Mircosoftpowerpoint .exe is a file that is created by a virus named w32.USBWorm. This virus is an epidemic and spreads very rapidly through USB drives. When a USB drive is connected to a computer which is already affected by this virus, it gets affected. The virus in the computer will transfer all its files into the drive. When this USB drive is connected to another unaffected computer, it will transfer all the required files to the computer's hard drive.
Once the program runs, your computer system is infected. This virus will not destroy any of your system files. It hides all the hidden folders and disables "Show hidden folders" option in folder options menu. It runs its process in the memory. This makes the worm to start with windows start-up and and displays annoying pop-up like "I dont hate mozilla, but use IE or else", Orkut is banned you fool. It will not let you open Orkut using Internet Explorer. It will not let you access even YouTube too.
The virus, after affecting your computer, creates a folder named "heap41a" in your root drive ie; C drive, where it resides. This folder will be hidden and since this virus disables show hidden files and folders option, it is not easy to locate. This folder contains following:
* Offspring - an empty folder.
* 2.mp3 - a laughing sound.
* Icon.ico - a blank icon file.
* reproduce .txt - codes to change registry entries.
* svchost.exe - gives all kinds of pop-ups.
* script1.txt - codes for displaying pop-ups.
* std.txt - codes to change registry entries.
You can find this folder by typing C:\heap41a in Start Menu> Run. If you go through the text files, you will get an idea what the worm does to your computer. It runs the executable file vchost.exe and also changes the following keys in the registry which in turn inactivates the hidden files and folders option.
>> regread,regdata, REG_DWORD, HKEY_LOCAL_ MACHINE,SOFTWARE \ Microsoft\Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\ Hidden\SHOWALL, checkedvalueifno tequal,regdata, 2
>> regwrite,REG_ DWORD,HKEY_ LOCAL_MACHINE, SOFTWARE\ Microsoft\ Windows\CurrentVers ion\Explorer\ Advanced\ Folder\Hidden\ SHOWALL,checkedvalu e,2
To rectify this, you will have to change these keys in the registry, back to actuals. To open the registry editro, go to Start Menu>> Run>> and type 'regedit'. Browse to find the following entries and change them.HKEY_CURRENT_ USER\Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced. To the right hand side, you will find the value "Hidden. Right click and modify it to 1. HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Advanced\ Folder\Hidden\ SHOWALL and find the Checked all key to the right and change it to 1 from 2. This will enable "Show hidden files and folders" in the folder option menu.Now open Windows Task Manager and end the process named svchost.exe that runs under your user name. Then delete the folder C:\heap41a and go to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\ Windows\CurrentV ersion\policies\ Explorer\ Run and clear the entry that says heap41a.
Now to make sure that the computer is free from infections, search the entire computer system and see whether there are any files with the same name as the .exe file mentioned earlier. If found, delete them. Now your computer system is completely free from worm infection. But make sure that you format the USB drive. This will prevent the virus, if present in the USB drive, infect other computers too. If you are a little careful, you can prevent your computer system from virus infections through USB drives, otherwise called Pen drives or Flash drives.
No comments:
Post a Comment