So someone just read “How to write VB scripts in 24 hours” and thought of having some practice and wrote this kiddish thing (OK!! worm if you say so .. ) intended to be distributed mainly through USB drives autoplay.
The other day, one of experienced friend got infected. Yesterday I was browsing my sis PC, even she was infected. Too much for a kid’s experiment.Anyways, here’s what to do after getting infected.
1. Kill all processes names “svchost.exe” running under user’s context.
2. Browse to registry key, HLKM\Software\Microsoft\Windows\
Delete and recreate subkey “CheckedValue” with type DWORD and value 1.
3. Delete heap41a folder from C drive (May need to do this through command prompt if you cant see the folder – dir /ah etc)
4. Remove startup entry for C:\heap41a\svchost.exe through msconfig or HKLM\SOFTWARE\Microsoft\Windows\
5. Now lets make sure that it doesnt run again on inserting USB drive. Run -> gpedit.msc. Here, browse to Computer Configuration -> Administrative Templates -> System. On right side pain reach for “Turn Off Autoplay” and change the setting to “Enabled” for “All drives”.
6. Now restart PC, insert USB drive and show hidden files to delete files Autorun.inf and autorun.exe
That should do it.