How to Remove the Orkut Virus which also affects the U-Tube and the Mozilla Firefox
Have you experienced the new ORKUT virus which is quite annoying ? It does not allow the words Orkut or Utube or Mozilla to be typed on the address bar of your IE window. The browser simply closes the first time. But from the second time, strange messages come with the violent laugh MUHAHAHAHAHA!
The virus creates a duplicate svchost.exe file which is memory resident and does the above task of preventing Orkut users. Remember that the svchost.exe is a crucial file for any computer running Windows and if the file is damaged then the computer will not boot. A virus affected svchost.exe file is better than its absence. (You may have to reinstall the Windows OS if the file is damaged and lost. Alternatively, you can get a copy of svchost.exe from a friend's computer and put in system32 folder to boot your computer. )
This duplicate svchost.exe file can be identified as it is associated with the user-process rather than the system process. So, when you open the Task Manager, and view the processes, the user name will be your user-name and NOT SYSTEM, NOT NETWORK etc.
If you find such duplicate svchost.exe with the user-process then your computer is infected with Orkut virus. I am describing below how to identify and remove such duplicate svchost.exe file without damaging the computer.
Prevention.....
The virus travels through Flash-drives. The affected Flash or Pen-drive will have a new file, Microsoftpowerpoint.exe which when double-clicked spreads the virus. Therefore whenever you find such file, just don't open it, but delete it.
Removal
To remove the virus, first open the Task Manager, by pressing Ctrl-Alt-Delete.
Click here if you cannot open the Task Manager
After the Task Manager window opens, click on Processes and examine all the listed processes. There will be several svchost.exe files. Ignore them and focus on svchost.exe with username as your username. (Sometimes it may be administrator if you have not created a user name at all).
Note that there are several types of svchost.exe in Task manager. The task manager shows the files as follows:
svchost.exe SYSTEM
svchost.exe LOCAL SERVICE
svchost.exe NETWORK SERVICE ETC.
Suppose your user name is KARTHIK. (Your
user name is shown on Top, beside your Icon, when start button is pressed).
Then you will see an entry in Task manager as follows, only if your
computer is affected by Orkut Virus:
svchost.exe KARTHIK
This svchost.exe file with KARTHIK will be the virus file or the duplicate file and this alone should be deleted. If you delete other svchost.exe files for system, network etc, your computer will crash and recovery is difficult.
1. Therefore, first close the virus process in Task manager. To do this, select the "svchost.exe KARTHIK" and click "End Process". This will end this virus functionality in Memory. (otherwise you cannot delete the file in step 2).
2. Then open Internet Explorer and type orkut in the explorer's address bar; and you will see nothing will happen.
3. Then to remove the virus permanently, go to system32 folder in windows and delete only "H svchost.exe" with icon H preceding the file. Don't delete other svchost.exe files as it would damage the Operating (boot) System.
4. Then press start button, click run and type regedit and click ok. Your registry will be opened.
5. Then press F3 and find dialogue box opens.
6. There type heap and search. Wherever it stops and gives any values corresponding to "Heap", just press delete button on key board and delete it.
7. Then Press F3 once again and so ... on, till you delete all heap folders and values.
8. Then restart the computer. Your MUHAHAHA virus is gone for ever !!!!
J.C.
***