Samaw.com

This Virus infects Firefox, it says, “I DNT Hate Mozilla but use IE Or else…” This is annoying…

You will get the following pop-up error while trying to open your Firefox browser :

Use Internet Explorer You Dope

I DNT HATE MOZILLA BUT USE IE OR ELSE…

Some miscreants on the web have created this worm, it comes through pen-drives. You may not be able to access Orkut and Youtube as well.

What happened to my system?

• It creates a folder with name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.
• The running process that is responsible for this is svchost.exe and it will be spawned under user name.
• It will make an entry into registry so that it will be started automatically every time the system gets rebooted. (thanks to Harshaonline)

Warning: Most of the Anti-virus softwares, even the latest versions do not detect this worm. Just follow the following simple steps and start enjoying your favorite browser.

How to remove this virus:

Step 1: Press CTRL+ALT+DEL (Task Manager Opens up) and go to the processes tab
Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
Press DEL to kill these files. It will give you a warning, Press Yes
Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!

Step 2: Now open My Computer
In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
Delete all the files here

Step 3: Now go to Start –> Run and type Regedit
Go to the menu Edit –> Find
Type “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”
Select that and Press DEL. It will ask “Are you sure you wanna delete this value”, click Yes. Now close the registry editor.

Now the virus is gone.

Step 4: Over to Pendrive:
But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive. (thanks to Savita at Mozillazine)

That’s it folks!