Get rid of Microsoftpowerpoint.exe virus
Mircosoftpowerpoint.exe is a file that is created by a virus named w32.USBWorm. This virus is an epidemic and spreads very rapidly through USB drives. When a USB drive is connected to a computer which is already affected by this virus, it gets affected. The virus in the computer will transfer all its files into the drive. When this USB drive is connected to another unaffected computer, it will transfer all the required files to the computer's hard drive.
Once the program runs, your computer system is infected. This virus will not destroy any of your system files. It hides all the hidden folders and disables "Show hidden folders" option in folder options menu. It runs its process in the memory. This makes the worm to start with windows start-up and and displays annoying pop-up like "I dont hate mozilla, but use IE or else", Orkut is banned you fool. It will not let you open Orkut using Internet Explorer. It will not let you access even YouTube too.
The virus, after affecting your computer, creates a folder named "heap41a" in your root drive ie; C drive, where it resides. This folder will be hidden and since this virus disables show hidden files and folders option, it is not easy to locate. This folder contains following:
* Offspring - an empty folder.
* 2.mp3 - a laughing sound.
* Icon.ico - a blank icon file.
* reproduce .txt - codes to change registry entries.
* svchost.exe - gives all kinds of pop-ups.
* script1.txt - codes for displaying pop-ups.
* std.txt - codes to change registry entries.
You can find this folder by typing C:\heap41a in Start Menu> Run. If you go through the text files, you will get an idea what the worm does to your computer. It runs the executable file vchost.exe and also changes the following keys in the registry which in turn inactivates the hidden files and folders option.
>> regread,regdata,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\ Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ Hidden\SHOWALL,checkedvalueifnotequal,regdata,2
>> regwrite,REG_DWORD,HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ SHOWALL,checkedvalue,2
To rectify this, you will have to change these keys in the registry, back to actuals. To open the registry editro, go to Start Menu>> Run>> and type 'regedit'. Browse to find the following entries and change them.
HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced. To the right hand side, you will find the value "Hidden. Right click and modify it to 1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and find the Checked all key to the right and change it to 1 from 2. This will enable "Show hidden files and folders" in the folder option menu.
Now open Windows Task Manager and end the process named svchost.exe that runs under your user name. Then delete the folder C:\heap41a and go to HKEY_LOCAL_MACHINE\ SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run and clear the entry that says heap41a.
Now to make sure that the computer is free from infections, search the entire computer system and see whether there are any files with the same name as the .exe file mentioned earlier. If found, delete them. Now your computer system is completely free from worm infection. But make sure that you format the USB drive. This will prevent the virus, if present in the USB drive, infect other computers too. If you are a little careful, you can prevent your computer system from virus infections through USB drives, otherwise called Pen drives or Flash drives. To learn more about how to prevent your computer from USB virus infections, read our article.
Support Haiti
Related Articles
- Removing startdrv.exe - trojan backdoor cutwail family virus
- Protect your system from copy.exe alias Salga.a worm
- How to install and boot Windows on a Logical Parition
- Recovering a lost Administrator Password in Windows XP
- Restore GRUB after Windows installation
- Be Smart and Prevent Virus Infections through USB Drives
- How to add multiple IPs to a single ethernet card in CentOS from CLI
- Fixed: Ubuntu Startup slows down at Starting Mail Transport Agent (MTA) sendmail
3/118, Opp. M. G. College,
Kesavadasapuram,
Pattom P. O., Trivandrum,
Kerala - 695004, India
+91-471-2449495 (O)
+91-9446-06-9446 (M)
info@zyxware.com
Syndicate
 |
Comments
I was worried about the regedit...
...honestly, I don't like interfering with that on a computer. However, I trusted your site and went along with the steps vividly described above. I have to agree, even a novice riding a unicycle with a little monkey in a red cirus hat can follow your well laid out steps.
My newest worry is where did i get the virus from in the first place?! I attend university and I think it's the most likely place. I don't know how to tell them their systems may be infected...
I just got to endorsed your technical advice: ANYONE experiencing microsoftpowerpoint.exe virus follow the step above. They are simple and easy. It solved my problem and it will do the same for you.
Cheers.
Toni.
It is virus or worm or malware..my antivirus can't find it
Hi, I am facing a very strange kind of problem. My pendrive is infected (and i am not sure by what, virus, worm or a trojan)..but it has a folder named NewFolder.exe. This thing is easily transmitted from pen drive to harddrive and is very very difficult to get rid of. what does it do is that it renames most of the folders by their names and converts them into .exe, and thus rendering the entire data useless. I tried getting rid of it by running antivirus (Trendmicro), virus removal tools, trojan killer etc..but this thing remains as it is. I can delete the NewFolder.exe, but it keeps coming again and again. It is not allowing me to format my pen drive either. Kindly help as early as possible.
Thanks in advance.
