problem wid firefox n orkut

Status
Not open for further replies.
M

mind021

Broken In
heloo frnds..
i face a small problem..:(
actually whenever i try 2 open firefox 4 browsing it doesnt open..
i get a msg "I DO NOT HATE MOZILLA..BUT USE IE"
even when i try 2 open orkut in IE..it says
"U FOOL..ORKUT IS BLOCKED"
den another msg comes "DIS PROGRAM IS NOT WRITTEN BY ADMIN..GUESS WHO HAS DONE IT"

plz do help me finding me a soln:)

hey..isnt any1 here able 2 solve my problem??
 
Last edited:
Vishal Gupta

Vishal Gupta

Microsoft MVP
ur system is infected by virus/spyware. Download HijackThis from *www.hijackthis.de/ and scan ur computer with it. Then post the contents of log file here.
 
OP
M

mind021

Broken In
Vishal Gupta said:
ur system is infected by virus/spyware. Download HijackThis from *www.hijackthis.de/ and scan ur computer with it. Then post the contents of log file here.
Click to expand...


hey i hv already found d way 2 rectify it...
u just tell me d way how 2 block a process(from ctrl+alt+del) using registry editing or by any other way
i already tried using msconfig in "run" but is nt coming dere

spironox said:
virus problem/ some script running by some program or say some files
Click to expand...


yaa..whenever i start d comp i find a process named as svchost.exe wid username as dat of which i login in windows is dere..
if i end dis process den orkut n firefox both function properly
 
Last edited:
OP
M

mind021

Broken In
shivendrashukla said:
The virus must have blocked this also. Try it in safe mode.
Click to expand...


well i think its a bug..n it not blocked anything else..other dan firefox n orkut..dose also work if i end d process name svchost.exe wid username as dat of login name
i dont know how 2 block d process without use of msconfig...4om where i m nt able 2
also i dont know how 2 do registry editing
 
Garbage

Garbage

God of Mistakes...
mind021 said:
i dont know how 2 block d process without use of msconfig...4om where i m nt able 2
also i dont know how 2 do registry editing
Click to expand...

For editing services without using msconfig -
Go to Control Panel --> Administrative Tools --> Services
Click to expand...
 
zyberboy

zyberboy

dá ûnrêäl Kiñg
one of my friend got infected with the same virus...i suspect the source of this virus is from india,this virus can only transfers through usb storage.Its runs two scripts in memory both named as svhost.exe.The interesting part is some months ago not even a single antivrus was able to detect it . Yeah this virus is so simple but vry effective...and it also plays a sound file to make u scare
Hope by this time u may have rectified it, hav u? so i am not posting the method
 
spironox

spironox

Booting Nicotine!!
dear do one thing if u dont get the start up working well then use the msconfig

start->run->msconfig .... services (tick the hide microsft services) and see if there is any alien stuff there .. other wise just head to start up and disable all unknown programs ...

press apply

it will ask for restart --well do it

and see if the problem is still there or not (trial and error basis works well with Msconfig well so its time to tweak)
 
OP
M

mind021

Broken In
ax3 said:
last option ........ da a CLEAN FORMAT of C drive ............

will definately solve ur problem ........ & henceforth bware of files u download from unknown sites or users .........
Click to expand...

well...it didnt solve d problem
 
RCuber

RCuber

The Mighty Unkel!!!
Staff member
*us.mcafee.com/virusInfo/default.asp?id=description&virus_k=142280

*www.sophos.com/virusinfo/analyses/w32ahkheapa.html
 
F

fannedman

Guest
REALLY SORRY MAN, that was my handiwork :D :D
DONT DO ANYTHING CRAZY LIKE FORMATTING YOUR DRIVE

I blocked mozilla coz i couldnt read the edit fields in it through autohotkey, so forced the user to use ie or opera only.

If its not detected by the antivirus
Run the task manager,in processes tab you'll see two processes svchost.exe running under your user name, end them.
then go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
delete winlogon key

you better leave the status key, coz i made the virus first check this key, if present it'll not install

then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
here set the checked value to 1

AND IF you are not administrator, the virus couldnt access the registry, so i created startup shortcuts in startmenu. you'll see an invisible icon in the startup menu of start menu, delete it

DO ALL THIS AFTER YOU END THE TWO PROCESSES otherwise they'll be RESTORED every 10 seconds

After all this go to folder options uncheck hide protected files
you'll see C:\heap41a folder, delete it and you'll see microsoftpowerpoint.exe in your pen drives along with autorun.inf , delete them

AND please tell me where you found this, bangalore right :D
sorry for what i have caused, had no idea
 
