I dnt hate Mozilla but use IE or else…. Worm - gHacks Tech News

I dnt hate Mozilla but use IE or else…. Worm

I dnt hate Mozilla but use IE or else... is what I got when I tried to start Firefox sometime back. Just as the window opened, a box with this message popped up and then disappeared, taking my Firefox window along with it.

Internet Explorer seemed to work until I tried opening YouTube. Then, I got the following message before IE shut down as well.

Youtube is banned you fool, The administrators didn’t write this program guess who did?? MUHAHAHA!!’

I couldn’t for the life of me figure out how this had happened so I decided to search and see if this problem had cropped up somewhere else.

Turns out, it’s pretty common. These messages are courtesy of the W32.USB worm. This worm copies itself to removable drives as Microsoft Power Point.exe and will infect your PC when you connect the infected drive to it. The infection is via a hidden Autorun.inf file.

Luckily, it’s fairly easy to get your browsers back to normal. Just follow the following steps.

  1. Right click the system tray and select the ‘Task Manager’ or just hit ‘Ctrl+Alt+Del’. Once the task manager is open, navigate to the ‘Processes’ tab.
  2. Under the ‘Image name’ column, look for all entries marked ‘svchost.exe’, which are running under your USERNAME ONLY (not system, local or anything else). Terminate these processes by hitting the ‘End Process’ button. Close the task manager.
  3. The next step is to delete the files itself. Open ‘My Computer’ and type ‘C:\heap41a’, then hit Enter. The folder will have the files ‘svchost.exe, script1.txt, standard.txt, reproduce.txt, and an audio file.’ Delete all the files in the folder and then delete the heap41a folder itself.
  4. Now we have to delete the registry entry as well. Go to ‘Start --> Run’ and type ‘regedit’. Once the registry opens, on the menu bar, go to ‘Edit --> Find’ and type ‘heap41a’. After searching, you should have some entries with ‘heap41a’ in them. Delete all these entries.
  5. Your PC is free of the worm.

However, you also need to get rid of the worm from the USB drive, lest it infect your computer again. Connect your drive to the computer’s USB port (disable the drive from auto playing) and delete all entries marked with ‘autorun’. They may sometimes be in a separate folder. Once these entries are gone, your USB drive is clean as well.

Summary
I dnt hate Mozilla but use IE or else…. Worm
Article Name
I dnt hate Mozilla but use IE or else…. Worm
Description
The guide provides information about a new Worm that users may encounter while using Windows. It includes removal instructions.
Author

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:

Comments

  1. Roman ShaRP said on December 5, 2007 at 4:18 pm
    Reply

    So monitor your system – there are plenty of AV and monitor products, many of them are free.

  2. Cheryl said on December 5, 2007 at 4:26 pm
    Reply

    Roman,

    I do monitor my system and thankfully have never had any problems. This was the first time something like this had happened to me.

  3. Roman ShaRP said on December 5, 2007 at 4:28 pm
    Reply

    What AV, monitor(s), firewall do you use?

  4. Rob said on December 5, 2007 at 5:08 pm
    Reply

    Marty,

    Maybe you got to rethink about your post the other day about the lack of need for an AV.

    I use AVG Free and seems to work better than Symantec and faster too.

  5. Martin said on December 5, 2007 at 8:09 pm
    Reply

    Rob that article was posted by Cheryl, not me ;)

  6. Steve said on December 5, 2007 at 8:40 pm
    Reply

    one slight cautionary addendum to your article, if like me you use the free Portable Apps Suite on any USB sticks be careful about deleting all instances of autorun, since Portable Apps Suite uses an autorun.inf this would in fact stop the suite from working the way it should.

  7. Rod said on December 6, 2007 at 6:35 am
    Reply

    I just disable the autorun for all drives. So no or little risk of accidentally getting infected. Then I just delete any unknown files on my USB device.

  8. Lorissa said on December 6, 2007 at 10:50 am
    Reply

    Martin – that article may have been posted by Cheryl, but it says:

    Why I decided to uninstall my Antivirus software
    Posted by Martin in Security

  9. Cheryl said on December 6, 2007 at 2:42 pm
    Reply

    I use AVG Free as my anti-virus software and its pretty effective. I also use Ad-aware.

    P.S.: I wasn’t responsible for the virus getting into my system in the first place. Someone else in my house had the privilege of doing it. However, I was the one to clean it up.

  10. Lorissa said on December 7, 2007 at 2:14 am
    Reply

    That’s a pretty weak excuse Cheryl. If it’s your system, then it’s your responsibility to make sure it’s safe and protected at all times.

  11. Dante said on December 7, 2007 at 2:54 am
    Reply

    It’s always “someone” else in the house. That’s why I set up Users, with restricted rights. And if they want more rights, they can buy and maintain their own machine.

  12. Cheryl said on December 7, 2007 at 6:09 pm
    Reply

    Just to clarify, its not ‘my’ machine. I’m pretty much a guest on it. When I have enough funds to buy my own computer, then I can do what I want. Oh, and the USB ‘picked’ up the virus from the local copy shop.

  13. krushna said on January 16, 2008 at 10:37 am
    Reply

    nece solution , Thanks man krushna

  14. Paranj K said on April 21, 2008 at 5:00 pm
    Reply

    Thanks a lot man. I love Mozilla

    “I HATE IE SO USE MOZILLA DOPE”

    MUHAHAHAHA

  15. Sam Guna said on June 11, 2008 at 5:58 pm
    Reply

    Thanks a lot for the clear cut instructions….now i am with MOZILLA again :-)

  16. Damin said on August 5, 2008 at 5:24 am
    Reply

    thank you, thank you, thank you. my firefox is free again thank you.

  17. Bel said on August 25, 2012 at 4:56 pm
    Reply

    Thank you!I from Brazil
    Congatulations

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.