Home & Home OfficeBusinessPartnersClubAbout Security Stronghold

Prorat Removal: Remove Prorat Forever

Let our support team solve your problem with Prorat and repair Prorat right now!

Leave the detailed description of your Prorat problem in the form below. Our support team will contact you in several minutes and give a step-by-step instruction on how to fix Prorat problem. Please be specific. Do your best describing the problem. This will help us recommend right and complete Prorat problem removal solution.

Describe your problem here and we'll contact you in several minutes:

We'll reply you in 10 minutes or less
* Name:
* E-mail:
* Problem summary:
* Detailed problem
description:

We'll contact you in 10 minutes or less after you click on this button! Individual solution guaranteed!

Warning:

1) We hate spam as much as you do. We will not share your email with any third party or publish it anywhere. Your email is used only to contact you and give you Prorat removal solution.
2) All fields of this form are obligatory.

Guaranteed Problem Solution
Software Industry Professionals Member
Threat's description and solution are developed by Security Stronghold security team. Let professionals make your problems solved now!
Download solution for Prorat and b5dd9aaa.exe now!

What is Prorat? Technical details of Prorat problem and Prorat removal tool

Methods for manual Prorat removal

Free download of a program that will solve your problem automatically

Free instant professional support in solving Prorat error from our Security Support Team

Threat's profile

Threat indicator: MEDIUM
 Name of the threat: Prorat
Command or file name: b5dd9aaa.exe
Threat type: Badware
Affected OS: Win32 (Windows 9x, Windows XP, Windows Vista)

Prorat intrusion method

Prorat copies its file(s) to your hard disk. Its typical file name is b5dd9aaa.exe. Then it creates new startup key with name Prorat and value b5dd9aaa.exe. You can also find it in your processes list with name b5dd9aaa.exe or Prorat.

If you have further questions about Prorat, please fill in the form above and we'll contact you shortly.

» Download program to remove Prorat (Prorat Removal Tool)

Recommended Solution

If you are not sure what to delete, use our award winning program - Prorat Removal Tool.

Prorat Removal Tool will find and fully remove Prorat and all problems associated with Prorat virus.

Fast, easy, and handy, Prorat Removal Tool protects your computer against Prorat that does harm to your computer and breaks your privacy. Prorat Removal Tool scans your hard disks and registry and destroys any manifestation of Prorat. Standard anti-virus software can do nothing against malicious programs like Prorat. Remove Prorat straight away!

» Download Prorat Removal Tool now for free

How to fix Prorat

This problem can be solved manually by deleting all registry keys and files connected with Prorat, removing it from starup list and unregistering all corresponding DLLs. Additionally missing DLL's should be restored from distribution in case they are corrupted by Prorat.

To get rid of Prorat, you should:

1. Kill the following processes and delete the appropriate files:

• backdoor.prorat.10.c.exe
• backdoor.prorat.10.f.exe
• backdoor.prorat.12.exe
• backdoor.prorat.13.exe
• backdoor.prorat.13_(57).exe
• backdoor.prorat.14.exe
• backdoor.prorat.17.exe
• create.exe
• eimsn.exe
• fservice.exe
• imsn.exe
• instmsng.dll
• ktd32.atm
• love.exe
• love[1].exe
• msmsg.exe
• mutlaka_okuyun.txt
• pplugin10xa.exe
• pplugin4.dat
• pplugin4.exe
• pplugin8.exe
• pplugin9.dat
• pplugincd.dll
• prorat.exe
• p_ekran.jpg
• reginv.dll
• sif.html
• sinsys.exe
• sservice.exe
• sss.htm
• version_renewal_and_arrangements.txt
• versiyon_yenilikleri.txt
• vklog.log
• W32Dropper-APN.exe
• winkey.dll
• winp9.exe
• wservice.exe

Warning: you should delete only those files which checksums are listed as malicious. There may be valid files with the same names in your system. We recommend you to use Prorat Removal Tool for safe problem solution.

2. Delete the following malicious folders:

• C:\Documents and Settings\User\Desktop\love\

3. Delete the following malicious registry entries and\or values:

• Key: SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
  Value: StubPath

• Key: SOFTWARE\P®O Group\ProRat V1.9
  Value: Genel_Sifre

• Key: SOFTWARE\P®O Group\ProRat V1.9
  Value: Son_Ip

• Key: SOFTWARE\P®O Group\ProRat V1.9
  Value: Son_Port

• Key: SOFTWARE\P®O Group\ProRat V1.9
  Value: skin

• Key: SOFTWARE\P®O Group\ProMessenger
  Value: skin

• Key: SOFTWARE\P®O Group\ProRat V1.9
  Value: LastStartData

• Key: Software\P®O Group\ProRat V1.9\Ip_Adrs
  Value: Sayi

• Key: Software\P®O Group\ProRat V1.9\Ip_Adrs
  Value: Ip2

• Key: Software\P®O Group\ProRat V1.9\Ip_Adrs
  Value: Sayi

• Key: software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}
  Value: stubpath