Sudhi
please help!! i try to do
please help!! i try to do this but when i change the value to 1 he changes back to 2 : "HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced. To the right hand side, you will find the value "Hidden. Right click and modify it to 1." an this hes starts whit 0 when i change it comes back to 0 again: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and find the Checked all key to the right and change it to 1 from 2"
what should i do!!?? plz help!!
ZYXWARE ROCKS!!!
Thanks for the information.
Now I can try developing an application that removes & prevents this virus. :)
Thank you
Thank you very much for this article.
Thanks you.
Hey, thanks for your assistance but this stupid virus which is stuck up on my pen drive is still there and it has not affected my computer.. i can see the hidden files but i can see that a folder named microsoftpowerpoint.exe existing.. my antivirus does not recognize it as a virus. But it keeps coming back if I delete it.. please advice..
regards,
Harry
Virus problem with pendrive
I think this is only an initial phase of virus infection, because you can see hidden files. But as that same folder is coming back even after deleting from thumb drive, i guess your computer must have got infected with the same worm. Did you try the steps given above?
Joju Joshua
Team Zyxware
Power point presentation not working
Great!
My anti virus program deleted the virus, but now one of my power point presentations doesn't work
Any suggestions?
Power point presentation not working
I think it is some error with your Microsoft Office installation. Please try re-installing it again. It should work. Otherwise, the file is corrupted.
Joju Joshua
Team Zyxware
Problem with Microsoft Office
I doubt its a problem with Microsoft office because all my other presentations work, its just this single file.
When i try to open it it tells me that PowerPoint couldn't read it ( although I had opened it easily two weeks ago)..
Problem with Microsoft Office
As all other presentations and files are working perfectly, we cannot say for sure whether the problem is with Microsoft Office. If the problem was with Office, then none of related applications or files would work. So I believe either the file is corrupted (that is why you are getting an error "Power Point cannot read the file") or some plug-in(s) used in that particular file is(are) not working.
I guess a re-installation of Microsoft Office would solve the problem.
cheers
Joju Joshua
Team Zyxware
THANX! I'll try
THANX!
I'll try
Really great job
Really great job done.
Thanks Guys
Excellent work
Excellent work man.... D worm almost got on my nerves... Thanx a lot 4 d help!!!
Same virus, More problem.
hi
i think i have the same virus but i noticed some other things, like that task manager stops working? and i've seen on some other sites notices about other things that it does...(like stop control panel and some other programs from working..)
i did system restore (i didn't know what was wrong with my comp back then and this restored task manager but i think it got infected again.
Is there any antivirus software that deals with this? plus except for formatting the usb, is there any way to remove the virus from the system? i have got some important work in it. i can't really destroy it but don't know what to do.!
I am a novice by the way! and i DO understand your advice but am too scared to do it yet in case i mess it all up. As for now my comp stays off.
Virus problem
These are just worms that multiplies itself. As you can see, these are, mostly transmitted through a network or USB drive and are generally not detected using an antivirus software.
Try the above steps that we have given over here. Generally nothing will happen to your system. System restore will not do anything to the files and folders stored in the hard drive.
According to Microsoft, the following features are restored when using System Restore:
* Windows Registry
* Local Profiles
* COM+ DB
* WFP.dll cache
* WMI DB
* IIS Metabase
So the worm and its files in the hard drive remain unchanged even after a System Restore. That was the reason behind your Task Manager problem, which worked initially the later didn't.
To get rid of this worm, you will have to delete the folder and files created by this worm. Please follow the steps given above and let us know what happens.
Also, if you think of formatting your hard drive, keep it as your last option.
Adding to this, for your information:
Authors of various viruses intentionally write them with the same extensions as that of various Windows files that are monitored by the System Restore program. So even after using System Restore to recover or restore the computer to an earlier date, it is possible to introduce the same virus back into the system.
When you find a virus in your system, you should completely disable System Restore and delete all Restore Points. Then scan the system for virus. After making sure that it has been removed from your computer, re-enable the System and create a new System Restore Point.
So it is possible that even after you perform a System Restore process, you will still have the virus in the computer.
thanks for ur support
sir i m very thankful fo ur support
Thanks
I was frustrated by the amount of trouble given by this virus. I was unable to fix this problem from last 2 days but thanks to ZYXWARE for this invaluable article that has saved the day.
I always try my best to not to format my system but this virus made me think of that option also. But this article has helped me a lot.
I have rarely seen any article which is written in such a precise manner that even a novice user will be able to get the problem fixed.
Thanks once again
microsoftpowerpoint.exe
Hey !!
To Prevent spreading of this virus just delete this virus by detecting it in any linux based operating system!! Almost every Virus is inactive there!!
You are welcome.
Hello,
it was our pleasure that we got an opportunity to help you out with your problem. Do keep visiting our website - www.zyxware.com for more articles related to various issues concerning to computers and laptops. Also if you face some problems and if you cannot find in our website, do let us know. We shall definitely try to help you out.
cheers
Team Zyxware
Post new comment