# Disable System Restore (Windows Me/XP).
# Update the virus definitions.
# Restart the computer in Safe mode (Windows 95/98/Me) or Safe mode with Command Prompt (Windows 2000/XP).
# Reverse the changes made to the registry.
# Restart the computer in Safe mode or VGA mode (Windows Me/XP).
# Run a full system scan and delete all the files detected as Backdoor.Prorat.

# Type the following:

regedit

# Do one of the following:

    * Windows 2000/XP: Press Enter.
    * Windows 95/98/Me: Click OK.

# Navigate to each of these keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5Y99AE78-58TT-11dW-BE53-Y67078979Y}

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

# For each one, in the right pane, if any of the following values are found, delete that value:

"MSNMESENGER"="%System%\Main.exe"

"DirectX for Microsoft Windows"="%System%\Fservice.exe"

"DirectX for Microsoft Windows"="%System%\Sservice.exe"

"StubPath"="C:\Windows\system\Sservice.exe"

# Do one of the following:

    * Windows 95/98/Me. Skip to step i.
    * Windows NT/2000/XP: Proceed with step g.

# Navigate to the key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

# In the right pane, modify the value:

"Shell"="explorer.exe %System%\Fservice.exe"

to:

"Shell"="explorer.exe"

# Exit the Registry Editor.
# Do one of the following:

          o Windows 95/98/Me: Skip to section 6.
          o Windows NT/2000/XP: Continue on to section 5.