Trouble:
We have received the mails from lots of readers whose computer systems got infected by this W32.USBWorm which blocks sites like Youtube, Orkut on their system.
For those who have Firefox installed when they try to launch it prevents Firefox from running and displays the dialog box with the message “I DNT HATE MOZILLA BUT USE IE OR ELSE” in Internet explorer when user tries to open Orkut it says “ORKUT IS BANNED, Orkut is banned you fool“, “The administrators didn’t write this program guess who did??“
While trying to open youtube via Internet Explorer it displays “youtube IS BANNED,youtube is banned you fool” and “The administrators didn’t write this program guess who did??`r`r MUHAHAHA!!,30“
What does this W32.USBWorm do ?
- Runs a process svchost.exe in the background under your username from which you are logged in.
- It automatically copies itself into USB drives and other portable devices.
- Transfers itself from USB portable devices to any computer.
- It also disables the “Show Hidden Folders” option in folder options, we have already posted on how to enable to show hidden files and folders.
Lets see from where this worm comes and how to remove it.
Fix:
This virus as suggested by it name normally spreads itself through USB drives and portable devices like iPod etc.
Now, you know W32.USBWorm runs a executable file named svchost.exe , all the virus files are placed inside a hidden folder on this path C:\heap41a
Almost no anti-virus can detect this Worm however some anti-viruses blocks some of its activity AVG, NOD32 and Avast.
It spreads itself by creating autorun.inf files in the root directory in the USB portable devices, so be careful to delete any new autorun.inf file on your USB Devices.
How to Remove it completely ?
1. Press alt+shift+esc to open Task Manager
2. Locate the process named svchost.exe in the process tab for which the username is login username, see the image below for reference.
3. Right click on the process and select End Process Tree.
4. Now, browse the virus files folder which contains virus files , press Window + R and type “C:\heap41a” (without quotes)
5. Delete each and every file inside that folder and then the folder also.
After removing the virus you need to repair the registry entries which are created by the virus.
Repair the registry by following the steps below:
1. Open Start >> Run or ( press Window Key + r ).
2. type “regedit” and press enter.
3. Navigate to HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\
CurrentVersion\policies\Explorer\Run and delete the WinLogon Key.
If every thing goes well then you have successfully removed the worm from your system.
TIP: In future in order to protect your drive from virus attacks you can also read a post on how to protect your computer from viruses in pen drives.
Useful Related Articles
- Gmail does not open in standard mode,gives option to open in basic HTML
- Firefox hangs at Gmail Inbox
- Forward and Back button disappear in Firefox navigation toolbar
- Security Certificate Error While Opening Web-sites
- Remove Virus Which Redirects to go.google.com | go.google.com Redirect Virus Removal tool for Windows
- Disable ActiveX Warning in Internet Explorer while playing animations
Most Popular Troubles and Fixes
- Not able to open drives on hard disk by double click
- How to remove Win32/NSAnti, d.com virus without any anti-virus tool
- Drive opens in new window on double click in windows XP
- Not able to show hidden files and folders
- How to remove Newfolder.exe virus
- How to protect your computer from virus in pen drives
- Task Manager disabled problem in windows xp
|
Get solutions to common computer problem's directly to your inbox for free |
2 Users Commented In This Post
Subscribe To This Post Comment Rss Or TrackBack URL