Win32/Heur is a computer worm that propagates on fixed disc drives and removable USB drives. This type of threat may infect drives via autorun.inf file it created that runs a command each time the drive is accessed. Malicious files will be copied to a drives attached on infected computer. Using this technique, Win32/Heur manages to spread a copy of its code to another clean PC when infected drive is attached to it.

Usually, Win32/Heur drops autorun.inf file that runs the code each time that user access the drive. Core file or the main code containing malicious script is also dropped on the computer but will be rendered hidden to conceal its presence and evade antivirus program.

This worm will attempt to take advantage of Windows' Autorun function. Through this, drives inserted on the computer will run instantly, thus, if it is infected with Win32/Heur, it runs also. When loaded, the worm will look for any devices attached to the PC and infect them as well. Same worm code and autorun.inf file will be dropped on the target device. Using the infected device on a clean PC may cause the same routine of infection.


Win32/Heur is a harmful type of threat that normally spreads on local fixed and removable drives. It may drop malicious executable files in the form of .VBS, .EXE, .SCR, or .BAT. The file automatically runs when user accessed the drive of folder containing the worm. Win32/Heur is exploiting weakness in Windows autorun function by dropping autorun.inf file to initiate its executable.


Anti-virus or any installed security programs will send an alert once Win32/Heur is detected on the computer. Aside from that, presence of unknown and suspicious autorun.inf and executable files on drives and folders also denotes that computer is infected with this worm.

Other Functions of Win32/Heur:

  • Win32/Heur may severely affect fixed drives and removable drives
  • The worm can steal sensitive data from the infected computer
  • Win32/Heur can download and execute other threats
  • This hazardous worm may corrupt system files on the computer
  • This threat can connect to a remote server and update its components

How to Remove Win32/Heur

1. Download Malwarebytes' Anti-Malware from this link and save it on your Desktop.
2. After downloading, double-click on mbam-setup.exe to install the application.
3. Follow the prompts and install as default only.

4. Before the installation completes, check on the following prompts:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware

5. Click Finish. Program will run automatically and you will be prompt to update the program before doing a scan. Please update.
6. Scan your computer thoroughly.
7. When scanning is finished click on the Show Results button.
8. Make sure that all detected threats are marked, click on Remove Selected.
9. Restart your computer.

Note: Some malware may prevent mbam-setup.exe from downloading and running. You can download and rename this program from a different computer before running it on infected system.


  1. tonio

    go to dos prompt first,
    go to c:
    type dir *.* /ah
    all the hidden files will be shown
    look for the suspicious file you saw
    And type del then press enter

    If the suggested removal procedure failed,
    then try this:
    del -s -h -r and press enter.

  2. eslamof

    i want remove to win 32 heur cause it bad viurs for me


    I did what iu said but, I couldnt delete it
    the message says : denegaded access

Comments are closed.