Remove W32.USBWorm – It blocks Orkut and Youtube and displays "I DNT HATE MOZILLA BUT USE IE OR ELSE" while using Firefox

by Rohit Khurana on June 3, 2008



We have received the mails from lots of readers whose computer systems got infected by this W32.USBWorm which blocks sites like Youtube, Orkut on their system.


For those who have Firefox installed when they try to launch it prevents Firefox from running and displays the dialog box with the message “I DNT HATE MOZILLA BUT USE IE OR ELSE” in Internet explorer when user tries to open Orkut it says “ORKUT IS BANNED, Orkut is banned you fool“, “The administrators didn’t write this program guess who did??

No orkut no youtube


While trying to open youtube via Internet Explorer it displays “youtube IS BANNED,youtube is banned you fool” and “The administrators didn’t write this program guess who did??`r`r MUHAHAHA!!,30


What does this W32.USBWorm do ?

  • Runs a process svchost.exe in the background under your username from which you are logged in.
  • It automatically copies itself into USB drives and other portable devices.
  • Transfers itself from USB portable devices to any computer.
  • It also disables the “Show Hidden Folders” option in folder options, we have already posted on how to enable to show hidden files and folders.

Lets see from where this worm comes and how to remove it.


This virus as suggested by it name normally spreads itself through USB drives and portable devices like iPod etc.


Now, you know W32.USBWorm runs a executable file named svchost.exe , all the virus files are placed inside a hidden folder on this path C:\heap41a


Almost no anti-virus can detect this Worm however some anti-viruses blocks some of its activity AVG, NOD32 and Avast.


It spreads itself by creating autorun.inf files in the root directory in the USB portable devices, so be careful to delete any new autorun.inf file on your USB Devices.


How to Remove it completely ?


1. Press alt+shift+esc to open Task Manager

2. Locate the process named svchost.exe in the process tab for which the username is login username, see the image below for reference.

USBWorm virus

3. Right click on the process and select End Process Tree.

4. Now, browse the virus files folder which contains virus files , press Window + R and type “C:\heap41a” (without quotes)

5. Delete each and every file inside that folder and then the folder also.


After removing the virus you need to repair the registry entries which are created by the virus.

Repair the registry by following the steps below:


1. Open Start >> Run or ( press Window Key + r ).

2. type “regedit” and press enter.

3. Navigate to HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\Explorer\Run and delete the WinLogon Key.


If every thing goes well then you have successfully removed the worm from your system.


TIP: In future in order to protect your drive from virus attacks you can also read a post on how to protect your computer from viruses in pen drives.

If you like this article or this article helped you, you can +1 to recommend this article on google plus.

You can follow us on Twitter or join our Facebook Fan Page. If you have a question to ask us, submit your question at Answers By Trouble Fixers.

Looking for something else? Search here :

{ 2 comments… read them below or add one }

ameo June 6, 2008 at 5:28 pm

good for me that i’m an opera user
yet i checked and my antivirus is uptodate and my pc is clean

nice tutorial

Pallab June 6, 2008 at 6:08 am

This worm was made by an Indian college student. He had a dispute with his college network admin oversomething so created this worm.

Leave a Comment

Previous post:

Next post:

© TroubleFixers – All about fixing computer troubles2007-2016 . All Rights Reserved.