How To Remove Heap41a win32.USBworm

by on July 8, 2008
in Tips and Tricks, Windows




I don’t know if this worm Heap41a (win32.USBworm) is new or not, but recently a friend of mine got this worm in his PC through his USB drive. Now whenever he tried opening YouTube through IE, a message pops up and closes IE: youtube is banned,The administrators didnt write this program guess who did?? MUHAHAHA!!

YouTube banned

Similarly, when he tried to access Orkut, he got: Orkut is banned,The administrators didnt write this program guess who did?? MUHAHAHA!!

Orkut banned

And when I asked him to use Firefox, he got: I Dnt Hate Mozilla But Use IE Or Else…

Firefox disabled

How To Remove Heap41a win32.USBworm

To remove this annoying worm, follow the given instructions below:

NOTE: The procedure below involves Registry changes, so make sure you make a backup first.

1. Open the Processes tab in Task Manager, and look for svchost.exe. There will be many such processes, but look for the one that is running under your user account. (Others will be under Network and System)

Most probably, there will be only two svchost.exe running under user account, so kill both of them (Don’t murder them, simply end the processes).

2. Now open your Registry Editor, and navigate to: HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Delete the Winlogon key from the right pane.

3. Now enable your user to view hidden folders and files (How To)

4. Now open Command Prompt (Run > type cmd > press OK) and execute the following commands in the order given below:

  • attrib -S -H -R C:\heap41a
  • rmdir /S /Q C:\heap41a

If your Windows is not in C: drive, then change C:\ with your Windows drive letter.

That’s it! The worm has been murdered crushed! For a safer side, go to your Windows Startup folder, and look for any suspicious files. Then go to System Restore, and make a new restore point. In the end, restart your computer!

This worm is most commonly transferred from USB drives because I found the infected file microsoftpowerpoint.exe in my friend’s USB drive.

This is the first ever worm fix I’ve found all by myself! I didn’t use any help from my friend, Google. If you have any more questions regarding this, do let me know below. And oh yeah, I have this worm with me now, if anyone needs to play with it, you can contact me here.

P.S. I’m not the developer of this worm!

Was this post helpful? Follow us on Twitter (@SizzledCore) or become our Facebook fan for all the latest updates!


  • Hey, that’s a very old one, may be some about 1 year back, I saw them on college PCs which even tried(but failed) to attack my PC through pen drive…

  • @Pavan:
    Hmm.. Would you like to have it? I have carefully protected this worm in a jar from running away :D

  • ^ lol virus sharing is on its way.

  • zAkOTa _ JiN

    I love U and only U haris.

  • > Then go to System Restore, and make a new restore
    > point. In the end, restart your computer!
    >

    How do you make a new restore point?