JohnDas FunDas & Ideas

I had this problem. In Tools> Folder options > View - hidden files and folders

The

Show hidden files and folders not working - after virus attack (heap41a svchost.exe)

This is how you get the settings back to normal.

First take

Start > Run >

Type regedit in the Run box and click OK

The Registry editor opens up (See the image below)

Follow the steps in the animation below to get back the folder options to normal to see hidden files.

Browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Change the value of CheckedValue from 0 to 1

Cleaning the pen drive right click options :

Browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\

CurrentVersion\Explorer\MountPoints2

Delete all the long keys ( which look like  {DGF53-353b3gg3-353523-3g523g}  ) there.

Still having problems with this “Orkut is banned” virus ” ??

First make sure that the virus is completely removed from the computer.

How to remove “Use Internet Explorer you dope, I dnt hate Mozilla but use IE`r OR ELSE…” svchost.exe heap41a virus
http://www.fundazone.com/2007/06/how-to-remove-use-internet-explorer-you-dope-i-dnt-hate-mozilla-but-use-ier-or-else-svchostexe-heap41a-virus/

Then go to :

Start >Run >
Type regedit

Browse to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\

CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Change the value of CheckedValue from 0 to 1

Take My Computer > Tools > Folder Options

Change the setting to show hidden files and folders

Apply and check again.

If it doesn’t work, there is another setting in the registry maybe in HKEY_USERS or HKEY_CURRENT_CONFIG or even HKEY_CURRENT_USER which overrides this setting.
I’ll try to find out where it is (I came across such a problem earlier and I found that key by luck) The key is in a similar place like this \Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

only that the beginning is different.

I’ll post it here when I find it. If anybody knows where it is, please do reply http://www.fundazone.com/2007/09/show-hidden-files-and-folders-not-working-after-virus-attack-heap41a-svchostexe/#comment-146

It’s a relatively new virus, so most antivirus softwares are not able to detect and delete it.

To remove the virus completely, first you have to end the process svchost.exe belonging to the current user (i think you were able to do that and it worked). But then, the virus files are still hidden in your computer in two places.
In C:\heap41a and in temporary folder.

A trick to get to these folders :

Start > Run
Type C:\heap41a . Click OK
Now, you should be able to see and delete the virus files

Second location (temporary files)
Start > Run
Type %temp% . Click OK
Here, you see the virus files it used to enter the computer.

I just clicked the firefox shortcut on my desktop like I do any other day, when suddenly, a message box appears :

“USE INTERNET EXPLORER YOU DOPE,I DNT HATE MOZILLA BUT USE IE `r OR ELSE…”

Another virus which wants to waste my time. I didn’t think hackers would write a virus to attack firefox. Anyway, I used Internet Explorer (IE means Internet Explorer) and typed in www.orkut.com

Yet another message “ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did??`r`r MUHAHAHA!!”

What about www.youtube.com ? That is banned too !!!

It’s just a worm, a virus or a trojan or whatever malicious hacker or craker program or script it is. Wrtitten is VBScript programming labguage by a crazy rascal who deserves to rot in his/her grave for disabling Firefox of all softwares !

How to remove the Orkut and Firefox and Youtube banning virus ?

Simple.

• First press Control-Alt-Delete (Ctrl-Alt-Del is called the three finger exercise in Windows)

• There Click Processes , then click User Name to arrange according to users.

• Now, look for svchost.exe run by User name “user” or “admin” or “your computer name” There will be two of them. Right click and end both the svchost.exe processes where the User Name is NOT “SYSTEM” or “NETWORK SERVICE” or “LOCAL SERVICE” Only where the user name is “USER” or “ADMIN” or “ADMINISTRATOR” or “your name”
• Next Click Start > Run > Type cmd in the box and press enter (Just get the Command Prompt of DOS - C:\windows\system32\cmd.exe)
• There in the black Command Line, type “ cd \ ” and press Enter
• It has to change to C:\>
• Next, type attrib -s -r -h heap41a /s /d and press Enter
• Then Open C: on My computer and delete the folder heap41a ie C:\heap41a
• Then remove C:\heap41a\svchost.exe shortcut from C:\Documents and Settings\USER\Start Menu\Programs\Startup (Or Start > All Programs >Startup)
• That’s all
• Then clean the pen drive

Cleaning the pen drive :

• First make sure that the computer is clean (all viruses have been removed)
• Plug in the pen driv, but make sure YOU DON’T DOUBLE CLICK on the pen drive icon in My Computer
• Open My Computer . Right Click on the pen drive.
• Click Search from the menu that appears ( Auto, Autoplay, Open (O), all belong to the virus and clicking any of them will infect the computer with the virus again.
• In Search All files and folders
• Type  ” *.exe ” (without the ” “) in the first box (all or part of the filename)
• Click More advanced options justabove the search button
• Tick Search hidden files and folders
• Click Search button
• In the files that come in the search results, look for files of the Type Application with the icon of a folder
• These .exe files are trying to disguise themselves as folders to fool you into clicking them, so the most probably are viruses !!!
• Delete them (make a backup copy if required) and check the pen drive again.