You are on page 1of 3

Daprosy Exterminator v1(a)

Copyleft 2009 by SubAtomica

Daprosy Exterminator script (class-x.bat) is a FREE utility that is released to contain

Daprosy worm infections. Use it when AV utilities are unavailable and not as
replacement to popular or commercial AV's.


Daprosy Exterminator is an ideal and safe script. However, we will be dealing with an
erratic and bug-ridden Daprosy worm that has already put your system in quite an
unstable state. Therefore, this disclaimer is in effect and must not be ignored.

Daprosy Exterminator script is considered a system or administrator level utility that

must be used with caution. Its use is discouraged on a system with multiple infections!

The script is provided “AS IS” without warranty of any kind. Use it at your own risk!
There will be no remuneration to whatever damage the script may cause your computer.

You must have read and understood or have others explained the script before using it!

See script below:

@echo off
title Daprosy Exterminator v1(a) by SubAtomica
color 0a
echo Daprosy Exterminator v1(a)
echo Copyleft 2009 by SubAtomica
echo Emergency Release
echo A batch script to remove known strains of Daprosy worm including
echo Autorun-AMS/AMW/APL from memory and disk drives.
echo This utility is provided "AS IS"
echo without warranty of any kind --
echo use at your own risk!!
echo Please make a backup of ALL your important data before running
echo this script. We do not want you to lose them when system goes
echo very unstable which is not unlikely to happen when you have
echo acquired multiple infections in your system.
echo IMPORTANT: Do not use browser, e.g. Windows Explorer, while
echo scanning is in progress!
echo Terminating processes...
for /l %%i in (1,1,5) do call :k0
echo Cleaning registry...
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Win32 /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WinSys /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAgent /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAShell /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlock /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlocker /f
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /d
Explorer.exe /f
echo Deleting files...
echo This part could take at least half an hour to complete.
echo Please be patient while Daprosy clones are being deleted
echo and "infected" folders are revived one by one.
for /f %%v in (drives.txt) do call :k3 %%v:\
color 0e
echo Done cleaning system from Daprosy worm!
echo Rerun this script whenever necessary.
goto :eof
taskkill /im lsass.exe /fi "username ne nt authority\system" /f
taskkill /im winnthlp1.exe /im winnthlp2.exe /im nthlpsvc1.exe /im nthlpsvc2.exe /f
taskkill /im dirlock.exe /im winzip.exe /f
goto eof:
if not exist "%~f1.exe" goto :1
if not %~a1==d--hs---- goto :1
attrib -r -h -s "%~f1"
attrib -r -h -s "%~f1.exe"
echo Recovered %~f1
del "%~f1.exe"
call :k2 "%~f1\autorun.inf"
call :k2 "%~f1\kbdsys.exe"
call :k2 "%~f1\classified.exe"
call :k2 "%~f1\do not open - secrets!.exe"
call :k2 "%~f1\read1st!.exe"
call :k2 "%~f1\read1st.exe"
call :k2 "%~f1\1.exe"
call :k2 "%~f1\2.exe"
call :k2 "%~f1\dirlock.exe"
call :k2 "%~f1\winnthlp1.exe"
call :k2 "%~f1\winnthlp2.exe"
call :k2 "%~f1\nthlpsvc1.exe"
call :k2 "%~f1\nthlpsvc2.exe"
call :k2 "%~f1\mp3-hot-collections.exe"
call :k2 "%~f1\mp4-hot-collections.exe"
goto :eof
if not exist "%~f1" goto :2
attrib -r -h -s "%~f1"
del "%~f1"
echo Deleted %~f1
goto :eof
if not exist %1con goto :3
echo Processing Drive %1
for /r %1 %%v in (.) do call :k1 "%%v"
goto :eof

Terms and Condition of Use:

You are authorized to use or modify Daprosy Exterminator script as long as you agree to
strictly observe the following terms and conditions:

• You may not modify the script to degrade it or harm a computer system
• You may not distribute a corrupted or harmful copy of the script
• Do not use the script for commercial gain – the script is FREE
• Do not discredit SubAtomica as the original author – be fair ;-)
• You may not modify this Read Me 1st!!.rtf document

Copyleft 2009 by SubAtomica