IE OR**t virus/trojan issue!!!Plz Help!!

mh09ad5578

mh09ad5578

the aRchiTect!
Adept
hello frens need help!!!
whenever i try to run firefox in any form i get this message and the firefox window closes-even install/uninstall wont work!!!!!:mad: -
USE INTERNET EXPLORER U DOPE X
I DNT HATE MOZILLA BUTUSE IE
OR ELSE.....

and any folder with file names or reference to OR*** the social networking website closes immediately and i get a message Ork** IS BANNED
ORK** IS BANNED U FOOL, THE ADMINISTRATOR DIDNT WRITE THIS PROGRAM GUESS WHO DID???
MUHAHA!!!!

...guess some pschyo/ sadist wrote the virus!!!!!!:mad: , i have installed AVG antivirus and Spybot Search and distroy, but nothings showing up in the search....the antivirus is updated daily.think u guys could help???:( help aprreciated!!!!!
 
have attached the pop ups!!!!!
 

Attachments

  • Virus Message.jpg
    Virus Message.jpg
    65.5 KB · Views: 84
  • Virus Mssages 2.jpg
    Virus Mssages 2.jpg
    258.3 KB · Views: 74
thanx buddy!!!for the quick reply!!!!! but the virus is closing the window as soon as i click on the link provided by you!!!!!!:huh: wht do i do now??????:(
 
yeah even my friends PC has been hacked by a similar virus

every time he tries opening a secure site in IE..

he gets the following message:

hacked by godzilla....
Click to expand...

no secure pages are opening.

i suggested him a format and fresh windows installation as the best option..

instead...of goin crazy trying to remove it..and u never know if any of ur personal info is being traced..

i think u should go for a format and reinstall u r windows.

and dont forget to backup all u r data from the system drive to a external source or a non windows partition..
 
Instructions from the site:

About the virus :

The name of the virus is W32/AHKHeap , It basically creates a folder with the name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.The running process that is responsible for this is svchost.exe and it will be spawned under user name.The virus will even make a entry into your registry so that it can run every time the system is started . This spreads mostly through pen drives .

How to get Rid of this :

Most of the antivirus leave this virus unnoticed . I personally tried 3-4 antivirus on this . None of them detected it. So you have to remove it manually .

*

Go to your task manager by pressing ctrl + alt + del .In that go to processes tab .

*

In that look for svchost.exe . You might find more than one of them . In that look for those who have user name as your login name of computer and end those processes .

*

Now open My ComputerIn the address bar, type C:\heap41a and hit enter. It is a hidden folder, and is not visible by default.Delete all the files in this folder .

*

Now go to Start –> Run and type Regedit , Go to the menu Edit –> FindType “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”Select that and Press DEL. It will ask “Are you sure you want to delete this value”, click Yes. Now close the registry editor and you are done .

Precaution :

Before inserting any kinda pen drive in your pc , just delte the autorun.inf file in it and delete any .exe files that exist in it .
Click to expand...
 
faheem_m said:
yeah even my friends PC has been hacked by a similar virus
every time he tries opening a secure site in IE..

he gets the following message:

no secure pages are opening.
i suggested him a format and fresh windows installation as the best option..
instead...of goin crazy trying to remove it..and u never know if any of ur personal info is being traced..
i think u should go for a format and reinstall u r windows.
and dont forget to backup all u r data from the system drive to a external source or a non windows partition..
Click to expand...

How to remove the "Hacked by Godzilla" virus:
How to remove autoplay option from Right click menu of hard disk drive ? - Technova
 
6pack said:
How to remove the "Hacked by Godzilla" virus:
How to remove autoplay option from Right click menu of hard disk drive ? - Technova
Click to expand...

hey thanx pack!!!!!!!!for allthe help. the fireox probs got sorted out with solving the orkut probs!!!!!:clap: :clap: :clap: , everthing else is getting back to sanity!!!!!!:hap2: , as for your last post/link thts wonderful too coz, i have another machine-my work rig; which has the same autoplay infection, which i can set right now!!!!thanx a lots once again to 6pack, faheem_m and all the guys who pitched in!!!!!!!:D :D u hae made my day!!!!!!
 
pratik said:
download hijackthis...it will solve ur problem
Click to expand...

hey thanx pratik, bu the probs already solved!!!!!so guess wont need to check ou the solution, but thanx anyways for pitching in!!!!:) :)
 
even though after removing this heap virus ... the svchost.exe is still is prevalent .... gives out an error msg at start up itself ....
 
mh09ad5578 said:
hey thanx pratik, bu the probs already solved!!!!!so guess wont need to check ou the solution, but thanx anyways for pitching in!!!!:) :)
Click to expand...

Good to know its all back to normal :)

..could you share with us how you think you might have got this virus ?

would help others know what vectors were used.
 
blr_p said:
Good to know its all back to normal :)

..could you share with us how you think you might have got this virus ?

would help others know what vectors were used.
Click to expand...

cant exactly pin point :ashamed: :ashamed: !!!!!! but one of my assistants keeps poping mp3 discs into the the machine!!! and keeps copying stuff of them even after me instucting him not too.:mad: :mad: :mad: :mad: , guess thts where i got the infection!!! wht say????:rofl:
 
Possible, but the virus demanding you use IE makes me think it was via the net. Course whoever made those discs could have got it via the net too :)
 
Back
Top