Wednesday, October 03, 2007

Hidden Files Not Shown

This is another problem associated with the w32.USBWorm seen in the previous post. Sometimes this problem occurs even independently, without any association to the mentioned virus. This is basically due to a wrong registry key value.

The following steps have to be taken so as to restore hidden files and folders.

  1. Go to Start > Run, then type Regedit
  2. Navigate to the registry folder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
  3. Find a key called ChekedValue
  4. Double click CheckedValue key and modify it to 1. This is to show all the hidden files

Now you should be able to view all the hidden files, and also to alter its status from folder options.

Removing Orkut Hater - w32.USBWorm

I don't hate Mozilla but use IE or else
Use Internet Explorer U Dope
Orkut is banned you fool, The administrators didn't write this program guess who did?? MUHAHAHA!!

These are not any statements to encourage the use of IE or defame Orkut, but the indications of a virus infected machine, yes Virus. This virus is basically a malware named as w32.USBWorm and spreads primarily through pen drives. Well on the brighter side, this virus is a decent one and does not affect any of your files or damage your system.

Now coming to its removal, unfortunately many of the anti-virus software today are not in a position to detect this virus. So it has to be removed manually, the following steps have to be followed for its removal,

  1. Press CTRL+ALT+DEL and go to processes tab
  2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
  3. Press DEL to kill these files. It will give you a warning, Press yes
  4. Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!
  5. Now open My Computer
  6. In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default
  7. Delete all files here
  8. Now go to Start --> Run and type Regedit
  9. Go to the menu Edit --> Find
  10. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
  11. Select that and Press DEL. It will ask "Are you sure you want to delete this value", click Yes
  12. Now close the registry editor

Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.