• Key: SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}
  Value: StubPath

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Bulas

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: FW_KILL

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: XP_FW_Disable

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: XP_SYS_Recovery

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: ICQ_UIN

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: ICQ_UIN2

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Kurban_Ismi

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Mail

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Online_List

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Port

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Sifre

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Hata

• Key: SOFTWARE\Microsoft DirectX\WinSettings
  Value: Tport

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Bulas

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: FW_KILL

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: XP_FW_Disable

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: XP_SYS_Recovery

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: ICQ_UIN2

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Online_List

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Port

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Hata

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: KSil

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: LanNotifie

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: ICQ_UIN

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Kurban_Ismi

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Mail

• Key: SOFTWARE\Microsoft\Windows NT Script Host\Microsoft DxDiag\WinSettings
  Value: Sifre

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  Value: Shell

• Key: Software\Microsoft\Internet Explorer\Main
  Value: Start Page

• Key: software\microsoft\windows nt\currentversion\winlogon
  Value: shell

• Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  Value: Shell

Warning: If value is listed for some registry entries, you should only clear these values and leave keys with such values untouched. We recommend you to use Prorat Removal Tool for safe problem solution.

Here are the descriptions of problems connected with Prorat and b5dd9aaa.exe we received earlier:


Reader_exe application error OXOOO OOO6

Problem Summary: Reader_exe application error OXOOO OOO6

My computer is taking close to an hour to boot up, and will not shut down ( I have to do a hard shut down) and I am now losing files like my adobe acrobat will not open all the time as well as media player. Just sometimes though. And it is crashing alot. Internet explorer is become non-responsive alot.

Our support has contacted the author of this message, Laura Delgado, and helped to solve his problem.

reader_s.exe and servises.exe

Problem Summary: reader_s.exe and servises.exe
Some days ago they appeared in my pc, and have been found by Malwarebytes. They were found and deleted, but anytime I connect to internet, they appear again. They create several other files (*.tmp and uptate\"some number\".exe in windows/system32) I found some informations about them, such as: One or more files with the name READER_S.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use. Port 80 IP:218.61.33.117. Reader_s also creates: c:\\windows\\system32\\reader_s.exe; c:\\documents and settings\\user\\reader_s.exe; c:\\windows\\system32\\dllcache\\ndis.sys; c:\\windows\\system32\\drivers\\ndis.sys. I don\'t know if this files \"ndis.sys\" are part of windows, so I didn\'t do anything with them. Servises.exe does this: Deletes c:\\windows\\system32\\servises.exe; Creates c:\\windows\\system32\\servises.exe; Creates c:\\windows\\system32\\servises.dll. And, at last, yesterday it appeared in my desktop some links to sites such as youporn, pornotube and another one I don\'t remember now, and I think it\'s also related to this viruses. Some days ago, it didn\'t connect to internet in here... ah, another thing, in c:/windows/prefetch there are files related to them (reader_s, uptadtes, tmp etc). Well, I hope you can help me... Since now, thanks a lot.


Our support has contacted the author of this message, Ricardo, and helped to solve his problem.

reader_exe virus

Problem Summary: reader_exe virus
I have a problem with reader_s.exe virus. Whenever I delete it from /documentnts and s
ettings/admin it appears again.

Our support has contacted the author of this message, Jijo, and helped to solve his problem.

reader_s.exe

Problem Summary: reader_s.exe
since last week , I have been trying delete this virus(or spy)..it is named on the internet\"spy which is the could\'t removed spy with format\" however I tried format 2 times and I could\'t remove it .. the spy is in the two folders when I open the internet connection (C:\\WINDOWS\\system32\\reader_s.exe and C:\\Documents and Settings\\Administrator\\reader_s.exe ) whatever I did , this files removed once and when system is reboot those files arrive again .. I can\'t do anything and I can cry at the moment ..could you help me ..! :(

Our support has contacted the author of this message, yunus aktaş, and helped to solve his problem.

how to remove win32.worm.sharesillycopy.d.8

Problem Summary: how to remove win32.worm.sharesillycopy.d.8
the above virus is disturbing my computer softwares....

Our support has contacted the author of this message, sravanreddy, and helped to solve his problem.

33

Problem Summary: 33
33333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333333

Our support has contacted the author of this message, Pablo, and helped to solve his problem.

Matematic

Problem Summary: Matematic
Inmultire

Our support has contacted the author of this message, Grigoras, and helped to solve his problem.

Next threat: Prorat.16 »

Learn more about Prorat and b5dd9aaa.exe »

« Back to catalog

Solution: 783
Home | Partners | Shop | Support | Contact Us | Privacy Policy | Sitemap

Copyright © 2003-2009 Security Stronghold. All Rights Reserved.