answersLogoWhite

0

Subjects>Electronics>Computers

How do you recover files infected with classified virus?

Updated: 9/17/2023
User Avatar

Wiki User

12y ago
Best Answer

' Open notepad.exe and copy / paste this text.

' Then save it as "class-x.vbs" include double quotation marks

' Then double click on class-x.vbs to remove Classified Trojan Worm!

'

' W32.Daprosy Buster, Version 1.0

' Emergency Release! NOT FOR SALE

' Copyleft 2009:

'

' You may add your own code to detect other variants of the worm.

' You may not however modify the code to maliciously damage a computer system.

' Script is distributed "AS IS" without warranty of any kind - use at own risk!!!

Sub DeleteTrojan(Trojan)

On Error Resume Next

Dim objFSO

Set objFSO = CreateObject("Scripting.FileSystemObject")

If objFSO.FileExists(Trojan) Then objFSO.DeleteFile(Trojan), True

Set objFSO = Nothing

End Sub

On Error Resume Next

Dim info

info = ""

info = info & "W32.Daprosy Buster, Version 1.0" & vbCrLf

info = info & "Emergency Release! NOT FOR SALE" & vbCrLf

info = info & "Copyleft 2009 by Itlog (lol!)" & vbCrLf

info = info & vbCrLf

info = info & "This VB script would remove Daprosy aka Autorun-AMS/AMW from your system." & vbCrLf

info = info & "Please DO NOT USE computer (especially Windows Explorer) while scanning" &vbCrLf

info = info & "is in progress!" & vbCrLf

info = info & vbCrLf

info = info & "Don't panic when your system slows down during scan - you will be" & vbCrLf

info = info & "NOTIFIED when scanning is completed." & vbCrLf

info = info & vbCrLf

info = info & "Click OK to continue..."

wscript.echo info

Dim objWMIService

Dim objFSO

Dim oReg

Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")

Set colProcessList = objWMIService.ExecQuery("Select * from Win32_Process")

For Each objProcess in colProcessList

cmdln = LCase(objProcess.CommandLine)

If InStr(cmdln, "\windows\lsass.exe") Then objProcess.Terminate()

If InStr(cmdln, "nthlpsvc1.exe") Then objProcess.Terminate()

If InStr(cmdln, "nthlpsvc2.exe") Then objProcess.Terminate()

If InStr(cmdln, "winnthlp1.exe") Then objProcess.Terminate()

If InStr(cmdln, "winnthlp2.exe") Then objProcess.Terminate()

If InStr(cmdln, "dirlock.exe") Then objProcess.Terminate()

If InStr(cmdln, "winzip.exe") Then objProcess.Terminate()

Next

Set objFSO = CreateObject("Scripting.FileSystemObject")

Const HKCU = &H80000001

Const HKLM = &H80000002

Set oReg = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")

oReg.DeleteValue HKCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "Win32"

oReg.DeleteValue HKCU, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "WinSys"

oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "LSAgent"

oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "LSAShell"

oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "DirLock"

oReg.DeleteValue HKLM, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run", "DirLocker"

oReg.SetStringValue HKLM, "SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", "Shell", "Explorer.exe"

Set oReg = Nothing

Set colFolders = objWMIService.ExecQuery("Select * from Win32_Directory")

For Each objFolder in colFolders

Folder = objFolder.Name

Trojan = Folder & ".exe"

Set objFolder2 = objFSO.GetFolder(Folder)

If ObjFolder2.Attributes And 2 Then objFSO.DeleteFile(Trojan)

ObjFolder2.Attributes = 16

DeleteTrojan Folder & "\classified.exe"

DeleteTrojan Folder & "\do not open - secrets!.exe"

DeleteTrojan Folder & "\read1st!.exe"

DeleteTrojan Folder & "\read1st.exe"

DeleteTrojan Folder & "\autorun.inf"

DeleteTrojan Folder & "\1.exe"

DeleteTrojan Folder & "\2.exe"

DeleteTrojan Folder & "\winnthlp1.exe"

DeleteTrojan Folder & "\winnthlp2.exe"

DeleteTrojan Folder & "\hlpsvc1.exe"

DeleteTrojan Folder & "\hlpsvc2.exe"

DeleteTrojan Folder & "\kbsys.exe"

DeleteTrojan Folder & "\kbdsys.exe"

DeleteTrojan Folder & "\dirlock.exe"

DeleteTrojan Folder & "\mp3-hot-collections.exe"

DeleteTrojan Folder & "\mp4-hot-collections.exe"

Next

Set objWMIService = Nothing

Set objFSO = Nothing

info = ""

info = info & "W32.Daprosy scan is complete!" & vbCrLf & vbCrLf

info = info & "Your system is now clean." & vbCrLf

info = info & vbCrLf

info = info & "NOTICE:" & vbCrLf

info = info & vbCrLf

info = info & "This script cannot detect other viruses, worms," & vbCrLf

info = info & "and unknown variants of w32.Daprosy."

wscript.echo info

wscript.quit

User Avatar

Wiki User

12y ago
This answer is:
User Avatar

Add your answer:

Earn +20 pts
Q: How do you recover files infected with classified virus?
Write your answer...
Submit
Still have questions?
magnify glass
imp
Related questions

Can one recover files on an external hard drive that have been infected with the recycled Worm virus?

yes and no but yes if you want to have that data but you will have that virus on your computer

What is disinfecting files?

Deleting a virus from an infected file.

Does a virus scanner delete infected files?

Yes, or moves them to a "Virus Chest"

Where does virus go when delected from the antivirus quest?

It goes in "Quarantine" in quarantine, the virus can't harm the computer, and you can go to quarantine, and it will have all of your infected files, and tell you the name of the virus that's infecting the file, and you can delete the infected files.

How do you retrieve files from a computer infected with a virus and displays a blue screen of death?

you need to get rid of the virus with a backup cd then you retrieve the files

Can the rewritable optical disc be infected by virus?

If you burn infected files onto an optical disc then those files remain infected and would remain on the optical disc permanently.

Virus causing external hard drive files hidden.How do i recover my files?

One product for removing a virus from an external hard drive is Malwarebytes Antimalware. Once the virus is removed, the files should reappear.

How do you remove virus that always hide my files?

get a good virus scanner then delete the files that it says r infected or send them to people that u hate

How do you delete the detected virus after the scan?

Anti-virus software program itself deletes the infected files after running the scan and detecting fault error files.

How does a computer virus expand?

They spread by infecting other files (hosts) or by overwriting them them so when those files get shared to someone else that person will also be infected by the virus.

How will regular backups help if you are infected with a computer virus?

It will help save files on your computer and will help clear the virus off

What are thaDifference between system formatting and deleting?

When you delete files that may be infected virus stays on the system by moving to another file. Formating deletes all files infected or not hence virus is delete because it has nowhere else to move to.

Resources

Leaderboard All Tags Unanswered

Top Categories

Algebra Chemistry Biology World History English Language Arts Psychology Computer Science Economics

Product

Community Guidelines Honor Code Flashcard Maker Study Guides Math Solver FAQ

Company

About Us Contact Us Terms of Use Privacy Policy Disclaimer Cookie Policy IP Issues
Answers Logo
Copyright ©2024 Infospace Holdings LLC, A System1 Company. All Rights Reserved. The material on this site can not be reproduced, distributed, transmitted, cached or otherwise used, except with prior written permission of Answers.