How to remove Heap41a

I've learnt about this worm when I'm still in college about a half year ago. Ok listen up guy, This worm pissed me off for a number of reasons. First, it blocked me from using, Firefox. Fair enough, it must be an IE fan who can not accept the fact that Firefox is taking popularity off of Internet Explorer BUT blocking me from enjoying Youtube Videos is something that cannot be tolerated. If you got the following message, then you too has the same problem.

I Dnt Hate Mozilla But Use IE Or Else... with title as Use Internet Explorer U Dope.

ORKUT IS BANNED: Orkut is banned you fool, The administrator bla..bla..bebel..bla

I'm quite convenient of sorting this out manually primarily because it doesn't require me to change to Avast just for the sake of removing this worm (wow, this worm circumvents my AVG Anti Virus). Ok, here is the steps needed to remove it completely from your computer.


  1. Press CTRL+ALT+DEL to open Windows Task Manager
  2. Go to the processes tab and look for svchost.exe under the "image name". There will be many but look for the ones which have your username under the "username".
  3. Press DEL to kill these files. It will give you a warning, simply press Yes
  4. Repeat for other svchost.exe files with your username. Note: Do not kill svchost.exe under system, local service or network service.
  5. Type C:\heap41a in Start Menu > run.. and press enter. You need to do this because it is a hidden folder.
  6. Delete all files inside this folder.
  7. Again go to Start Menu > Run and type in Regedit
  8. Go to the menu Edit > Find
  9. Type "heap41a" here and press enter. You will get something like this "[winlogon] C:\heap41a\svchost.exe C:\heap(some number)\std.txt"
  10. Select that and Press DEL. It will ask "Are you sure you wanna delete this value", click Yes
  11. Now close the registry editor and you are done.

Make sure to delete the autorun.inf file and any unrecognized file ends with .exe in your pen drive otherwise it will replicate itself again.

