Virus that bans youtube?? Help!?

Question

.I was browsing the net earlier today when all a sudden youtube opened up for a few seconds, and then close and a popup error message appeared

(title of error message) youtube IS BANNED

"youtube is banned you fool,The administrators didnt write this program guess who did??"

"MUHAHAHA!!"

(The grammar mistakes are intentional.. this is a transcript)

And an audio clip of evil laughter (sorta like as in the message) plays.. now if I try typing youtube in the address bar, IE closes and that same message with the audio clip comes up! I've tried clearing my cache but that doesn't seem to work.

I also tried using Mozilla FireFox but it says,

(Error message title) USE INTERNET EXPLORER YOU DOPE

"I DNT HATE MOZILLA BUT USE IE OR ELSE..."

Don't know if it matters, but, also..

I haven't visited youtube in weeks..

And, the error message seems to automatically close after 5 seconds.

Has this happened to anyone else so far? Any suggestions?

Answer 1

Run a virus scan and delete any viruses/trojan

THEN, restart and open up in safe mode and scan again.

If worse comes to worse back up your files and re-format.

EDIT; I did some research - this might come in handy.

Here is how to remove the Malware:

When you get the Message:
1. Go to the Task Manager
2. Click on the "Application Tab."
3. Right click on the application that is giving the message and select "go to process."
4 "Svchost.exe" should be highlighted.
5. Right Click and Select "End Process Tree"

If you really wanna get rid of the Malware there is a File called "heap41a" which is located in "C:\heap41a."
This is the script in the file"

#persistent
#notrayicon
settimer,ban,2000
return

ban:
WinGetActiveTitle, ed
ifinstring,ed,orkut
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,youtube
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,Mozilla Firefox
{
winclose %ed%
msgbox,262160,USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA
BUT USE IE `r OR ELSE...,30
return
}
ifwinactive ahk_class IEFrame
{

ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}

}

return

Two websites which are been blocked...
(Orkut and youtube)

Delete "C:\heap41a"

Answer 2

2

Answer 3

Whatever you do, do NOT make a "Recovery Point" or any "Back Up". The person saying you should make a "Back Up" is talking out his ar*e. First of all, go to www.download.com and download and install "Spybot Search and Destroy". It is free and Industry recommended. It's possibly the most powerful tool you'll ever have. Once installed, allow Spybot to download any updates. Now go "Off-Line". Next, turn "OFF" your "System Restore".

Now, run your Anti-Virus software and allow it to remove any infected files. Next, "Run" "Spybot Search and Destroy". Spybot will detect any Virus, Adware, Spyware, Trojan, Bots etc. that you have and will clean your PC up good. Once the Malware is removed, reboot and switch "System Restore" back on. This is very important to do things in this order. If you don't switch "System Restore" off, you will be keeping infected files on your PC and they will activate again, especially if you have to use any of the "Recovery Points in the future. The same will apply with a "Back Up". If you make a "Back Up" of an "Infected" System, you will also "Back Up" the "Infected" files as well.

Answer 4

Youtube is placed up by using google, if any google centers gave out viruses then no one could use any of them and google could lose all of there funds. they ought to shop them virus unfastened.

Answer 5

when you find that program that started that let me know i would like to install that on every computer in the company. sounds like a very usefull tool. now you don't ahve to waist your time on you tube.

Answer 6

try this online scan
www.housecall.trendmicro.com

after scan is complete it should remove anything it finds
i would also get windows up todate
get a good firewall
zonealarm
www.zonelabs.com