0 comments

ORKUT VIRUS
The anoop keyword is the just a computer name which is given while installing the windows.
your computer name may be different & u may see different name instead of anoop.

ORKUT VIRUS

Firefox, i opened and with in couple of seconds a message box popped up which said ” “I DNT HATE MOZILLA BUT USE IE OR ELSE…” and the header read “USE INTERNET EXPLORER YOU DOPE.”

” ORKUT IS BANNED,Orkut is banned you fool`,

If you find this message “I DNT HATE MOZILLA BUT USE IE OR ELSE…” when you launch Firefox or this” ORKUT IS BANNED, Orkut is banned you fool`, The administrators didn’t write this program guess who did"

for that you need to follow the following complicated step

If Your task manager is working (ctrl+alt+del)

==>>Press Alt+Ctrl+Del. This will launch 'Task Manager' then click on Process tab to see all the running processes. Then you need to manually search for 'svchost.exe'

==>After finding the process, right click on the process and click 'End Process Tree', and then click on OK. This will kill the running virus on your system.

NOw if the Task manage doesn't working
then go through this (2nd method)

Basically the worm name is w32.USBWorm

I went through all the process and found out that svchost.exe was the one responsible for it. Where PE tools helped me was, svchost.exe was running from a location C:\heap41a . So this is where the worm resides, hmm interesting now deleting the folder(C:\heap41a) would do our task.

For better results boot ur win XP in safe mode.
(It's your choice)

Now I searched the folder C:\heap41b but it was hidden

I went to Tools>folder option and select Show all files and folders and pressed ok.
I refreshed the c:\ only to find that it won’t show any hidden folders.
I again went to the Tools>folder and found the setting of Show all files and folders was reseted.

It means that you can't see your hidden files.
So if one would not see the hidden files then how can delete that infected files.

Now to view Hidden files or to rectify this go to Start Menu>Run and type regedit . In the Registry Editor browse to this entry


You need to navigate to "HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ Folder\Hidden\SHOWALL, checkedvalue" And reset the “CheckedValue” key back to 1. This is to show all the hidden files.

Then navigate to
"HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run " and delete the "winlogon" key. --- This will stop the worm installing at the start up.


The step by step demo is given below
just click the image below if it does n't start by itself

just click the image below to see enlarge demo
Now you need to search for the worm which is located on your harddisk. For that you need to use the windows search and do the things which shown in the below gif image

juz click the image below to see the demo