Orkut is Banned!!!!!

Status
Not open for further replies.
piyushp_20

piyushp_20

Geekologist
Orkut is Banned!!!!! - Latest and the very Advanced version of W32.USBworm

hi guys
i am affected with a virus, which does not let me open orkut. whenever the virus finds the name orkut anywhere on the monitors screen the it displays a message:
"Orkut is banned, dont try to open it since it is restricted!!! --SAM--"

and also when i try to open task manager then it gives a message:
"--Sorry-- --SAM--"

it also disables my McAfee antivirus, which i have to re-enable it everytime i start my computer.

its other effects are as follows:

it does not let me view hidden system files.
when i try to delete the infected file then the "Access is Denied" message pops up.

Below image shows the infected file
*img403.imageshack.us/img403/8718/14309913eq9.png


and in the registry this key is automatically created even if i delete the key:
*img403.imageshack.us/img403/8326/63512516ow0.png

HOW DO I REMOVE THIS VIRUS
 
Last edited:
G

gigyaster

Journeyman
hey really a horrible problem man.
OMG!!! it also disables my McAfee antivirus!!!!

Don't worry techies will reply n solve ur prob.
 
ninad_mhatre85

ninad_mhatre85

Journeyman
hey same problem was their with my frnds PC ....
there is one service running check task manager for this and one file in created in ur windows installation directory it .exe file
kill the process first then remove the .exe file

i dont know the names of files/processes had encountered this problem long back ...

or search google for "Orkut is banned, dont try to open" u will get what u want
 
OP
piyushp_20

piyushp_20

Geekologist
but the problem is that the task manager is also not working, then how will i kill any of the process. is there any other way to do it.
 
siddes

siddes

Perpetual Fresh Stock
Download Process Explorer, available for free from Microsoft.

Check all the processes that are running. You'll easily be able to spot the suspicious one.

End it :)
 
Abhishek Dwivedi

Abhishek Dwivedi

TechFreakiez.com
bettr scan with AVG free antivirus under safemode...
try chking a solutin in the tutorial section of my site in the signature...
 
H

Hrithan2020

In the zone
Cant u enable task manager by editing the policy settings in the control panel?.Also the way to kill a process would be to make a .bat file with content:(Just make a new text file & when saving save as filename.bat after selecting option file type "all files')
Taskkill /im filename.exe /f

Then, i believe u can delete .exe and then run regedit & search for the system.exe occurence & delete all of them.
 
saROMan

saROMan

QA Juggler
well it can be "W32.USBWorm virus " but the Simptom you get are different ..

any ways try this

Open the run command and type C:\heap41a and press enter

IF it Opens a Folder then delete all the contents in the Folder ...

Search for heap41a in the registry by using the find command
You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt“. Just delete the entries by pressing the del key
Close the registry editor

To Get back the Task Manager ..follow this

Start > Run > GPedit.msc > Administrative templets > System > Ctrl+Alt+del

*i25.tinypic.com/357msf7.jpg

Double Click on Remove Task Manager In right Pane

Click Disable & Then Apply/OK ...

*i30.tinypic.com/34euty1.jpg

Hope it Helps
 
OP
piyushp_20

piyushp_20

Geekologist
saROMan said:
well it can be "W32.USBWorm virus " but the Simptom you get are different ..

any ways try this

Open the run command and type C:\heap41a and press enter

IF it Opens a Folder then delete all the contents in the Folder ...

Search for heap41a in the registry by using the find command
You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt“. Just delete the entries by pressing the del key
Close the registry editor

To Get back the Task Manager ..follow this

Start > Run > GPedit.msc > Administrative templets > System > Ctrl+Alt+del


Double Click on Remove Task Manager In right Pane

Click Disable & Then Apply/OK ...

Hope it Helps
Click to expand...

Sorry buddy, this is an old W32.USBWorm, my first guess was this virus only but the heap41a folder dosnt exist in the drive so this is different one.

Hrithan2020 said:
Cant u enable task manager by editing the policy settings in the control panel?.Also the way to kill a process would be to make a .bat file with content:(Just make a new text file & when saving save as filename.bat after selecting option file type "all files')
Taskkill /im filename.exe /f

Then, i believe u can delete .exe and then run regedit & search for the system.exe occurence & delete all of them.
Click to expand...

havnt tried this but the thing is that i dont know the exact process which is to be killed so i need to open the process tab in the task manager.

and yeah task manager is not disabled, it shows up but only for 2-3 seconds.

Guys got to know about some more problems

1) You cant unzip any winRAR or winzip (came to knw abt it when i was trying to extract the processexplorer.zp file.

2) you cant search nething on google, it simply says "Obscene sites banned" or something like that, i cant recall it.
 
Last edited:
dheeraj_kumar

dheeraj_kumar

Legen-wait for it-dary!
I suggest reinstall windows. 5 minutes for the starting setup and formatting drive, 25 mins for the install, 30 more mins for drivers, software etc. Why waste DAYS on a problem when you can fix it in an hour?

BTW: Just install everything and make a drive image. Easy for restoring :)
 
B

bose.subhasis

Broken In
sarincv said:
Install NOD32 Antivirus and scan the PC before doing any formatting .....It will work
Click to expand...

me also gonna suggest this one. even the free 30 day trial version of NOD32 2.70.39 will solve ur problem surely. me also faced the same problem in a cafe in my locality in kolkata. after installation run a full system scan with the "IN DEPTH ANALYSIS" option enabled. ur problem will be cured surely
 
OP
piyushp_20

piyushp_20

Geekologist
UUUUUUUUUUUHHHHHHHHHHHOOOOOOOOOOOOOOOOOO, Finally solved the problem, was vry easy. just deleting the virus in safe mode and then deleting some registry keys.
 
Status
Not open for further replies.
Top Bottom