# Classified Virus!!!



## marr02

Does anyone of you encounter this Classified Folder Virus... need some help how to remove it... I tried every thing but all the antivirus program won't install because of the virus. tnxx


----------



## wardhanster

use avg and update it and then, use the boot time scan option, and then restart the system , the scanner will start at the time of booting and if the scanner detectects the viruse it will ask for the confirmation to delete it... 
hope it will solve your issue..


----------



## Concordedly

Once again, this belongs in computer security board...

Ok if you can't install any Anti-Virus programs, then I recommend you download and save the installers on another computer and burn them to a CD or put them on a flash drive. Then, boot your computer into safe mode. (Tap F8 repeatedly during boot to launch into boot menu.) Install your anti-virus software now. You should be able to do this in safe mode. Once installed, run full system scans and delete what it tells you is there.

I recommend AVG Free and MalwareBytes, later once your computer is restored, download Spybot Search and Destroy.


----------



## lovely?

ya f8, or f2, or del, or f1, but it will say on the post when the computer turns on which button to press to enter boot options.


----------



## voyagerfan99

lovely? said:


> ya f8, or f2, or del, or f1, but it will say on the post when the computer turns on which button to press to enter boot options.



It's always F8 (no matter what computer) to select how you want to boot into windows.


----------



## marr02

tnx for the help....


----------



## marr02

i tried to do it in safe mode but still won't install....pls reply


----------



## Yari Kah

@marr02----try dis one and save it as .bat



@echo off
title Daprosy Exterminator v1(a) by SubAtomica
color 0a
cls
echo Daprosy Exterminator v1(a)
echo Copyleft 2009 by SubAtomica
echo Emergency Release
echo NOT FOR SALE!
echo.
echo A batch script to remove known strains of Daprosy worm including
echo Autorun-AMS/AMW/APL from memory and disk drives.
echo.
echo This utility is provided "AS IS"
echo without warranty of any kind --
echo use at your own risk!!
echo.
echo Please make a backup of ALL your important data before running
echo this script. We do not want you to lose them when system goes
echo very unstable which is not unlikely to happen when you have
echo acquired multiple infections in your system.
echo.
echo IMPORTANT: Do not use browser, e.g. Windows Explorer, while
echo scanning is in progress!
echo.
echo.
pause
cls
echo Terminating processes...
echo.
for /l %%i in (1,1,5) do call :k0
cls
echo Cleaning registry...
echo.
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Win32 /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WinSys /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAgent /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAShell /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlock /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlocker /f
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /d Explorer.exe /f
cls
echo Deleting files...
echo.
echo This part could take at least half an hour to complete.
echo Please be patient while Daprosy clones are being deleted
echo and "infected" folders are revived one by one.
echo.
for /f %%v in (drives.txt) do call :k3 %%v:\
color 0e
cls
echo Done cleaning system from Daprosy worm!
echo Rerun this script whenever necessary.
echo.
pause
goto :eof
:k0
taskkill /im lsass.exe /fi "username ne nt authority\system" /f
taskkill /im winnthlp1.exe /im winnthlp2.exe /im nthlpsvc1.exe /im nthlpsvc2.exe /f
taskkill /im dirlock.exe /im winzip.exe /f
goto eof:
:k1
if not exist "%~f1.exe" goto :1
if not %~a1==d--hs---- goto :1
attrib -r -h -s "%~f1"
attrib -r -h -s "%~f1.exe"
echo Recovered %~f1
del "%~f1.exe"
:1
call :k2 "%~f1\autorun.inf"
call :k2 "%~f1\kbdsys.exe"
call :k2 "%~f1\classified.exe"
call :k2 "%~f1\do not open - secrets!.exe"
call :k2 "%~f1\read1st!.exe"
call :k2 "%~f1\read1st.exe"
call :k2 "%~f1\1.exe"
call :k2 "%~f1\2.exe"
call :k2 "%~f1\dirlock.exe"
call :k2 "%~f1\winnthlp1.exe"
call :k2 "%~f1\winnthlp2.exe"
call :k2 "%~f1\nthlpsvc1.exe"
call :k2 "%~f1\nthlpsvc2.exe"
call :k2 "%~f1\mp3-hot-collections.exe"
call :k2 "%~f1\mp4-hot-collections.exe"
goto :eof
:k2
if not exist "%~f1" goto :2
attrib -r -h -s "%~f1"
del "%~f1"
echo Deleted %~f1
:2
goto :eof
:k3
if not exist %1con goto :3
echo Processing Drive %1
for /r %1 %%v in (.) do call :k1 "%%v"
:3
goto :eof


----------