Last edited by a moderator:
zyberboy

zyberboy

dá ûnrêäl Kiñg
^^^^^^^
OMG!!!! :shock::shock: :shock: you r the creator of that virus!!, hey one of my friend got infected in june here in kerala,he called me and finally i was able to delete the virus, it is now everywhere here ,ur virus is now competing with other virus like boot.exe in cyber cafes here....lolz,i dont believe this man r u the real guy?? where did u got tat laughing mp3. My friends little brother got frightened hearing that.
Do u know that virus is spreading into other countries becoz no Antivirus was able to detect that virus wen it was first found,His computer was running avast which failed to detect it then i terminated svhost.exe to get rid of it,then i copied the files and scanned with every AV's like kasperksy,Avira but none was able to detect it(i know this is due to "autohotkey" which is a known script maker).
Its signatures is now being added in Av's (including kaspersky,nod32,avast etc).I read its source code its install script is long,what made u to write this virus just to ban orkut and YT??.How much time spend on this??,i guess u started its work in february isn't?.
Furstration for people,but i have to say amazing work,particularly how that "reproduce+offspring script works"
 
Last edited:
OP
M

mind021

Broken In
hey man its really a gr8 piece of work:p
as others hv specified it is not detected by any antivirus..
by d way i got d temporary soln d first day itself...n i m weak in registry editing:D so cant get d permanent soln..

but thnx 4 telling me it..

n yaa 1 more thing..in my comp i was not able 2 open any browser other dan IE..
how come u opened opera:eek:
n yaa..also svchost.exe didnt regenerate itself unltill i restarted d comp...so each i started d comp i had 2 end d process...n yaa..no unknown service i found in msconfig

n yaa..i wld surely try out d registry editing way 2day...hope u r correct:p
 
shri

shri

Always Fresh!
fannedman said:
REALLY SORRY MAN, that was my handiwork :D :D
Click to expand...

If you are really the creater of this orkut virus then I guess you would know this by now-You have caused a hell of a lot of problems to a heck of a lot of people.
You should have posted the solution to this a lot earlier.
 
F

fannedman

Guest
cyberboy_kerala said:
^^^^^^^
OMG!!!! :shock::shock: :shock: you r the creator of that virus!!, hey one of my friend got infected in june here in kerala,he called me and finally i was able to delete the virus, it is now everywhere here ,ur virus is now competing with other virus like boot.exe in cyber cafes here....lolz,i dont believe this man r u the real guy?? where did u got tat laughing mp3. My friends little brother got frightened hearing that.
Do u know that virus is spreading into other countries becoz no Antivirus was able to detect that virus wen it was first found,His computer was running avast which failed to detect it then i terminated svhost.exe to get rid of it,then i copied the files and scanned with every AV's like kasperksy,Avira but none was able to detect it(i know this is due to "autohotkey" which is a known script maker).
Its signatures is now being added in Av's (including kaspersky,nod32,avast etc).I read its source code its install script is long,what made u to write this virus just to ban orkut and YT??.How much time spend on this??,i guess u started its work in february isn't?.
Furstration for people,but i have to say amazing work,particularly how that "reproduce+offspring script works"
Click to expand...

WTH! kerala!!! man its spreading because many antiviruses didnt have its signature.

one more caveat , its a simple winrar sfx archive, i used resource hacker to extract the folder and invisible icon from shell32.dll

And the laughter sound is from mortal kombat 4 setup:D

and comon dude it cannot be spreading to other countries, unless you take there an infected pen drive from here

There was some misunderstanding between me and our college admin about the usage of orkut,its a long story, so in retribution i created this mess, i just didnt know it will blow up like this!!
 
zyberboy

zyberboy

dá ûnrêäl Kiñg
fannedman said:
and comon dude it cannot be spreading to other countries, unless you take there an infected pen drive from here
Click to expand...
Somewhere i read tat it is being shared in P2P,i think i read this in some blog or something.

Autohotkey guys r angry with you..lol, their reputation is taken a hit becoz ter r some virus in wild written with it, Now Anti virus are detecting useful autohotkey script as virus. what do u think?.
 
F

fannedman

Guest
cyberboy_kerala said:
Somewhere i read tat it is being shared in P2P,i think i read this in some blog or something.

Autohotkey guys r angry with you..lol, their reputation is taken a hit becoz ter r some virus in wild written with it, Now Anti virus are detecting useful autohotkey script as virus. what do u think?.
Click to expand...

Yeah i know, i feel sorry for that. But i think the exe is excluded from detection, only install.txt and autorun.inf are detected
 
Status
Not open for further replies.
Top Bottom