Unusual Orkut Virus

[piyushp_20]

Hey guys,

i hv encountered with an unusual orkut virus i suppose, whenever i try to open orkut or even any folder named orkut, a dialog box appers saying ORKUT IS BANNED U FOOL
and in the next line it says,
"The administrator has not done it, then guess who did it??? HAHAHAH!!!".......... somewhat like this.
and even in the speakers i hear a laughing sound.

i even scanned the computer with latest virus definitions bt that also didnt helped. so can anyone out here help me out with this.

 

[astroutkarsh]

This i found on NET

Source : *my.opera.com/krishnan/blog/index.dml/tag/"Orkut is banned you fool

You may not find Entry in Registry mention in Point 11 below, but u will get one entry in URL value ( last accessed c:\heap41a)
Delete that


this program guess, "Orkut is banned you fool ...
w32.USB Worm
It is spreading through Pen,USB,Thump disk thats why the name

It shows messages like

"I DNT HATE MOZILLA BUT USE IE OR ELSE..."

"USE INTERNET EXPLORER U DOPE"

"Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!" with title ORKUT IS BANNED

To Remove

1. Press CTRL+ALT+DEL and go to the processes tab

2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username

3. Press DEL to kill these files. It will give you a warning, Press Yes

4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!

5. Now open My Computer

6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.

7. Delete all the files here

9. Now go to Start --> Run and type Regedit

10. Go to the menu Edit --> Find

11. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"

12. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes

13. Now close the registry editor.

Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.

Some reported that after this fix they were not able to see their Hidden folders and files if you have that issue try the folowing

1. Go to REGEDIT

2.[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

3. set the DWORD "NoFolderOptions" to 0 or just delete it..

Try the following links also

1. *www.freewebs.com/mgsujith/worm/remove.html

2. *www.jeba.in/posts/w32usbworm-lets-remove-this-worm-manually/

3. *mgharish.blogspot.com/2007/05/i-dnt-hate-mozilla-orkut-is-banned.html

 

[power_8383]

Re: Unusual Orkut Virus ^^^

Absolutely Right

 

[slugger]

the virus writer himeslf posted the solution on this very forum

*www.thinkdigit.com/forum/showpost.php?p=547769&postcount=15

 

[piyushp_20]

thanx a lot guys, i was really frustrated searching for the culprit files.