Filename:
Classified.exe
Related to:
W32.Daprosy
File Directory:
%Windows%\
%UserProfile%\My Documents\
Startup Type:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Classified.exe
Removal and Protection:
Deleting the file Classified.exe will not help in removing the threat on computer. Antivirus and Anti-Spyware Software are recommended for automatic removal and protection. To remove this malicious file, please download and run MalwareBytes Antimalware.
17 Responses for "Classified.exe"
i had tested out almost all of the known antivirus to remove the virus but they doesn’t solve the removal of the classified.exe.
any help will be much appreciated
i had the same problem too.. my first anti virus was avira.. and also i have malwarebytes.. but it only inactivate my antivirus. then i tried to download kaspersky but it can’t delete the classified.exe.. this folder is locked.. and all the sites of antivirus, malware, spyware and others are also blocked.
try downloading usb disk security…
then make your HD as a flash disk by using a IDE/SATA USB cable to scan it in another computer with the disk security…
that would work i already tried it…
“try downloading usb disk security…
then make your HD as a flash disk by using a IDE/SATA USB cable to scan it in another computer with the disk security…
that would work i already tried it…”
Nah..It won’t!
I may say, once your pc is infected with this worm, it disable or blocked your antivirus, making it useless…It replace folders with an application with the same name and icon…original folders are set by this wom as super hidden so it appears to be deleted though it is really not.
My solution scan your infected hardrive to another pc with a removal tool…i have use an updated removal tool from kaspersky and it works… here’s the links:
Download 1 (http://downloads1.kaspersky-labs.com/devbuilds/AVPTool/)
Download 2 (http://downloads2.kaspersky-labs.com/devbuilds/AVPTool/)
Download 3 (http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/)
install this on a clean virus free pc then scan your infected hard drive or usb…It will detect and delete the worms…
As to restore the hidden folders, you have to set folder options to show all files and uncheck the hide protected operating system…to be able to view the hidden folders…then you may manually change its folelder attributes by right click the properties… or you may download a software called Attribute Manager 2.6 to ease the work of setting attributes…
Be sure to reset folder options for protections…when done…you may rescan to be sure worms are gone…then test the hard drive on your pc…
Its kinda long process but it works for me…
Hope It helps…God Bless!!!
Guys try this to remove Classified.exe worm
1. Download Hitman Pro 3.5 and run it to your computer
* This will remove threats in windows. Restart your computer
2. Download Kaspersk removal tool and run this in your computer.
* Run this tool after hitman. Remove all the threats that were found
3. Open regedit and do the following
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\A
dvanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”Hidden” = “2″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\”HideFileExt” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “0″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”SuperHidden” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
\”NoFolderOptions” = “1″
4. Show all the folders. Open run command and type this to the terminal:
attrib -h -s /s /d
*At this point the folders were back and your computer is now free from Classified.exe
5. Rescan again just to make sure your computer is safe from any threats
Oct 10 2007, 09:24 AM
Here’s a Tip on USB Devices on protecting them.. Hope you want this… Enjoy
1. Check first the Auto Insert Notification setttings. Set it to “prompt user…”.
2. Insert your USB device
3. Open “My Computer” after the USB loads
4. DON’T left-click, but right-click on the USB drive
5. Check: (very important)
if it displays:
QUOTE
Open
Explore
Search
Autoplay
then it’s safe.
if it displays:
QUOTE
Autoplay
Open
Explore
Search
or:
QUOTE
Auto
Autoplay
Open
Explore
Search
or:
QUOTE
0pen
Autoplay
Open
Explore
Search
or:
QUOTE
Open
Autoplay Folder Options. If Folder Options isn’t displayed, then proceed to step 7**
2. Go to the View tab, then enable “Show hidden files and folders”, and uncheck “Hide extensions for known file types” and “Hide protected operating files” (click yes on this part)
3. Apply and Ok
4. Click the address bar
5. Type the drive letter of your USB device (example - F:\)
6. Look for suspicious files… like EXE files that has the icon of a folder, and named after the folder it is in… or VBS files in the root folder… or krag.exe and other unnecessary executables, or the folder RECYCLER. Delete those.
7. Run Notepad
8. Go to File>Save As, go to any folder you want to save.
9. Name it as “autorun.inf”, then save.
10. Copy autorun.inf
11. Paste it on the root folder of the USB drive (example - F:\)
12.Confirm file overwrite.
13. Reconnect your USB device.
14. Finished. No more Autoplay.
**if there is no Folder Options, then it might have been disabled by the administrator, or your system also has already been infected.
===================================
Also dont Reboot PC (pressing restart button.) while your USB Device is inserted. it can corrupt data…
thanks jeff !
Thanks a lot jeff. It worked.
Hi Jeff…what if in the part below where the “Advanced” folder is missing in my case…how do i go around with this?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”Hidden” = “2?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer
Advanced\”HideFileExt” = “1?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”ShowSuperHidden” = “0?
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\
Advanced\”SuperHidden” = “1?
Thanks for all the help i could get =)
can i just copy the “Advanced” folder from another pc and paste it on the directory on my pc?
thanks jeff!
all my foldera are gone. there is no folder options. how do i get it back? pls help jeff
how do i show all the folders????
How to remove this virus…
1. Boot in safe mode with command prompt. Do NOT boot on safe mode with networking. the virus will be active.
>to boot in safe mode>>>start your computer>> while restarting press F8>> then choose safe mode
2. Run regedit (Start >> Run >> cmd)
3. Delete the following registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”WinSys” = “%Windir%\system.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”LSAShell” = “%Windir%\lsass.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”SessionMngr” = “C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Shell” = “Explorer.exe \”C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe\”
4. Edit the following entries too:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”SuperHidden” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\”NoFolderOptions” = “1″
Note: “0″ is to disable, “1″ is to enable.
Very Important Note:
Use Attribute Changer first to fix regular folders’ attribute BEFORE fixing the registry.
________________________________________
here’s my regentry for the above:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\”DisableSR” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”Hidden” = “2″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”SuperHidden” = “0″
________________________________________
5. Manually delete the following files
%System%\hlpsvc1.exe
%System%\hlpsvc2.exe
%SystemDrive%\Read1st!.exe
%SystemDrive%\goats.exe
%Windir%\Classified.exe
%Windir%\system.exe
%Windir%\lsass.exe
%Windir%\shutdown.dll
%UserProfile%\My Documents\Classified.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe
C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe
Also clear your startup folder
%Windir%\ is usually Windows (unless you specified a diff one upon OS installation)
%system% and %systemDrive%\ is the drive where your OS is (usually C: drive)
hi..
i have finished doing steps 1 to 4..
but i couldn’t delete the ff files in step5:
%System%\hlpsvc1.exe
%System%\hlpsvc2.exe
%SystemDrive%\Read1st!.exe
%SystemDrive%\goats.exe
%UserProfile%\My Documents\Classified.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Keyboard\kbdsys.exe
C:\Documents and Settings\All Users\Application Data\PolariSys\dirlock.exe
i need help please… thank you.
God Bless.
me too..
i coudn’t delete also.
Any Response?
Can't Find a Solution?
Start a Discussion Here!