102. I don't hate Mozilla ! Orkut is banned !!!!!

I was asked by my friend that he is the only user in his computer, his account is having administrative rights, but he is not able to open Orkut, and it says Orkut is banned. Another friend had told that he is not able to use Mozilla Firefox and it asks him to use Internet Explorer. I just told it must be some virus, but really didn't care much about that. But none of the antivirus software could detect or remove this malware.

My friend had given me a pen drive. I remembered it while browsing net on Firefox. When I put that in my PC and double clicked, it didn't open. I knew at once: I had activated a virus. But I didn't have any idea about the kind of virus that might have come to my PC, until I switched back to Firefox. Immediately a message box was displayed: I DNT HATE MOZILLA BUT USE IE OR ELSE... with title as USE INTERNET EXPLORER U DOPE. I just remembered the experiences of my friends. I tried to locate the virus by running the Task Manager. But there were no suspicious entries there. I had to bow the owner of the virus. I used Internet Explorer to search about it. The first entry in Google took me to the Mozilla Forum page, and after going through some pages, I came to know that the same virus also displayed another message when you opened Orkut. Orkut is banned you fool, The administrators didnt write this program guess who did?? MUHAHAHA!! with title ORKUT IS BANNED. Well, a similar message was displayed for YouTube also. So I went through all the posts, and finally found a solution given here:

Press CTRL+ALT+DEL and go to the processes tab

Look for svchost.exe under the image name. There will be many but look for the ones which have your username under the username

Press DEL to kill these files. It will give you a warning, Press Yes

Repeat for more svchost.exe files with your username and repeat. Do not kill svchost.exe with system, local service or network service!

Now open My Computer

In the address bar, type C:\heap41a and press enter. It is a hidden folder, and is not visible by default.

Delete all the files here

Now go to Start --> Run and type Regedit

Go to the menu Edit --> Find

Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"

Select that and Press DEL. It will ask "Are you sure you want to delete this value?", click Yes

Now close the registry editor.

Now the virus is gone. But be sure to delete the autorun.inf file and any folder whose name ends with .exe in the pen drive.

63.Identify the 'uppercase' viruses

One big problem today in this Computer Age is that spyware and virus makers are more cunning than ever. They have employed the trick of small-case L (l) and big-case I to confuse you from identifying the viruses or spywares from the running processes in your system. For example, Isass.exe and lsass.exe. Which of these two is the virus and which is the important security process? If you look closely at the two, the first is the virus. If you change its font to Times New Roman you would notice that it is actually Isass.exe, the virus. Here is another example. Kernel.dlI versus Kernel.dll. It is not very obvious but the first Kernel.dlI is the virus. Change the font to Times New Roman again, and it would show you Kernel.dlI. Clever isn’t it? These spyware and virus makers are now making their creations look like Windows system files, so you should be very careful when you are inspecting the files on your system. You should not assume that what you see is what it is.

To avoid this kind of mistake, I suggest you change your systems font to Times New Roman or Bookman where I and l are very clearly identifiable. It would be less confusing that the Arial font, which was used above to confuse you.

Another great way to help with this kind spyware and virus identification is for you to get a virus scanner or spyware program that you must run once in a while. They can identify these nasty files and delete it.

33. Avoid download of file attachments that may have virus infections

Open Group Policy Editor by going to START - RUN and entering gpedit.msc. This one is easy.. Navigate to USER CONFIGURATION - ADMINISTRATIVE TEMPLATES - WINDOWS COMPONENTS - INTERNET EXPLORER. For This on right hand pane (most likely secondly last line at bottom) you should see an item Configure Outlook Express. Double Click on it and enable it and mark check box that says "Block attachments that may contain virus". OK out and close the global policy editor.