its really awesome worm…took almost 2 hours for me to figure out, somehow using advanced search i got the location of microsoftpowerpoint.exe i deleted the folder but still i was getting the same error. I was able to see all the hidden folders but not the heap41a,i was going mad…and then thought lemme try with command prompt, and banggg….i found the folder in c:\, i deleted all the files and then deleted the folder and here i am happily got into orkut.

one suggestion, when u guyz use the thumb drive dont have an autorun option.

Thanks pals, and thanks Jeba u rock.

Regards,
Ashoka BL
Bangalore

Surabaya in my birthday
Don’t kill me, i’m just send message from your computer
Terima kasih telah menemaniku walaupun hanya sesaat, tapi bagiku sangat berarti
Maafkan jika kebahagiaan yang kuminta adalah teman sepanjang hidupku
Seharusnya aku mengerti bahwa keberadaanku bukanlah disisimu, hanyalah lamunan dalam sesal
Untuk kekasih yang tak kan pernah kumiliki 3r1k1m0

Virus.Win32.Hidrag.a

Yesterday one of my friends called me up and told me that he cannot open any of the files in his Pen drive and was getting a message something related to ’system.exe’,

Firstly I thought there could be some bad sectors in his drive so I told him to bring his drive to my home so that I could check it out.

When I inserted the drive into my laptop, the message popped up in my system also, I cant recall the message but I can tell u that it was for the file ’system.exe’ and below it there were two buttons ‘yes’ and ‘no’, accidently I clicked the yes button and then my system restarted.

On the restart I came to know that my antivirus was disabled, then I tried to open the task manager but it also appeared for only 2-3 seconds. Then I came to know that my system is affected with a virus and my first guess was W32.USBWorm.

Ok I wont go into the details now and will tell u the virus symptoms and how to remove it.

Symptoms:

1) The Task manager shows up for 2-3 sec and then the message comes “—SORRY— –SAM–”.

2) When u try to access orkut then the message “Orkut is banned, don’t try to open it since it is restricted!!!” is displayed.

3) You cannot search anything related to the virus as the message “Obscene sites banned” or something like that is displayed.

4) You cannot unzip or extract any zipped files.

5) Most important one is that it also disables any antivirus.

6) You wont be able to open 80% of your software, there would be some or the other error.

Actually I could find out only these symptoms, there could be more of them.

Removal Instructions:

1) Restart the computer in Safe Mode by pressing F8 key during the restart and then selecting Safe Mode from the list.

2) Open the drive in which Windows is installed, in most cases it is “C:”.

3) Go to Tools > Folder Options > View, search for the Radio button “Show hidden Files and Folders”, check it. Just below it there is a check box “Hide Protected Operating System Files”, uncheck it.

4) Now in the ‘C:’ drive you will see a folder named “Config”, simply delete that folder.

5) Now Open the registry editor by typing ‘regedit’ in the run dialog box.

6) Go to the following Key :

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run], delete the key whose path is something like this “C:\config\system.exe”

And another edit, just do the above action with the below mentioned key also

[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies]

7) Restart the computer and you are done.

bless you