Monday, January 11, 2010

Deleting the w32USB Worm Virus off Your Computer

Worm virus occurrence date: 9/01/2007 02:02:00 PM

Another worm virus had found its way onto the notebook that I use frequently. It was an irritating virus which did not allow Mozilla Firefox to be used on the computer. When you start the Mozilla browser, you shall get a pop-up that looks like “I DNT HATE MOZILLA BUT USE IE OR ELSE…”, “USE INTERNET EXPLORER U DOPE”, & etc. Then you know your computer is infected.

You can try to scan it with Spyware or anti-virus software but the worm may probably not show up on the search results. Why would people have anything against the Mozilla Firefox browser & be so fanatical about Microsoft Internet Explorer to make the worm virus? As the name suggests, the w32USB Worm Virus had contaminated your computer from USB, Pen, or Thumb disc sources. As you may know by now, the worm virus cannot be deleted by Anti-virus or Spyware programs to date.

Be careful & clean your flash drives especially after you use it on public networks like University computer labs, cyber cafes & etc. Occasionally, I ask myself why the Anti-virus software that I use cannot detect such threats. The solution I found has to be done manually. Don’t worry it is straight forward, simple & just a few steps.

Below are the instructions to remove the irritating w32USB Worm Virus off your computer.

1. Press CTRL+ALT+DEL and go to the processes tab

2. Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username

3. Press DEL to exterminate the files. It will give you a warning, Press Yes

4. Repeat for more svchost.exe files with your username and repeat. Do not delete svchost.exe with system, local service or network service!

5. Now open My Computer

6. In the address bar, type C:\heap41a and press Enter. It is a hidden folder, and is not visible by default.

7. Delete all the files here

9. Now go to Start --> Run and type Regedit

10. Go to the menu Edit --> Find

11. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"

12. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes

13. Now close the registry editor.

Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.

I did not find any problems regarding hidden files after doing the above instructions. Perhaps it was because I did not set my computer’s hidden files to be displayed in the first place. There are further instructions related to correcting the problem of not being able to see your computer’s hidden files on the referred website.


Krishnan. "w32.USB Worm" Krishnan’s Blog 28 July 2007. (

No comments:

My latest images for sale at Shutterstock:

My most popular images for sale at Shutterstock: