Wednesday, October 3, 2007

Heap41a - The irritating trojan - steps to remove

Many of you will be suffering from this trojan..

Symptoms : 1. Mozilla Firefox cannot be opened. If you try to open, a dialog box appears with the following message: "I dont hate mozilla..but use IE you dope"

2. Orkut, Youtube cannot be opened. If you try, it will show a dialog with the following message : "Orkut/Youtube has been blocked. Guess who did it"

Along with these dialog boxes, a lauging sound will also be played in the background.

These are the common traits of the trojan. Some variations are:

1. The option to hide files and folders will be disabled. 2. Opening Firefox may lead to system restart.

These are all caused by the files in the folder C:/heap41a
It runs a process scvhost.exe

Mode of transfer : This trojan was massively transferred through USB devices.

Steps to remove:

To delete the files, start your system in safe mode(press F8 while your system is booting up). After logging in, take start->run->c:/heap41a

Replace 'C' with the name of the drive where Windows is installed.

It will open a window. Delete all the files. Go to recycle bin and empty all.

For changing the hidden option, you can do it in regedit.

On the right side, you can see many files. Double click the checkedvalue and change its value to

1. Double click the DefaultValue and change it to 2.
Exit from Registry Editor.

Usually, these steps will remove the trojan from your system. Remember that the heap41a folder will be still there. But it wont cause any problem. If you come across any problems while removing the trojan or if you come across an different variant, please let me know.

