A few months ago, while surfing the net and trying to open Orkut i got a strange message on my computer screen which said “Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!” and the browser closed. I didnt think it was a virus as i had AVG installed on my system and i had faith in it. I tried it on different machines which were part of the Local Area Network and each gave the same message while opening Orkut and Youtube. Each machine had AVG or Norton installed. I ran an Antivirus scan and it also didnt detect any virus or spyware. I decided to search on the net for this problem and thats when i discovered that my computer was infected with the W32.USBWorm virus which displayed such messages while opening Orkut and Youtube. Here are a few simple steps which you can follow to remove this virus if this has infected your system too.
*
o Open the Task Manager by pressing Ctrl + Alt + Del and go to processes tab
o Locate svchost.exe under the image name. There will be many processes by that name but look for the ones which have your username under the username. Just kill these processes by pressing Del key.Only kill those which have your username under the username and leave the rest
o Open the run command and type C:\heap41a and press enter. This is a hidden folder. Delete all the contents of this folder
o Open the registry by typing regedit in the run box
o Search for heap41a in the registry by using the find command
o You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt“. Just delete the entries by pressing the del key
o Close the registry editor
Now the virus will be gone. The virus mainly spreads through USB disks so be sure to delete Autorun.inf file and any folder which has a .exe extension in the pen drive you use. Avast and Nod32 are able to detect it. Even AVG, Norton and macfee failed to detect it.
The above mentioned are not guaranteed to work everytime. In one of my machines, the virus disabled the Task Manager and registry editor also so i was unable to perform the above steps. In such cases, try doing a full system scan with Avast in the boot mode and delete all files which are infected. If a lot of system files get infected, then you would have to format your computer to remove it successfully. The viruse also spreads quicly through Flash drives and Local Area Network so always scan the flash disks in such cases.
With so many viruses being discovered everyday, it becomes difficult to protect your PC completely. The best you can do prevent such things is to use an Antivirus and keep it updated. Have you ever been infected by this virus? What measures do you use to protect your PC from such malwares?
copied from http://www.whoismadhur.com/2007/11/16/how-to-remove-orkut-is-banned-virus/
Friday, May 30, 2008
How to remove Virus from USB Drives
One of the ways by which a virus can infect your PC is through USB/Pen drives. Common viruses such as ’Ravmon’ , ‘New Folder.exe’, ‘Orkut is banned’ etc are spreading through USB drives. Most anti virus programs are unable to detect them and even if they do, in most cases they are unable to delete the file, only quarantine it. Here are the things which you can do if you want to remove such viruses from your USB drives
Whenever you plug a USB drive in your system, aautorun window will appear !
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
* Autorun.inf
* Ravmon.exe
* New Folder.exe
* svchost.exe
* Heap41a
* or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Tweak UI
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
Whenever you plug a USB drive in your system, aautorun window will appear !
Don’t click on Ok , just choose ‘Cancel’. Open the Command Prompt by typing ‘cmd‘ in the run box. In the command prompt type the drive letter: and press enter . Now type dir /w/a and press enter.
This will display a list of the files in the pen drive. Check whether the following files are there or not
* Autorun.inf
* Ravmon.exe
* New Folder.exe
* svchost.exe
* Heap41a
* or any other exe file which may be suspicious.
If any of the above files are there, then probably the USB drive is infected. In command prompt type attrib -r -a -s -h *.* and press enter. This will remove the Read Only, Archive, System and hidden file attribute from all the files. Now just delete the files using the command del filename. example del Ravmon.exe. Delete all the files that are suspicious. To be on a safer side, just scan the USB drive with an anti virus program to check whether it is free of virus or not. Now remove the drive and plug it again. In most of the cases, the real culprit turns out to be the “Autorun.inf” file which mostly gets executed when someone clicks Ok in the dialog window which appears above. Thus the infections can spread
Security Tip
Disable the Autoplay feature of USB drives. If you disable the Autoplay feature of USB drives, then there are lesser chances of the virus spreading. A tool which can perform such a function is Tweak UI. Download it from here install it.
Tweak UI
Run the program. Now you can disable the Autoplay feature of the removable drives as shown above. By following the above steps, you can keep your USB drives clean. If there are any other methods which you use, then share it with me through comments.
Subscribe to:
Posts (Atom)
