Yep.. It is an Orkut (W32.USBWorm) worm...
I highly recommend purchasing a antivirus from a reliable vendor like mcafee, properly configuring it, and ensuring it is automatically updating.. this is what you pay for.
.\
This spreads through USB drives. Along with firefox, it also prevents you opening Orkut and Youtube. It gives the alert “orkut\youtube is banned you fool” and closes the window immediately. For firefox, it gives the alert “use IE you dope” and closes the Firefox window. It also plays a .wav file (which sounds as “muhahaha!!) whenever the alerts pop-up.
How it works?
• It creates a folder with name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.
• The running process that is responsible for this is svchost.exe and it will be spawned under user name.
• It will make an entry into registry so that it will be started automatically every time the system gets rebooted.
Contents of “heap41a” folder
• Svchost.exe – This is the main executing program
• Script1.txt – It contains the script for displaying messages and playing sound file depending upon application invoked.
• Std.txt – It is responsible for making registry entries and running svchost.exe.
• Reproduce.txt – It is responsible for reproducing the directory structure and registry entries every time the system reboots or if any files or entries missing.
• Along with these, there will be one audio file and one drive list text which contains by default all alphabets from A…Z
How to remove this worm?
• Terminate svchost process. Remember there will be more than one svchost processes. You have to delete the one which was spawned under user name.
• Delete the heap41a folder from your system. It will be hidden. Use advanced search options to find it.
• Remove the following registry entry.
HKLM\..\Policies\Explorer\Run: [winlogon] C:\heap41a\svchost.exe
Good luck.
2007-09-29 17:02:10
·
answer #1
·
answered by Anonymous
·
0⤊
1⤋
I suggest you download Ad-Aware SE and Spybot S&D (they’re free), install them, update them and run them. If they or your anti-virus don't seem to be able to get rid of everything they report finding, try running them again, this time in Safe Mode. Safe Mode often prevents the malware from running and protecting itself.
Also, turn off System Restore to evict any copies of bad stuff that might be lurking there.
To get into Safe Mode:
1. Log out and reboot your machine.
2. When the machine starts the reboot sequence, press the F8 key repeatedly.
3. Select Safe Mode from the resulting menu.
4. The machine will continue booting, but the Windows desktop will look different. You won't be able to see the Internet, for instance. Log in as Administrator. Administrator often has no password.
5. When you're finished, log out and reboot back into normal mode.
Update and run both regularly, along with a good anti-virus package.
Good luck.
2007-09-29 16:34:23
·
answer #2
·
answered by The Phlebob 7
·
0⤊
1⤋
Well, for one thing AVG is an antivirus program. So it is incapable of dealing with spyware which is what you have. You need to get a good spyware remover. Do a free scan with a bunch of good ones. If pulls up the the spyware in question. Then your problem is solved. The page below offers some free scans by a bunch of good removers. Hope this helps!
http://www.delete-computer-history.com/best-spyware-removal-programs.html
2007-09-29 19:02:53
·
answer #3
·
answered by Anonymous
·
0⤊
0⤋
Sounds like something malescious. Try uninstalling firefox.
Do a system restore to before you downloaded firefox.
Download firefox from a legitimate firefox website and install.
Hope this helps.
2007-09-29 16:12:57
·
answer #4
·
answered by Michael S 7
·
0⤊
1⤋
You may be having a virus or spyware installed on your PC. Norton, AVG , Avast are free antivirus software. Ad-aware, Ewido are free spyware removers. You can download free softwares at http://fixit.in/antivirus.html and http://fixit.in/spywareremover.html
2007-09-29 16:29:17
·
answer #5
·
answered by Anonymous
·
0⤊
1⤋
it's avirus mate,use a good antivirus to remove it..i would say nod32 or f-secure and avoid avg and avast.
best spyware removal is ad-aware 2007.
good luck in cleaning ur pc.
2007-09-29 17:54:14
·
answer #6
·
answered by MH 4
·
0⤊
0⤋
It appears that you have been infected by the USBWorm.
More details and removal instructions here:
http://parasitedb.com/parasite-usbworm.html
Good luck!
2007-09-29 16:11:37
·
answer #7
·
answered by Anonymous
·
0⤊
1⤋