Ugly Virus attacked, please help me!!

[Gigacore]

I dont know what kind of virus is this, whenever i open, orkut, youtube and some other sites like that i get MUHAHAHA sounds funny... but its irritating me a lot... I CANT OPEN THOSE SITES

A long back i had a same kind of problem, but at that time i reinstalled OS, but now i dont wish to do it... please help..

ScreenShot

*farm2.static.flickr.com/1181/1302016347_ed7dbb7516_o.jpg

thanks in advance

 

[zyberboy]

I think this virus is everwhere

solution frm the virus writer,one of our forum member
*www.thinkdigit.com/forum/showpost.php?p=547769&postcount=15

 

[Gigacore]

^ Even that thread is not opening

 

[utsav]

^^hey that thread opened without any hassle

 

[zyberboy]

@Intel_Gigacore
use internet explorer or opera it will open.

 

[Gigacore]

I'm using Opera itself...... I tried it on safari, FF, and IE... none working

 

[zyberboy]

^^any message....
i think it may be due to some other problem or tyr this link
*www.thinkdigit.com/forum/showthread.php?p=547769#post547769

 

[Harvik780]

REALLY SORRY MAN, that was my handiwork
DONT DO ANYTHING CRAZY LIKE FORMATTING YOUR DRIVE

I blocked mozilla coz i couldnt read the edit fields in it through autohotkey, so forced the user to use ie or opera only.

If its not detected by the antivirus
Run the task manager,in processes tab you'll see two processes svchost.exe running under your user name, end them.
then go to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
delete winlogon key

you better leave the status key, coz i made the virus first check this key, if present it'll not install

then go to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
here set the checked value to 1

AND IF you are not administrator, the virus couldnt access the registry, so i created startup shortcuts in startmenu. you'll see an invisible icon in the startup menu of start menu, delete it

DO ALL THIS AFTER YOU END THE TWO PROCESSES otherwise they'll be RESTORED every 10 seconds

After all this go to folder options uncheck hide protected files
you'll see C:\heap41a folder, delete it and you'll see microsoftpowerpoint.exe in your pen drives along with autorun.inf , delete them

AND please tell me where you found this, bangalore right
sorry for what i have caused, had no idea

This will help

 

[Gigacore]

@ cyber boy, Same again, can u copy the text in that thread and make a notepad file and mail me?

@ Harvik780, thanks man... it worked

 

[praka123]

seems this virus is spreading all over!making indiAns proud

 

[Gigacore]

^. ya..... lol

 

[blackpearl]

How do you people manage to get viruses? What site did you visit? What did you download? I'm just curious.

 

[Gigacore]

^ i think... that virus came some where from digit forum ... coz one of the member here is a virus writer....

 

[blackpearl]

A virus writer here? who?

 

[RCuber]

@Gigacore: didnt you check my siggy?

 

[zyberboy]

^^lol

@blackpearl
this virus only propagate through usb drive and not many av detects it.

 

[Gigacore]

No charngk.....

@ cyberboy.... My avast didnt

 

[koolbluez]

did u clean it? gigiboy.. most of the av's wont detec it... it's local maan... but PCCillin japan site has somethin about it :O
The solution is as pointd out by Harvik... btw.. r u able to use Firefox? How r u readin this...


____________

oops. read the thread again.. seems u got rid of it

____________

btw.. the *farm2.static.flickr.com/1181/1302016347_ed7dbb7516_o.jpg reminded me of ~Lil JinX~

 

[Gigacore]

^ Everything is working perfect now

A good virus... can anyone give me that virus in zip file

 

[PRASADVM]

I Have A Trojan Downloader.????.??? ( Showing Different Names) How To Remove It.