, Harish. Blog was a great help.
nice tip! will formating can really eliminate the problem??? wat if the virus is in the hard disk????
thanks a lot buddy! this did help!
hey
i understood the whole process u explained but i cant even open my task manager.. it shows "task manager has been disabled by your administrator".. can u help me with it
@All: Thanks for your feedbacks.
@pawan:
See this link
http://windowsxp.mvps.org/Taskmanager_error.htm
To enable hidden files and folders,
see this page.
There is an animation showing how to use regedit to change the value.
Hope it helps.
http://www.fundazone.com/ideas/heap41a/
John Da
thanks man...............that worked for me..............ill send this across to all people anyways thanks again.......be in touch on godfather.rk@gmail.com
thanks man...............that worked for me..............ill send this across to all people anyways thanks again.......be in touch on godfather.rk@gmail.com
i am really grateful to u for providing the help in concern to the orkut virus.
thanks a tonne. :)
Thank You Very Much, It solved my problem :)
good one dear,,,,its worked..thanks
Hi Harish!
Thanks for these inputs.... I faced a similar problem and your inputs have been of great help.
Archana
thanks hero
thanks hero
thanks genious for ur help :)
at last got rid of that virus !
thanks genious for your help :)
atlast i got rid of that virus !
thanxx a lot man
it worked
i navigated thru tones of sites before i read ur posts and none of yhem could give me a suggestion more than closing the process tree which even i knew before ....the orkut help sites could help either
but u gave the solution ........thanx man
wish could b a programmer like u in the future
anyways all d best 2 u ]
cheers,
harmeet
thank you very much
I've solved the problem without formatting the hard disc
hey thanks for those wonderful suggestions :)
thanks man
ur post help me a lot thanku very much
keep up good work
Thanks for these instructions. They´ve worked very well.
Thanks a lot for the instructions. Tey´ve worked quite well for me!
Bye
hey guys!!!...apparently NOD 32 detects the worm too!... got rid of it from my laptop at least..
Thanx alot bro.....I owe u a treat:)!!!
thank soo much
i wouldnt have known if it was a virus in frst place!!
bt have a prob..your right there r many svchost files BUT am unable to find the one with the username as "your useranme"....bt there r 2 saying "user" n the oders saying "SYSTEM"...which one should i delete??
PLZ HELP ME!!!
omg omg omg!!!
i did it!!!
THANK U SOOOOOO MUCH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
dear sir
your post was not useful this virus has been updated and the newer one is more clever to disable task manager gpedit or regedit.nod 32 can detect it.im fighting on it.
u can reach me at magic_neel4u@yahoo.com
thank.s
thanks a lot
thanks so much...
did not work. Virus keeps coming back
thanks for the message good work
but if svchost.exe in system or network is deleted wat may b the problem
i was following the steps that u suggested.but i dont have this folder called regedit.what do i do?
thanx harish that created al ot of problem .
hi,
Thanks 4 help,it worked.
sanjay
Hi Harish,
Thanks fr ur fix. But wat i want to knw is, hw do i remove it frm the USB drive so that it doesnt spread everytime i use it?
Thanks a lot for ur help. Couldn't figure out what to do for a long time. And finally MG Harish to the rescue :-). Great work.
Abhinandan Reddy Pakanati
Dear Harish
Like many others, I've been attacked by this worm, and like many others again, helped by your post. And the biggest word of grattitude is - THANKS.
I'm not really very much expert in the technicalities of computer, but was able to follow your instructions easily. And I have downloaded Avast too.
Once again, thanks alot for this post.
thanks a ton, Harish. just now, i have solved the problem, occurred on my gf's comp, just over the fone!!! i just went thru your steps and solved her prob!!
ilverchainthanks dude a lot ...
mannn .. u r too good buddy .. thanx a million.i can see my hidden files now ... thanx a lottt. btw .. can u plz solve my pen drive problem also. i use a 1 GB kingston datatraveler. DTI/1GB is the code. i inserted it in my frnds system and finish!! it is not being read by any system now..plz send me a solution buddy
mannn .. u r too good buddy .. thanx a million.i can see my hidden files now ... thanx a lottt. btw .. can u plz solve my pen drive problem also. i use a 1 GB kingston datatraveler. DTI/1GB is the code. i inserted it in my frnds system and finish!! it is not being read by any system now..plz send me a solution buddy
hi thanks for ur suggestion. i have a question for u... if i re install the operating system then ll the virus be removed from the system....?
