Sep
2007
Caught a Virus(by hand), which blocks Mozilla, Orkut and YouTube
Today, from Fastech Systems, Valanchery, I caught a virus which blocks usage of Mozilla and display a message while Orkut or YouTube is opened and makes the window close automatically. The virus affects only windows and works by deceiving the users by the name svchost, which is a system process run by the network or system. Where as this virus program is run under user and can be found in the task manager.
Here are the messages which come when Mozilla is opened and when Orkut is typed in the address bar of Internet Explorer.
A similar message is displayed when YouTube is opened and a laughing sound is played with all the messages. Most of the antivirus programs were not able to find this virus(heard that the latest updated version of avast can heal it).
It can be easily removed manually.
First stop the two svchost processes from the processes tab, run by the user from the task manager. Don’t remove any other svchost processes as they are important for the system. While removing, a message will appear telling you its very important and all. Press “yes”. Now, you can use Mozilla, Orkut and YouTube. But, the virus is not removed completely. It ‘ll get reinstalled the next time when you restart the computer. To remove it completely, open “My Computer” and type “C:\heap41a\” and press enter. Now, you will be in “C:\heap41a\”, a hidden directory which cannot be accessed directly from windows explorer. Now delete all the files inside the directory. Then, type “regedit” in the “Run” option accessible from start menu or by pressing “windows + r” key combination. Find for “heap41a”. You will find some strings with the word “heap41a”. Delete them all. Use the shortcut key, “F3” to search for the next one. After deleting all, restart the computer. Now you can use Mozilla, access Orkut and YouTube.
———
Added on: 18-09-2007
Today, I heard that some people working in shops are in much angry with their boss as they couldn’t access Orkut from the computers. Every time they open Orkut, the browser get closed and a window saying “ORKUT IS BANNED” is coming. They thought that their boss blocked Orkut…! They don’t know that its just a crazy little VIRUS!
hicann’t asses C:\heap41a\ in my PC…
Make sure you are getting the same message as in the pictures above. Also, the folder is hidden by default and sometimes the virus inactivate the changes made in folder options to make it invisible. So, try typing “C:\heap41a\” in “Run” or in the address bar of windows explorer.
[…] http://www.bizzard.info/2007/09/15/caught-a-virusby-hand-which-blocks-mozilla-orkut-and-youtube/ a few seconds ago from api […]