I dnt hate Mozilla but use IE or else…. Worm
I dnt hate Mozilla but use IE or else... is what I got when I tried to start Firefox sometime back. Just as the window opened, a box with this message popped up and then disappeared, taking my Firefox window along with it.
Internet Explorer seemed to work until I tried opening YouTube. Then, I got the following message before IE shut down as well.
‘Youtube is banned you fool, The administrators didn’t write this program guess who did?? MUHAHAHA!!’
I couldn’t for the life of me figure out how this had happened so I decided to search and see if this problem had cropped up somewhere else.
Turns out, it’s pretty common. These messages are courtesy of the W32.USB worm. This worm copies itself to removable drives as Microsoft Power Point.exe and will infect your PC when you connect the infected drive to it. The infection is via a hidden Autorun.inf file.
Luckily, it’s fairly easy to get your browsers back to normal. Just follow the following steps.
- Right click the system tray and select the ‘Task Manager’ or just hit ‘Ctrl+Alt+Del’. Once the task manager is open, navigate to the ‘Processes’ tab.
- Under the ‘Image name’ column, look for all entries marked ‘svchost.exe’, which are running under your USERNAME ONLY (not system, local or anything else). Terminate these processes by hitting the ‘End Process’ button. Close the task manager.
- The next step is to delete the files itself. Open ‘My Computer’ and type ‘C:\heap41a’, then hit Enter. The folder will have the files ‘svchost.exe, script1.txt, standard.txt, reproduce.txt, and an audio file.’ Delete all the files in the folder and then delete the heap41a folder itself.
- Now we have to delete the registry entry as well. Go to ‘Start --> Run’ and type ‘regedit’. Once the registry opens, on the menu bar, go to ‘Edit --> Find’ and type ‘heap41a’. After searching, you should have some entries with ‘heap41a’ in them. Delete all these entries.
- Your PC is free of the worm.
However, you also need to get rid of the worm from the USB drive, lest it infect your computer again. Connect your drive to the computer’s USB port (disable the drive from auto playing) and delete all entries marked with ‘autorun’. They may sometimes be in a separate folder. Once these entries are gone, your USB drive is clean as well.
Thank you!I from Brazil
Congatulations
thank you, thank you, thank you. my firefox is free again thank you.
Thanks a lot for the clear cut instructions….now i am with MOZILLA again :-)
Thanks a lot man. I love Mozilla
“I HATE IE SO USE MOZILLA DOPE”
MUHAHAHAHA
nece solution , Thanks man krushna
Just to clarify, its not ‘my’ machine. I’m pretty much a guest on it. When I have enough funds to buy my own computer, then I can do what I want. Oh, and the USB ‘picked’ up the virus from the local copy shop.
It’s always “someone” else in the house. That’s why I set up Users, with restricted rights. And if they want more rights, they can buy and maintain their own machine.
That’s a pretty weak excuse Cheryl. If it’s your system, then it’s your responsibility to make sure it’s safe and protected at all times.
I use AVG Free as my anti-virus software and its pretty effective. I also use Ad-aware.
P.S.: I wasn’t responsible for the virus getting into my system in the first place. Someone else in my house had the privilege of doing it. However, I was the one to clean it up.
Martin – that article may have been posted by Cheryl, but it says:
Why I decided to uninstall my Antivirus software
Posted by Martin in Security
I just disable the autorun for all drives. So no or little risk of accidentally getting infected. Then I just delete any unknown files on my USB device.
one slight cautionary addendum to your article, if like me you use the free Portable Apps Suite on any USB sticks be careful about deleting all instances of autorun, since Portable Apps Suite uses an autorun.inf this would in fact stop the suite from working the way it should.
Rob that article was posted by Cheryl, not me ;)
Marty,
Maybe you got to rethink about your post the other day about the lack of need for an AV.
I use AVG Free and seems to work better than Symantec and faster too.
What AV, monitor(s), firewall do you use?
Roman,
I do monitor my system and thankfully have never had any problems. This was the first time something like this had happened to me.
So monitor your system – there are plenty of AV and monitor products, many of them are free.