नेपालको सम

Wednesday, August 15, 2007

Beware of this deadly Computer Virus E-mail

यस लेखलाई मैले नेपालि मा लेखन्नी प्रयासत गरेको हु तरपनी धेरै कुरको शाब्दिक अर्थ मलाई थाभएन त्यसैले यस्लाई ईंग्लिश मा लेखन्न वाधे भए!





Ankit Patni
He doesn't like ORKUT OR YOUTUBE
He may stop you if you are browsing these sites.






Most of the people may get shock reading this line and of course they should. Yes, its 100% true that he is watching you when you are using ORKUT or YOUTUBE. He is keeping a watch on your browsers that which are the sites that you are browsing.
I know what you might be thinking… 'Who is he? Why he is watching me? Why he doesn't like ORKUT or YOUTUBE? Is he a phantom?'





Well my friends its nothing like that. He is not a human or a phantom, he is a new virus which is staying in our own computer and watching us while we are using our computer. His name is W32.USBWorm also popularly known as HEAP41A. It is a new virus which spreads in global market very fast. But don't worry it won't harm you. But a person who can't live without ORKUT or YOUTUBE, its really a devil for them.





Well now let me explain you what this virus will do। It is a new kind of virus or you can also call as a Trojan. It normally stops you to browse ORKUT or YOUTUBE. While this virus is there in your PC you can browse all other websites apart of some social relationships sites. I don't know exactly how many such websites you can't open due to this virus, if it is there in your computer.





This spreads through USB drives. Along with FIREFOX web browser, it also prevents you from opening ORKUT and YOUTUBE. It gives the alert " ORKUT\YOUTUBE is banned you fool" and closes the window immediately. For FIREFOX, it gives the alert " use IE you dope" and closes the FIREFOX window. It also plays a .wav file (which sounds as "muhahaha!!) Whenever the alerts pop-up.



It really sounds interesting for me to know why this kind of virus is required which is stopping you for only particular operations। Its more in personal basis. May be the person who developed this virus didn't like MOZILLA and ORKUT, This virus really drew my attention when I observed about that it does not affect any of my important data. But only big thing about this virus is that it keeps watching all my movements. It also observes the sites that I want to open. This is directly intrusion of my privacy, which I really don't want.



When I saw this virus first in my laptop, I thought may be my company's IT department doesn't allow opening these kind of sites। But when I asked couple of my friends in my company about this, they said they are able to open such kind of sites. It was then that I started searching in my laptop for the bug. After wasting some couple of hours' time I could finally locate this virus in my laptop. Another interesting thing about this virus was whenever I wanted to see my hidden files and folder this virus disabled this option. Due to this I actually couldn't locate it on my laptop. It was not allowing me to see hidden files and folders. But this poor guy doesn't know that, if someone has good hand on DOS, its location can be found out! So, using my knowledge of DOS, I could locate and delete all the files which were associated with this virus.



Friends if you are also facing the same kind of problem in your PC / laptop don't worry, situation in under control। Just look into your all Drives to locate a folder called HEAP41A. If found, try deleting this folder. But mostly you shall face difficulty removing this folder. So other way out is, you may remove all files and folders in this HEAP41A folder. Then just try browsing ORKUT or using MOZILLA web browser. Now you will be able to browse whatever sites you want to.




Bust still your 50% problem remaining। Now you need to have the facility to see hidden files & folders too! If yes, then you need to take some more steps. But while you are taking these steps be careful, because one mistake can put you in trouble. Now you need to go for windows registry editing to see your hidden files and folders.




The steps are as follows – Removing Auto start Entry from the Registry



  1. Open Registry Editor। Click Start>Run, type REGEDIT, then press Enter.


  2. In the left panel, double-click the following:


  3. HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Policies>Explorer>रन


  4. In the right panel, locate and delete the entry:


  5. winlogon = "%System Root%\heap41a\svchost.exe %System Root%\heap41a\std.txt"


  6. Deleting/Restoring Other Registry Entries


  7. Still in the Registry Editor, in the left panel, double-click the following:


  8. HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Policies>Explorer>रन


  9. In the right panel, locate and delete the entry:


  10. status = "present"


  11. In the left panel, double-click the following:


  12. HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>Advanced\Folder>Hidden>SHOWALL


  13. In the right panel, locate the entry:


  14. checkedvalue = "0"


  15. Right-click on the value name and choose Modify. Change the value data of this entry to: "1"


  16. Close Registry Editor

I hope this virus has been taken care off and your computer is back to normal. Now you may go through your hidden files & folders.


But be careful। It is not that your computer is protected from this virus for ever. You may get this virus again. So my suggestion is, before using any other USB stick in your computer, do go for virus check and also keep updated your Antivirus software. So, 'best of luck' and 'happy browsing.'

चौतारि आशिष

Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)