UPSI virus

Before UPSI virus,Jambanmu.com is the virus that is very famous.But UPSI virus is very interesting in term of the the script and the folder where this virus is located.You can call it super hidden folder is applied in this virus.The folder is almost invisible in the naked eyes.

Download here script

Here the solution for the virus:

The Amature mode ( no need to edit registery )

1.Go to Task Manager( CTRL + ALT + DELETE)
2.Go to the processes tab
3.Look for svchost.exe under the image name.(There will be many but look for the ones
which have your username under the username)
4.Press DEL to kill these files. It will give you a warning, Press Yes
5.Repeat for more svchost.exe files with your username and repeat.(Do not kill
svchost.exe with system, local service or network service!)
6.Now open My Computer
7.In the address bar, type C:\heap41a and press enter.(hidden folder)
8.Delete all the files.
9.Now go to Start –> Run and type Regedit
10.Go to the menu Edit –> Find
11.Type “heap41a” here and press enter. You will get something like this “[winlogon]
C:\heap41a\svchost.exe C:\heap(some number)\std.txt”
12.Select that and Press DEL. It will ask “Are you sure you wanna delete this value”,
click Yes
13.Now close the registry editor.

The Expert mode.

1.Go to Start Menu>Run and type regedit.In the Registry Editor browse to this entry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and in the “Checked all” key reset it back to 1 from
2.Now you can change the settings in the folders option. Now delete the folder C:\heap41a and clear all the key entries from this registry entry HKEY_LOCAL_MACHINE,SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run which says heap41a.