W32.

USB Worm
HOW U GOT AFFECTED It runs an exe file is named as Microsoft Power Point.exe which is located in USB disk. The autorun.inf runs this file when double clicked. Once this program is run you are infected. It hides all your hidden folders, runs the process in the memory, makes the worm to start with windows and pops those annoying messages. This worm doesnt destroy any system files. It just infects other USB drives and spreads to new hosts. HOW TO GET RID OF IT 1:-Start 2:- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Explore\Advance\Folder\Hidden\SHOWALL and in the Checked all key reset it back to 1 from 2. (This enables the option under Folder Menu Bar of Windows Explorer and also allows you to delete C:\heap41a) 3:- In Folder Options Check on Show Hidden Files. 4:-Delete the folder C:\ heap 41a 5:-Follow step 1 6:- Go To HKEY_ LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\Current Version\policies\Explorer\Run which says heap41a 7:- Clear all the key entries from this registry Entry 8:-NOW FORMATE THE PENDRIVE YOU ARE USING AND DONT FORGET TO FORMAT THE PEN DRIVES USED BY YOUR FRIENDS. NOW YOU CAN ENJOY! YOU ARE FREE FROM WORM INFECTION STATUTORY WARNING: BE CAREFUL WHILE USING A PEN DRIVE, IF POSSIBLE FIRST FORMATE IT UNTIL WE HAVE A PROPER ANTI-VIRUS SOLUTION. Run regedit (Enter)