heap41a
Heap41a is a worm/virus which constantly annoys you with messageboxes like
or
or
on trying to opening firefox, accessing youtube or orkut.
I had to go through a particularly annoying half day. Used hijackthis but didn't show any promising results then opted for rootkitrevealer from sysinternals. A full scan later, I realised I had a problem.
After deleting the folder, looked it up on Google to find a number of interesting hits. Some smart aleck from Bangalore (my guess) wrote up this code and had very shitty reasons for doing it. The following links are helpful, if you go through a particularly annoying day with this heap41a worm.
The following forum post from autohotkey.com was pretty helpful for me save the fact that I had to uncheck the system file checkbox on the properties dialog box <(you could always resort to attrib -r -s -h /s inside the heap41a directory if you are comfortable with dos) before I was allowed to delete the svchost.exe file.
Surprisingly AVG free edition 7.5.516 didn't find it complying with their warning that AVG free edition only protects against viruses and not against spam, trojans or malware. Guess free does not mean served on a platter :-(
A list of other links that were helpful...
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=142280
http://tec-updates.blogspot.com/2007/07/remove-heap41a-win32usbworm-worm.html
http://groups.google.com/group/mozilla.support.firefox/msg/12ba87e2b0e3b7a4
“I DNT HATE MOZILLA BUT USE IE OR ELSE…”
or
"Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!!"
or
"USE INTERNET EXPLORER U DOPE"
I had to go through a particularly annoying half day. Used hijackthis but didn't show any promising results then opted for rootkitrevealer from sysinternals. A full scan later, I realised I had a problem.
After deleting the folder, looked it up on Google to find a number of interesting hits. Some smart aleck from Bangalore (my guess) wrote up this code and had very shitty reasons for doing it. The following links are helpful, if you go through a particularly annoying day with this heap41a worm.
The following forum post from autohotkey.com was pretty helpful for me save the fact that I had to uncheck the system file checkbox on the properties dialog box <(you could always resort to attrib -r -s -h /s inside the heap41a directory if you are comfortable with dos) before I was allowed to delete the svchost.exe file.
Surprisingly AVG free edition 7.5.516 didn't find it complying with their warning that AVG free edition only protects against viruses and not against spam, trojans or malware. Guess free does not mean served on a platter :-(
A list of other links that were helpful...
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=142280
http://tec-updates.blogspot.com/2007/07/remove-heap41a-win32usbworm-worm.html
http://groups.google.com/group/mozilla.support.firefox/msg/12ba87e2b0e3b7a4
Comments
I wish you a good end of 2007 and a good year of 2008.