It was fun with a windows worm named Heap41a / win32.USBworm. I hadn’t been to M$ Windows for a couple of months. When I was surfing through web, I happended to hear about an interesting worm that affects orkut.com, Mozilla fireox and youtube.com . I responded to this piece of news as oh..poor handicapped M$ windows !.
After two or three days one of my friends, Sidharth rang me and told that he was affected by a virus. He explained its features. It blocks orkut.com, youtube.com and mozilla fireox. It gives the message :
“Orkut IS BANNED, orkut is banned you fool The administrators didnt write this program guess who did?? r r MUHAHAHA!! “
Even though I’m a M$ Windows hater, I thought of fixing it for him since I’m always interested in this sort of hacking. I went through the web and learned about the worm.
It spreads through USB pendrives and removable storage devices. I found that there wasn’t any free fixing tool avaliable for remove the worm. There were some manual removal instructions.
Lets see what this worm does
It runs a exe file which is name MicrosoftPowerpoint.exe which is located in the USB disk. The autorun.inf runs this file when double clicked. Once this program is run you are infected. It hides all your hidden folders, runs the process in the memory, makes the worm to start with windows and pops those annoying messages. This worm doesn’t destroy any system files. It just infects other USB drives and spreads to new hosts.
Non-avaliability of a free removal tool urged me to write one of my own.
Before I write a fix I wanted to make my machine infected of the worm. and hence i was in need for the worm. I instructed sidharth to make zipped copy of the worm and he mailed to me. Cheers !
Here is the fix for Orkut, Youtube, Fireox Blocker (Heap41a / win32.USBWorm)
This tool can be used to remove the Blocker worm as well as prevent the Worm further to get infected on the same machine.
Click here to download.
Usage Instructions:
1) Download the fix and run on infected machine.2) It will ask for a re login.3) After logging again run the fix again. The worm will be removed succesully.4) Log to www.sarathlakshman.info and comment here
UPDATE: Here is an update howto remove worm from pen drive.1. Remove the file autorun.inf2. Re-insert the pendrive.3. Format it
There is only a permanent method to avoid all sort of worms / viruses. -> Use Gnu/Linux operating system and rock your desktop !
No comments:
Post a Comment