Main menu:

«
»

Virus Alert: Use internet Explorer You Dope

This Virus infects Firefox, it says, “I DNT Hate Mozilla but use IE Or else…” This is annoying…

You will get the following pop-up error while trying to open your Firefox browser :

Virus (worm) that infects Firefox

Use Internet Explorer You Dope

I DNT HATE MOZILLA BUT USE IE OR ELSE…

Some miscreants on the web have created this worm, it comes through pen-drives. You may not be able to access Orkut and Youtube as well.

What happened to my system?

  • It creates a folder with name heap41a in C drive that will be disguised as system folder with hidden attributes enabled and copies all its contents in that heap41a folder.
  • The running process that is responsible for this is svchost.exe and it will be spawned under user name.
  • It will make an entry into registry so that it will be started automatically every time the system gets rebooted. (thanks to Harshaonline)

Warning: Most of the Anti-virus softwares, even the latest versions do not detect this worm. Just follow the following simple steps and start enjoying your favorite browser.

How to remove this virus:

Step 1: Press CTRL+ALT+DEL (Task Manager Opens up) and go to the processes tab
Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username
Press DEL to kill these files. It will give you a warning, Press Yes
Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!

Step 2: Now open My Computer
In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.
Delete all the files here

Step 3: Now go to Start –> Run and type Regedit
Go to the menu Edit –> Find
Type “heap41a” here and press enter. You will get something like this “[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt”
Select that and Press DEL. It will ask “Are you sure you wanna delete this value”, click Yes. Now close the registry editor.

Now the virus is gone.

Step 4: Over to Pendrive:
But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive. (thanks to Savita at Mozillazine)

That’s it folks!

Posted: June 10th, 2007 under Web Security Alerts.
Comments: 24

Comments

Comment from Raghuveer
Time: July 12, 2007, 10:37 am

Thanks a lot. I believe the effects of this virus are that your Mozzila does not open,neither does orkut or youtube. But ever since I had these problems I could not open my hidden folders as well, i.e, I could not change the setting of appearing all my Hidden Files and Folders.
Everytime I tried to check the “Show hidden files and folders” option, click Apply then OK. The hidden files and folders do not appear, instead the setting was always reset into “Do not show hidden files and folders”

Now after trying this procedure Mozzila, Orkut all work. But I still do not have my hidden folders appearing.

Does anybody face the same problem???

Comment from Beita Jr.
Time: July 15, 2007, 12:43 am

Hi Raghuveer, I do not have the exact problem. But I’ve found that some people too had the same problem like you and they have got help from someone at Techspot forum.

If your problem is still unsolved,Click here to see the post..

Kindly follow the instruction carefully…

Comment from VĂ­ctor
Time: July 31, 2007, 6:23 am

Thanks a lot, too. However, I am worried I could not find any autorun.inf or suspicious folder in my pen drive, but I think it’s infected and caused the infection of a friend’s computer. And this friend has also noted the same Raghuveer’s problem at another computer.

Comment from Beita Jr.
Time: July 31, 2007, 10:43 am

Hi Victor, if you browse your Pen Drive, you will not be able to see any autorun.inf file; the simple reason is that it is actually hidden.. it is not visible… If you have any important files and folders, copy and save somewhere… and select all the files and delete all… the best way to do would be, of course, FORMATTING the pen drive itself..

Comment from Arul.KJ
Time: August 18, 2007, 9:12 pm

The contents and registry have been dealt with, any ideas on how to get rid of the folder itself. I’ve tried DOS commands, other apps, nothing..

Comment from Beita Jr.
Time: August 19, 2007, 12:49 am

Hi Arul, which folder are you talking about? Do you mean the Pendrive where the exe. file resides? That can be done by select all the contents of the drive and delete all… if this is not possible, just format the pendrive itself.. that will help..

Comment from Debal
Time: September 7, 2007, 1:17 pm

The most useful and clear instruction for an immediate solution to the problem. Thanks, friends. I have bookmarked your site.

Comment from Mujtaba
Time: September 9, 2007, 5:31 pm

You ROCK! Shame on the arse who made this virus

Comment from car313
Time: October 3, 2007, 8:43 am

There is no user name under for any of the svchost.exe. I tried choosing columns but i could not see any user name at all.
any help?

Comment from Beita Jr.
Time: October 5, 2007, 4:54 am

Hi car313,

If there is no svchost.exe under your username, go try the next steps and let us know again. Thanks.

Comment from gupi
Time: January 2, 2008, 7:26 pm

thank a lot for the fix on this u dope virus. i tried the fix and it worked. only in step 2, when i type in c:\heap41a” nothing appears.
i am able to strt browsing again after step 3, but the virus again reappears after i restart the computer. what do i do to completely eradicate it???? need help here, please

Comment from Beita Jr.
Time: January 3, 2008, 4:56 am

Hi Gupi, you must FORMAT your pendrive because the virus resides there. And also install any anti-virus software. If you have not done so, avast.com or grisoft.com are the free options available. All the best.

Comment from mohan
Time: February 1, 2008, 9:25 pm

Thanks a lot…article was of great help…..

Comment from shashi
Time: January 12, 2009, 3:45 pm

thanks but we r not able to del full connte in folder

Comment from Beita Jr.
Time: January 12, 2009, 5:07 pm

Hi Shashi, your question is already answered. Kindly read the post and the comments carefully. Good luck.

Comment from David
Time: January 21, 2009, 11:04 am

on my school the computer GCIS-11 Had this

Comment from Teresa
Time: January 26, 2009, 6:40 pm

i did step 1 but i couldn’t delete one folder. it’s the auto hotkey thing. the virus still appears. what should i do?

Comment from Beita Jr.
Time: January 26, 2009, 10:08 pm

@Teresa, kindly follow the next steps and also kindly read the comments. Your problems are already answered. All the best.

Comment from Olsen
Time: January 28, 2009, 2:06 pm

Hi, i have to say that your way is much clearer than some long winded fellows, thanks alot for that!

Comment from Faizan Ahmed
Time: March 18, 2009, 2:22 pm

Dear i m also having a problem in my system when i try to open internet explorer it shows the working glass and after some time the curser is going to the normal condition and the nothing appear but when i go to the task manager and see the system process here it shows the iexplorer.exe is running.i also having a same problem could u plz assest me and i also try to system scan but nothing found plz help me

Regards
Faizan

Comment from Beita Jr.
Time: March 19, 2009, 5:04 am

Hi Faizan, kindly read the post and the subsequent comments carefully. Your problem is already answered. Wishing you all the best.

Comment from sreejith
Time: March 29, 2009, 9:07 pm

thnks very mush…… guys ..

Comment from collin
Time: October 6, 2009, 7:38 pm

THANKS YOU ARE A GOD!!!!!!!!!!!!!!

Comment from rushabshah
Time: February 14, 2010, 11:45 pm

thank u very much actually i was giveng it fr repair n it would cost 200 rs

Write a comment