I learnt about this worm few days ago when it first infected my father’s laptop and has recently infected this PC too. This worm pissed me off for a number of reasons. First, it blocked me from using my favorite browser, Firefox.
Fair enough, it must be an IE fan who can not accept the fact that Firefox is taking popularity off of Internet Explorer BUT blocking me from enjoying Youtube videos is something that cannot be tolerated. If you got the following message, then you too has the same problem.
I’m quite convenient of sorting this out manually primarily because it doesn’t require me to change to Avast just for the sake of removing this worm (wow, this worm circumvents my AVG anti virus). Ok, here is the steps needed to remove it completely from your computer.
1. Open Windows task Manager by pressing CTRL+ALT+DEL simultaneously.
2. Under processes tab and find svchost.exe. There are many of similar files but find the one that is associated to your username (under username column).
3. Terminate the files (svchost.exe associated to your username) by hitting the delete button. Make sure you don’t accidentally svchost.exe under network service, local service or system.
4. From Start Menu > Run.., type in C:\heap41a and hit enter.
6. Delete everything inside this folder.
7. Again from Start Menu > Run, type in Regedit
8. When Regedit is opened, go to Edit > Find
9. What you are actually doing right now is you are about to search for any registry that is related to heap41a. Key in heap41a” and press enter. You should get something that reads “[winlogon] [your system drive]:\heap41a\svchost.exe [your system drive]:\heap(bla bla)\std.txt”
10. Delete this entry. Click yes when you are asked for confirmation.
11. That’s it.
To ensure this thing will not replicate itself again, delete any autorun.inf files and any files with suspicious extension (.exe for example) from your removable drives.
Now no more annoying Heap41a/win32.USBworm.