' Open notepad.exe and copy / paste this text.
' Then save it as "class-x.vbs" include double quotation marks
' Then double click on class-x.vbs to remove Classified Trojan Worm!
'
' W32.Daprosy Buster, Version 1.0
' Emergency Release! NOT FOR SALE
' Copyleft 2009:
'
' You may add your own code to detect other variants of the worm.
' You may not however modify the code to maliciously damage a computer system.
' Script is distributed "AS IS" without warranty of any kind - use at own risk!!!
Sub DeleteTrojan(Trojan)
On Error Resume Next
Dim objFSO
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(Trojan) Then objFSO.DeleteFile(Trojan), True
Set objFSO = Nothing
End Sub
On Error Resume Next
Dim info
info = ""
info = info & "W32.Daprosy Buster, Version 1.0" & vbCrLf
info = info & "Emergency Release! NOT FOR SALE" & vbCrLf
info = info & "Copyleft 2009 by Itlog (lol!)" & vbCrLf
info = info & vbCrLf
info = info & "This VB script would remove Daprosy aka Autorun-AMS/AMW from your system." & vbCrLf
info = info & "Please DO NOT USE computer (especially Windows Explorer) while scanning" &vbCrLf
info = info & "is in progress!" & vbCrLf
info = info & vbCrLf
info = info & "Don't panic when your system slows down during scan - you will be" & vbCrLf
info = info & "NOTIFIED when scanning is completed." & vbCrLf
info = info & vbCrLf
info = info & "Click OK to continue..."
wscript.echo info
Dim objWMIService
Dim objFSO
Dim oReg
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")
For Each objProcess in colProcessList
cmdln = LCase(objProcess.CommandLine)
If InStr(cmdln, "\windows\lsass.exe") Then objProcess.Terminate()
If InStr(cmdln, "nthlpsvc1.exe") Then objProcess.Terminate()
If InStr(cmdln, "nthlpsvc2.exe") Then objProcess.Terminate()
If InStr(cmdln, "winnthlp1.exe") Then objProcess.Terminate()
If InStr(cmdln, "winnthlp2.exe") Then objProcess.Terminate()
If InStr(cmdln, "dirlock.exe") Then objProcess.Terminate()
If InStr(cmdln, "winzip.exe") Then objProcess.Terminate()
Next
Set objFSO = CreateObject("Scripting.FileSystemObject")
Const HKCU = &H80000001
Const HKLM = &H80000002
Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
oReg.DeleteValue HKCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Win32"
oReg.DeleteValue HKCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "WinSys"
oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "LSAgent"
oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "LSAShell"
oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "DirLock"
oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "DirLocker"
oReg.SetStringValue HKLM, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "Explorer.exe"
Set oReg = Nothing
Set colFolders = objWMIService.ExecQuery("Select * from Win32_Directory")
For Each objFolder in colFolders
Folder = objFolder.Name
Trojan = Folder & ".exe"
Set objFolder2 = objFSO.GetFolder(Folder)
If ObjFolder2.Attributes And 2 Then objFSO.DeleteFile(Trojan)
ObjFolder2.Attributes = 16
DeleteTrojan Folder & "\classified.exe"
DeleteTrojan Folder & "\do not open - secrets!.exe"
DeleteTrojan Folder & "\read1st!.exe"
DeleteTrojan Folder & "\read1st.exe"
DeleteTrojan Folder & "\autorun.inf"
DeleteTrojan Folder & "\1.exe"
DeleteTrojan Folder & "\2.exe"
DeleteTrojan Folder & "\winnthlp1.exe"
DeleteTrojan Folder & "\winnthlp2.exe"
DeleteTrojan Folder & "\hlpsvc1.exe"
DeleteTrojan Folder & "\hlpsvc2.exe"
DeleteTrojan Folder & "\kbsys.exe"
DeleteTrojan Folder & "\kbdsys.exe"
DeleteTrojan Folder & "\dirlock.exe"
DeleteTrojan Folder & "\mp3-hot-collections.exe"
DeleteTrojan Folder & "\mp4-hot-collections.exe"
Next
Set objWMIService = Nothing
Set objFSO = Nothing
info = ""
info = info & "W32.Daprosy scan is complete!" & vbCrLf & vbCrLf
info = info & "Your system is now clean." & vbCrLf
info = info & vbCrLf
info = info & "NOTICE:" & vbCrLf
info = info & vbCrLf
info = info & "This script cannot detect other viruses, worms," & vbCrLf
info = info & "and unknown variants of w32.Daprosy."
wscript.echo info
wscript.quit
yes and no but yes if you want to have that data but you will have that virus on your computer
Deleting a virus from an infected file.
Yes, or moves them to a "Virus Chest"
It goes in "Quarantine" in quarantine, the virus can't harm the computer, and you can go to quarantine, and it will have all of your infected files, and tell you the name of the virus that's infecting the file, and you can delete the infected files.
you need to get rid of the virus with a backup cd then you retrieve the files
If you burn infected files onto an optical disc then those files remain infected and would remain on the optical disc permanently.
One product for removing a virus from an external hard drive is Malwarebytes Antimalware. Once the virus is removed, the files should reappear.
get a good virus scanner then delete the files that it says r infected or send them to people that u hate
Anti-virus software program itself deletes the infected files after running the scan and detecting fault error files.
They spread by infecting other files (hosts) or by overwriting them them so when those files get shared to someone else that person will also be infected by the virus.
It will help save files on your computer and will help clear the virus off
When you delete files that may be infected virus stays on the system by moving to another file. Formating deletes all files infected or not hence virus is delete because it has nowhere else to move to.