Wire0

Tech news, tips, tricks & tutorials

    • Home Malware Removal How to get rid of Prorat Backdoor Trojan?

    How to get rid of Prorat Backdoor Trojan?

    5/28/2013
    Threat Details:

    Category:
    • Backdoor Trojan

    Risk Level: 
            Very high

    Description:
    ProRat provides full access to the resources of the remote computer. The hacker can then disturb you by sending messages, shutting down your computer, giving your computer damage, stealing your sensitive information,etc.

    Removal Instructions:
    Files:
    Please use Windows Explorer or another file manager of your choice to locate and delete these files.
    • The file at "<$WINDIR>\ktd32.atm".
    • The file at "<$WINDIR>\services.exe".
    • The file at "<$WINDIR>\system\sservice.exe".
    • The file at "<$SYSDIR>\fservice.exe".
    • The file at "<$WINDIR>\services.exe".
    • The file at "<$WINDIR>\system\sservice.exe".
    • The file at "<$WINDIR>\ktd32.atm".
    • The file at "<$WINDIR>\services.exe".
    • The file at "<$WINDIR>\system\sservice.exe".
    • The file at "<$SYSDIR>\reginv.dll".
    • The file at "<$SYSDIR>\winkey.dll".
    • The file at "<$WINDIR>\system\sservice.exe".
    • The file at "<$SYSDIR>\fservice.exe".
    • The file at "<$SYSDIR>\reginv.dll".
    • The file at "<$SYSDIR>\winkey.dll".
    Make sure you set your file manager to display hidden and system files.

     Registry:

    You can use regedit.exe (included in Windows) to locate and delete these registry entries.


    • Delete the registry value "sr" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\".
    • Delete the registry value "sr" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\".
    • Delete the registry value "sr" at "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\".
    • Delete the registry value "LanguageId" at "HKEY_CURRENT_USER\Software\P®O Group\ProMessenger\".
    • Delete the registry key "Windows NT Script Host" at "HKEY_CURRENT_USER\Software\Microsoft\".
    • Delete the registry key "WinSettings" at "HKEY_CURRENT_USER\Software\Microsoft\Windows NT Script Host\Microsoft DxDiag\".
    • Delete the registry value "DirectX For Microsoft® Windows" at"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\".
    Automated Removal:

    Download Spybot Search and Destroy to remove this malware.
    Read more
    Posted by at
    Labels:

    No comments:

    Post a Comment