Orkut, Youtube, Firefox “BANNED”

If you’re on Microsoft windows you will surely be complaining about this. Or at least some of you have this issue on your computer. Aha, see this error message.

Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? MUHAHAHA!!

You’re the victim of “Heap41a / win32.USBworm” worm, which preads via your USB drives and other removable storage devices. The spyware tool “Ad-Aware” does remove this worm. If you want to remove it manually find the solution in this post.

Here are the steps to remove the worm from your system:

1. Open “Task Manager” and goto “Processes” tab.

2. Look for services with name “svchost.exe“. There will be many services with the same name. Most of them will have “SYSTEM“, “LOCAL SERVICE” OR “NETWORK SERVICE” as User Name but you have to look for “svchost.exe” service which has your currently logged in username as User Name.

3. You’ll get approx. 2 services with the name “svchost.exe” which has your Windows username. End Task them by pressing key or by selecting them and clicking on “End Process” button. It’ll confirm the action, accept it.

4. Now open “regedit” from RUN and goto following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Policies\Explorer\Run

And look for a key in right-side pane with the name “Winlogon” which will have “heap41a\svchost.exe” in its value field. If you find this key, delete it.

5. Now goto following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\explorer\Advanced\Folder\Hidden\SHOWALL

And in right-side pane, change value of “CheckedValue” to 1

6. Now enable “Show Hidden Files/Folders” option in “Tools -> Folder Options” in My Computer.

7. Right-click on Start button and select “Open“. Now open “Programs” folder, here you’ll see a folder “Startup“. Open it and if you get a hidden file there, delete it. If its not there, then close it.

8. At last open “My Computer” and open C: drive. Disable “Hide Protected System files” option in “Tools -> Folder Options“. You’ll see a folder “heap41a” in C: drive. Delete it.

Note : Use Linux and breath easily always!!!