![]() However, you also need to get rid of the worm from the USB drive, lest it infect your computer again. After searching, you should have some entries with ‘heap41a’ in them. ![]() ![]() ![]() Once the registry opens, on the menu bar, go to ‘Edit -> Find’ and type ‘heap41a’. Go to ‘Start -> Run’ and type ‘regedit’. Now we have to delete the registry entry as well.The folder will have the files ‘svchost.exe, script1.txt, standard.txt, reproduce.txt, and an audio file.’ Delete all the files in the folder and then delete the heap41a folder itself. Open ‘My Computer’ and type ‘C:\heap41a’, then hit Enter. The next step is to delete the files itself.Terminate these processes by hitting the ‘End Process’ button. Under the ‘Image name’ column, look for all entries marked ‘ svchost.exe’, which are running under your USERNAME ONLY (not system, local or anything else).Once the task manager is open, navigate to the ‘Processes’ tab. Right click the system tray and select the ‘Task Manager’ or just hit ‘Ctrl Alt Del’.Luckily, it’s fairly easy to get your browsers back to normal. The infection is via a hidden Autorun.inf file. This worm copies itself to removable drives as Microsoft Power Point.exe and will infect your PC when you connect the infected drive to it. These messages are courtesy of the W32.USB worm.
0 Comments
Leave a Reply. |