Sunday, November 11, 2007

ORKUT is Banned, you fool......

Orkut is banned you fool, The administrators didn't write this program guess who did?? MUHAHAHA!! with title ORKUT IS BANNED. I hope some of you have seen this message on your system while opening ORKUT. It also attcks MOZILLA with a message " I DO NOT HATE MOZILLA BUT USE IE OR ELSE... with title as "USE INTERNET EXPLORER U DOPE"..........Got it what I am talking about ? I Hope you hit the bulls eye. Don’t PANIC, this is due to a worm which is very decent , which does not destroy your files or damage your computer.

Few days back my sister asked me about this on phone and I just told to update the anti virus and some bla bla as I was in different city. But when I saw her laptop, I thought it is a virus and tried to find the solution in GOOGLE. But to my surprise when I typed ORKUT in google search it automatically closed. I had to search the solution through a proxy(via Google) and got the top notch and removed for that time. That day I thought its gone but I was wrong. It returned the next time but I had already left from that place. She once again called me and I told something to avoid my ignorance. But today.... enough is enough... It came to my system when I copied a file from a pen drive though I have the latest anti virus. I searched for the exact solution from net and here I am posting the solution which I think you can use if you need for.

This is happening due to a Worm: w32.USB which is spreading through Pen,USB,Thump disk etc
It shows messages like
  • " I DON'T HATE MOZILLA BUT USE IE OR ELSE...."
  • " Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!" with title ORKUT IS BANNED
This affects the following
  • ORKUT
  • MOZILLA
  • YOUTUBE


You can follow the steps to Remove:
1. Press CTRL+ALT+DEL and go to the processes tab

2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username

3. Press DEL to kill these files. It will give you a warning, Press Yes

4. Repeat for more svchost.exe files with your user name and repeat. Do not kill svchost.exe with system, local service or network service!

5. Now open My Computer

6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.

7. Delete all the files here (

9. Now go to Start --> Run and type Regedit

10. Go to the menu Edit --> Find

11. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"

12. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes

13. Now close the registry editor.
Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.

I love this worm as it does not do anything except blocking ORKUT, MOZILLA and YOUTUBE.


NOTE: As its very new and not so harmful ,the latest anti virus is not able to detect this.



See the following links to know more:



Please feel free to post a comment if you like this or you want to give some easy solution for this.

No comments: