Thursday, January 31, 2008

Orkut Is Banned !!!!


Don't worry friends....Orkut isn't really banned... Its just that off late some viruses & worms have been causing this problem...[Not in the real sense....M Talking about the Computer ones !! ;) ]. This is just a mischief of the W32.USB Worm which blocks you from using Mozilla FireFox and open

This is usually spread through any USB devices...It may be a Pen Drive or Thumb Drive or your personal Mp3 player, which may be even your apple iPod.
The Worm creates and runs an exe file (MicrosoftPowerpoint.exe) and install Autorun.inf in the root of your USB Drive. A duplicate svchost.exe is created which is the main culprit. It Brings out Pop Ups which may get on your nerves and drive you mad, because everytime you try to either use Firefox or browse your favourite it Popsup a very funny message saying that:

"Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!" with title ORKUT IS BANNED" (sounds funny !! )
or "I DNT HATE MOZILLA BUT USE IE OR ELSE..." ( Or else wat,,, ?? Let it start first)

Not only popups this worm/script also hides your hidden files and folders and doesnt even show them even after Enabling "Show Hidden files and folders" in the Folder Options-->View Menu.

Well every Worm has a cure and fortunately we have found one for this too.....
Following these simple steps will help you to eradicate the Worm and the annoying Popups

  1. Press CTRL+ALT+DEL to enable the task manager.
  2. Go to the Processes tab
  3. Search for svchost.exe under the image name . There are many of them but look for the one which has your username under the "Username" field.
  4. Press DEL or Right Click and End Process to stop the scripting of these files
  5. Look if any more of these are there (usually theres only one or max 2 copies of it) If you find more instances of them Repeat Step 3 and 4. (A word of caution here: Do not end process svchost.exe with "username" field as System, Local service or Network service.
  6. Click on Start and Run and type C:\heap41a and enter & delete all the files in that folder.
  7. Now go to Run and type regedit to open the Windows Registry Editor and Press Ctrl+F
  8. Type "heap41a" here and press enter. The search results will show [winlogon] C:\heap41a\svchost.exe C:\heap(41 or 64a or 66a)\std.txt"
  9. Select that and Press DEL. It will ask "Are you sure you want to delete this value?", click Yes. exit out of the regedit.
  10. Thats it you are done.. No more Popups and you can even browse Orkut

31st Jan,2008

No comments: