Prorat server trojan HEEEEELPPPP!!!

Toggle sidebar Toggle sidebar
QueBert

QueBert

Lifer
Jan 6, 2002
22,946
1,138
126
My GF's pc was infected with the Prorat server trojan. We CANNOT get the thing off.

we scanned with avast, ad-aware & spybot.

we booted to dos with a boot cd and deleted the exe/dll files that go with it. (fservice.exe, winkey.dll & reginv.exe) reboot to find all the files back in windows/system32

read all over if you download prorat from prorat.net, install it then you can remove it. We tried that but it's telling us we need a password, and that we have to pay for an enchanced version of prorat to remove it. I can't find the password to save my life (assuming it's a standard password)

Somebody is using this to control her pc, we've tried everything I can think of. When I run hijackthis it's showing explorer.exe having fservice.exe running (prorat) try to remove it there but it comes back still

she's running Windows XP Pro.


heeeeelllllppp!

thanks
 
B

bovinda

Senior member
Nov 26, 2004
692
0
0
Until someone more knowledgable comes along, here are my ideas: is system restore turned off? I've heard that viruses can hide using it. Maybe make sure it's off and try deleting the files again? Also maybe try rebooting in safe mode and scanning with some other antivirus programs, like the free ones listed on Schadenfroh's site: http://www.schadentech.com/Rev.../antivirus_roundup.htm

Also, disconnect your gf's computer from the internet if anyone is accessing it.

Good luck bud,
Jeff
 
M

montag451

Diamond Member
Dec 17, 2004
4,587
0
0
make sure that a firewall is installed NOW.

try zonealarm - that will give the option to filter progs that try to access the internet, and vv
 
B

boshuter

Diamond Member
Feb 11, 2003
4,145
0
76
A firewall is a good idea.... unfortunatley it isn't going to help with your problem. You need to edit the changes this has made to your registry. Rather than copy/paste the procedure here I'll just give you a link to removal instructions..... Prorat removal Give this a try and let us know how it works. Also, when you are trying to remove something like this, always turn off system restore and empty the recycle bin.
 
QueBert

QueBert

Lifer
Jan 6, 2002
22,946
1,138
126
update... system restore is off, and for boshuter we followed what was on the link, for some odd reason we can't find the winlogon key in the reg to change the explorer.exe /fsevice.exe..

I had her install Keiro Firewall, but it's still letting the people in. She looked at the log *her pc's cable modem has been unplugged for a few days now* and it shows a lot of high risk intrusions, and a few successful connections. They came from whitehats.com which is confusing to me.

I think the only option now is to find the password for disabling the Prorat server. They claim the Special Edution doesn't need one, it costs money. but f&ck that I refuse to bow to a script kiddie and pay for it, it's like extortion. Emule here I come :)

for all y'all out there, I pray you don't get infected with this, I've read a bunch of people who had this got rid of it real quick and easy. But I've chatted with a few who are in our boat. THis is one of the most annoying trojans I've ever seen. Makes me almost wish it was 99 and I had Backorfice again ;)
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom