Technology Zone

[GameLordquest]

Dear members,

If you want to remove PROrat and its virusses you need not only need to edit your registery but start in Safe Mode too. So if you want to remove the virus print this page. I will also make an TXT file for those who dont have an printer.

Since i cant type backslashes replace every slash for a backslash

Here we go.

Windows 2000/NT/XP

for Windows 95/98/ME skip step number 11,12

Quote:

Step 1
Go to Start > Run

Step 2
type regedit and press enter ok click ok

Step 3
Navigate to this key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

Step 4
Delete this value MSNMESENGER"="%System%/Main.exe

Step 5
Navigate to this key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/
Policies/Explorer/Run

Step 6
Delete this value DirectX for Microsoft Windows"="%System%/Fservice.exe

Step 7
Navigate to this key HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Active Setup/Installed Components/{5Y99AE78-58TT-11dW-BE53-Y67078979Y}


Step 8
Delete this value DirectX for Microsoft Windows"="%System%/Sservice.exe

Step 9
Navigate to this key HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

Step 10
Delete this value StubPath"="C:/Windows/system/Sservice.exe

Step 11
Navigate to this key HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

Step 12
Modify this"Shell"="explorer.exe %System%/Fservice.exe" into this "Shell"="explorer.exe"

Step 13
Exit your Registry Editor and restart your PC in Safe mode with Command prompt (shut down then start up and hit and hold F8 untill and black screen with white letters appears)

Step 14
log on your own account and then you should see command prompt on the left and nothing else exept maybe some writing like Safe Mode Windows blahblahblah.

Step 15
type in cd/windows like that.

Step 16
type in erase services.exe

Step 17
Then type in cd/windows/system

Step 18
Type in erase sservice.exe like that. I did not misspelled it.

Step 19
Then type in cd/windows/system32

Step 20
Then type the following codes in

Code:

erase C:/windows/system32/reginv.dll
erase C:/windows/system32/fservice.exe
erase C:/windows/system32/winkey.dll
erase C:/windows/system32/wininv.dll 

Step 21
Then type in cd/ and then start explorer Note: you dont have internet

Step 22
Browse to your windows folder and check if the following files are deleted.

Code:

C:/windows/system32/reginv.dll
C:/windows/system32/fservice.exe
C:/windows/system32/winkey.dll
C:/windows/services.exe
C:/windows/system/sservice.exe
C:/windows/system32/wininv.dll 

Step 23
If you havent deleted it already delete PROrat without running it. the go to Start > Run again and if the following still exsist. If so delete/modify it again.

Code:

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

MSNMESENGER"="%System%/Main.exe

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/WindowsCurrent/Version/
Policies/Explorer/Run

DirectX for Microsoft Windows"="%System%/Fservice.exe

HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Active Setup/Installed Components/{5Y99AE78-58TT-11dW-BE53-Y67078979Y}

DirectX for Microsoft Windows"="%System%/Sservice.exe

HKEY_CURRENT_USER/SOFTWARE/Microsoft/Windows/CurrentVersion/Run

StubPath"="C:/Windows/system/Sservice.exe

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon

"Shell"="explorer.exe %System%/Fservice.exe" must be "Shell"="explorer.exe"

Step 24
Now restart your PC again and browse to your windows folder again to check if these files are gone. if not repeat from step 1.

Code:

C:/windows/system32/reginv.dll
C:/windows/system32/fservice.exe
C:/windows/system32/winkey.dll
C:/windows/services.exe
C:/windows/system/sservice.exe
C:/windows/system32/wininv.dll 

Step 25
Run your virusscanner to check for virusses. Now it should say nothing unless you have other virussses or hacks...

Congratulations. Your PC is now Good to Go again. Have a nice day.

Credits to:
Me for writing.
Symantec© for providing the Keys.
Toscane of PChelper.nl for helping me.

[YouKnowWho]

i don't have any viruses but i'm sure this will help of i get a serious one .. thank you

[GameLordquest]

No problem im here to help... But this is actually only for the virus simular to the ProRat virus... you should check this list if you think your infected.

[EnviousX]

Well thanks, ive been proratted before by somebody (cough cough)
But yeah i had kaspersky on luckily, so it killed it after my system reboot.
I also had a parite which was odd, every file was infected.

[Samurai_Mo]

hmm oke 1 thing what thus that virus do to your pc ?

i got and virus
and now i dont got permision to my system that mean i can't edit my pc or remove software
ore look in windows conf

and i can't change my desktop image :'(

[GameLordquest]

lol i got thanked by hornstar...

ProRAT is an keylogger that grants access to several programs where normally access is denied... so infact is ProRAT handy but it has a flip side...

[+iio]

prorat doesnt have a virus. atleast my one didnt.

[GameLordquest]

ok... have it your way... let me put it like this. ProRAT is a keylogger that manifest in your PC the moment you installed it. you can play "smartass" all you want but you know im right.

[joriannn]

Quote:

Originally Posted by N_E_O_N

prorat doesnt have a virus. atleast my one didnt.

If there's a free version of it, it most likely does. The name only already freaks me out, I'd never download something like that

[stormer320]

Quote:

Well thanks, ive been proratted before by somebody (cough cough)
But yeah i had kaspersky on luckily, so it killed it after my system reboot.
I also had a parite which was odd, every file was infected.

Ehhh this was me lol. xD *cough* What?