Removal of W32 USB worm

posted under Virus by Prince Mathew

Removal of W32 USB worm

“Orkut is banned you fool,The administrators didnt writs this program guess who did?? MUHAHAHA!!”

This error message is the aftereffect of a virus affection. The name of that virus is W32.USBWorm or Heap41a. This virus is spreads automatically to other computers by sending itself out by email or through Pen,USB,Thump disk. A program that propagates itself by attacking other machines and copying itself to the affected machine. Worms have self-replicating code that travels from machine to machine by various means. A worms first objective is merely propagation. Worms can be destructive depending on what payload they have been given. Worms may replace files, but do not insert themselves into files.

There are two ways to remove this virus; by manual and by software.

Properties of This Virus:

Autostarts/Stays Resident
No EULA present
No standard Uninstaller
Non-closeable ads
Stealth Tactics

Take a look at the funny error messages:

Orkut virus manual removal

Open the Task Manager by pressing Ctrl + Alt + Del and go to processes tab.
Locate svchost.exe under the image name. There will be many processes by that name but look for the ones which have your username under the username.
Just kill these processes by pressing Del key or right click and click end process .Only kill those which have your username under the username and leave the rest.
Open windows explorer and type "C:\heap41a" in the address bar and hit enter.
This is a hidden folder. Delete all the contents of this folder.
Open the registry. Search for heap41a in the registry by using the find command.
You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt“. Just delete the entries by pressing the del key.
Close the registry editor. Now the virus will be gone. ☺

Orkut virus removal tools

Mr. Sarath Lakshman from Kerala has created a fix to easily and automatically remove W32.USBWorm worm. Just download the fix from the link below, extract the archive and run Worm-fix.exe. Click the big Remove button and it’ll do its job.