Infected with Heap41a Virus

Was working in the company and seeing the need to have a temporary storage device like the USB Thumb Drive, to transfer files and to do installation. It was sort of like a necessity then though it was a wrong choice to make when you’re putting your thumb drive on other people’s desktop.

A wrong choice to make though when I brought it back home and instead of exploring the thumb drive, I double clicked the icon, and it came up saying running some programs.

My first reaction was Oh shit…. Virus attacked. So I scanned thru the Windows Task Manager for any processes and stopped them and used AVG Free Antivirus and also Ad Aware to kill any viruses. At first it seemed to work and I found out that it was running some kind of software which is more like macro program. Somehow the virus is still not cleared yet when I did that, and also it will create a folder named Heap41a in C:\ drive. Anyway this was my experience.

1. Go to Windows Task Manager by pressing shortcut key Ctrl + Shift + Esc and view processes. End Process of those name svchost which is run under the User. Do not terminate svchost services under SYSTEM, LOCAL SERVICE and NETWORK SERVICE.
2. After done, you can use your cmd to delete the undesirable heap41a folder. Go to Start > Run and type cmd. Type cd\ to go to the main C:\ folder then type the following rmdir /s heap41a and press Enter. (This is a faster way)
3. Go to Start > Run and type Regedit and search for any heap41a file and delete the register key.

Well, I guessed that should be all. Funny that this virus is really a pain in the ass and not all Antivirus could detect it. So for now this is the only way, unless I create an automated process.

If you’re still unclear about the steps, you may reached me by replying in the comments here. Hope this is helpful.

Edited : Found out that this virus also modifies your registry to not show hidden files. Here’s the post to enable view of hidden files on your Windows XP.

No Responses

Leave a Reply