@All:
Thanks for all the feedbacks.
@ank:
Regedit is not a folder. It's Windows system utility.
@pv:
You have to remove the autorun.inf file in the pen drive. But note that this file may be a hidden file.
@sanjeev:
Some pen drives are having such problems. I am not sure about the cause of these problems.
@harsha:
If you remove OS and reinstall, every virus will go. But if the pen drive contains the virus, your system will get affected again
thanks a lot Mr Harish..ur blog wz really useful..not me..but my frnd..i wz d 1 who had 2 luk up 2 ur blog n tell him..so,thnx anywyz frm my part...
now im readin odr parts of ur blog lik how hackers do their stuff n all tht..thnx a lot!!!
thanks harish it worked.
my problems are solved
ur blog worked
i have created a remover for the same virus
http://prashobms.blogspot.com/2007/12/orkut-is-banned-you-fool-administrators.html
just visit my blog and download the tool. It can heal and revert back ur registry.
Thanks
Harish,
Thanks a lot for that detailed post. I was able to get rid of the annoying bug
:-)
Cheers
M
thanx buddy....:)
thanx a lot buddy...:)
Dhanyawad Mitra !!
Very Nice!
I was crazy about Orkut and hidden files and folders problem. Thanks a lot again and again in an infinite loop. Can you suggest one really goood protection system, I have used KasperSky internet Security 7, Panda internet security 2008, and also avast home edition with daily updates. These all works good in my pc so my PC is not affected since last 2 years but my friends pc mostly gets affected in one or two months. No secrity works in his pc. we both are using the same configuration( in software as well as in hardware also). can you also explain about that new folder.exe virus and virus with the same folder name. you can also reply me on master_4_master@yahoo.com
thanks Mr. harish
i was facing the problem for a long time and yesterday i got a rid of it,
do you have any idea about how to restore the view of hidden files
hi,
this is kishore..
thanx for ur help dude... my pal had a same problem and i saw ur solution from my office and explaine dhim thru phone and he did it in his system as i was saying... the prob is now solved... you saved his head frm blasting...
Great stuff. Managed to remove the virus.
Thanks.
Aneesh
Greeting from Malaysia..brilliant, it's work! But how to disable auto run pendrive?
thanks my dear..thank you so much
thanks a lots harish!!i succesfully removed it...:)
Thanks a ton Harish
Mukesh
thanks a lot dude , but i have been getting troubled by few more virus/malware's , i'm getting autoplay option to all my drives ,An i have got avirus named "funny US scandal" named virus from my friends pen drive , can i know more about this virus an the solution too
mail me back to
raghunathmahenderkar@gmail.com
Hi Harish,
There is a new version to this now....Today I tried opening Orkut and I get an dialog error saying....
"ORKUT IS BANNED,Orkut is banned Plz dont access it in College, 30"
After I click on OK, one more diaglog box follows saying ....
"Orkut is banned at SSGMCE Plz dont access it!! a project by AMOL"
Can somebody help me to remove this???
Thanks for all your feedbacks :-)
Mukesh, I have not noticed this virus. However, if I get any information regarding this malware, I'll update it immediately.
HELLO. in my system the task manager doesnt open wich ever way i try to open it.....do u have any other way to delete it???
@Anonymous, please see this solution given by my friend:
http://www.techpavan.com/2008/02/16/combat-multiple-virus-problems/
Thanks dude. I removed the virus. - VK
hi harish
i followed ur steps to show the hidden folders and it worked like a charm, but when i checked the processes i did not find svchost.exe vit "user" . but i still checked for the "heap41a" folder, but couldnt find it. I have trouble only vit orkut site, could you please help me fix this problem. I have been trying to fix it the last few days.
thank you
nikkypk@yahoo.co.in
thank you! it helped a lot, everything is ok now
i did everything as above mentioned.Luckly i have found the folder and i have deleted all file except SVSHOST with the icon 'H'. When i try to delete that file it says "Error Deleting file or folder". And more the creap had disabled my Task Manager (ctrl+alt+del). Now what MUST i do friend..?
Yeah man i did it,Any way thanks for your idea but unfortunately it doest work on my machine. Later i have found a good trojan remover from. It works cool. i have killed the creap.
www.brothersofts.co.cc
thanx a lot harish!
will formating pen drive really to eliminate the problem?or else wat to do?
can i search the virus in the hard disk?how?
thanx again
-- manish
Thanks man. What do you think of this one?
http://www.squidoo.com/MuhahahaRemoval
Post a Comment