You are on page 1of 3

Daprosy Exterminator v1(a)

Copyleft 2009 by SubAtomica

Daprosy Exterminator script (class-x.bat) is a FREE utility that is released to contain


Daprosy worm infections. Use it when AV utilities are unavailable and not as
replacement to popular or commercial AV's.

Disclaimer:

Daprosy Exterminator is an ideal and safe script. However, we will be dealing with an
erratic and bug-ridden Daprosy worm that has already put your system in quite an
unstable state. Therefore, this disclaimer is in effect and must not be ignored.

Daprosy Exterminator script is considered a system or administrator level utility that


must be used with caution. Its use is discouraged on a system with multiple infections!

The script is provided “AS IS” without warranty of any kind. Use it at your own risk!
There will be no remuneration to whatever damage the script may cause your computer.

You must have read and understood or have others explained the script before using it!

See script below:

@echo off
title Daprosy Exterminator v1(a) by SubAtomica
color 0a
cls
echo Daprosy Exterminator v1(a)
echo Copyleft 2009 by SubAtomica
echo Emergency Release
echo NOT FOR SALE!
echo.
echo A batch script to remove known strains of Daprosy worm including
echo Autorun-AMS/AMW/APL from memory and disk drives.
echo.
echo This utility is provided "AS IS"
echo without warranty of any kind --
echo use at your own risk!!
echo.
echo Please make a backup of ALL your important data before running
echo this script. We do not want you to lose them when system goes
echo very unstable which is not unlikely to happen when you have
echo acquired multiple infections in your system.
echo.
echo IMPORTANT: Do not use browser, e.g. Windows Explorer, while
echo scanning is in progress!
echo.
echo.
pause
cls
echo Terminating processes...
echo.
for /l %%i in (1,1,5) do call :k0
cls
echo Cleaning registry...
echo.
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v Win32 /f
reg delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v WinSys /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAgent /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v LSAShell /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlock /f
reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v Dirlocker /f
reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /d
Explorer.exe /f
cls
echo Deleting files...
echo.
echo This part could take at least half an hour to complete.
echo Please be patient while Daprosy clones are being deleted
echo and "infected" folders are revived one by one.
echo.
for /f %%v in (drives.txt) do call :k3 %%v:\
color 0e
cls
echo Done cleaning system from Daprosy worm!
echo Rerun this script whenever necessary.
echo.
pause
goto :eof
:k0
taskkill /im lsass.exe /fi "username ne nt authority\system" /f
taskkill /im winnthlp1.exe /im winnthlp2.exe /im nthlpsvc1.exe /im nthlpsvc2.exe /f
taskkill /im dirlock.exe /im winzip.exe /f
goto eof:
:k1
if not exist "%~f1.exe" goto :1
if not %~a1==d--hs---- goto :1
attrib -r -h -s "%~f1"
attrib -r -h -s "%~f1.exe"
echo Recovered %~f1
del "%~f1.exe"
:1
call :k2 "%~f1\autorun.inf"
call :k2 "%~f1\kbdsys.exe"
call :k2 "%~f1\classified.exe"
call :k2 "%~f1\do not open - secrets!.exe"
call :k2 "%~f1\read1st!.exe"
call :k2 "%~f1\read1st.exe"
call :k2 "%~f1\1.exe"
call :k2 "%~f1\2.exe"
call :k2 "%~f1\dirlock.exe"
call :k2 "%~f1\winnthlp1.exe"
call :k2 "%~f1\winnthlp2.exe"
call :k2 "%~f1\nthlpsvc1.exe"
call :k2 "%~f1\nthlpsvc2.exe"
call :k2 "%~f1\mp3-hot-collections.exe"
call :k2 "%~f1\mp4-hot-collections.exe"
goto :eof
:k2
if not exist "%~f1" goto :2
attrib -r -h -s "%~f1"
del "%~f1"
echo Deleted %~f1
:2
goto :eof
:k3
if not exist %1con goto :3
echo Processing Drive %1
for /r %1 %%v in (.) do call :k1 "%%v"
:3
goto :eof

Terms and Condition of Use:

You are authorized to use or modify Daprosy Exterminator script as long as you agree to
strictly observe the following terms and conditions:

• You may not modify the script to degrade it or harm a computer system
• You may not distribute a corrupted or harmful copy of the script
• Do not use the script for commercial gain – the script is FREE
• Do not discredit SubAtomica as the original author – be fair ;-)
• You may not modify this Read Me 1st!!.rtf document

Copyleft 2009 by SubAtomica