powerpoint.exe

What are the symptoms that shows your computer have been affected by powerpoint.exe ::.

1) You will see message ” ORKUT IS BANNED,Orkut is banned you fool`,The administrators didnt write this program guess who did?? ”
2) It will not let you open Orkut using Internet Explorer. It will not let you access even YouTube too.

What you should do? ::.

1) First you have to boot your computer in to safe mode by pressing F8 while booting.
2) Then go to search, select in advance option for search in hidden file & folders and system files & folders.
3) In search give keyword"heap41a"
4) You can see a folder name "heap41a" in C:\
5) Shift+ Delete that folder
6) If you can see the message system cam not delete the file, then click ctrl+ alt+delete
7) Try to end task a file svshost.exe
8) Then again try to delete that folder "heap41a".
9) Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
10) In the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows>CurrentVersion>Policies>Explorer>Run
11) In the right panel, locate and delete the entry:winlogon = "%System Root%\heap41a\svchost.exe %System Root%\heap41a\std.txt"
12) Still in the Registry Editor, in the left panel, double-click the following:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows>CurrentVersion>Policies>Explorer>Run
13) In the right panel, locate and delete the entry:status = "present"
14) In the left panel, double-click the following: HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft> Windows>CurrentVersion>Explorer> Advanced\Folder>Hidden>SHOWALL
15) In the right panel, locate the entry: checkedvalue = "0"
16) Right-click on the value name and choose Modify. Change the value data of this entry to: 1
17) Close Registry Editor.

next delete the virus folder
You need to delete files named "Autorun.inf" file in every drive and removable drive that have been connected with your PC before
1. Right-click Start then click Search... or Find..., depending on the version of Windows you are running.
2. In the Named input box, type:MICROSOFTPOWERPOINT
3. In the Look In drop-down list, select My Computer, then press Enter.
4. Once located, check if the location of the file is the following:%User Temp% (Note: %User Temp% is the current user's Temp folder, which is usually C:\Windows\Profiles\{user name}\Temp on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Temp on Windows NT, and C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.)
5. If yes, select the file then press SHIFT+DELETE.
6. Again in the Named input box, type:heap41a
7. In the Look In drop-down list, select My Computer, then press Enter.
8. Once located, check if the location of the file is the following:%System Root% (Note: %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)
9. If yes, select the file then press SHIFT+DELETE.

Lastly restart your computer and remember to restore back your Folder Option to previous setting.