backdoor removal please im desperate HELP

[rexter]

when i start up my computer i get a message from my antivirus programme of a malicious program that has been deleted :

c:\windows\system32\winkey.dll
backdoor.win32.prorat.19.ah

also it says its personalising settings :
c:\windows\system\sservice.exe

but if i go to those folders there is nothing there but when i restart the computer i get the same above which means it is not getting deleted its reinstalling itself and it disables my antivirus - i use f-secure

please somebody tell me how i can remove this backdoor programme as im now exhausted trying

please help

 

[Rikus]

Start up in safe mode and run your anti-virus?

 

[Rikus]

start
run
type in msconfig
press ok
go to startup tab and disable all
apply
ok
restart

 

[rexter]

hi rikus which must i do first and also how do i go to the safe mode

 

[Telkomisaloser]

Safe mode = restart and hold down F8 while computer loads up

 

[Rikus]

when your pc is booting keep pressing f8 and choose safemode

 

[Rikus]

snap!

 

[Rikus]

hi rikus which must i do first and also how do i go to the safe mode

you can do both in safe mode.

 

[GTi]

After rebooting machine, and while it is starting up press F8 to select safe mode.

 

[kronoSX]

all the above post you must do and untick system restore.WHen the virus is off you can activate again systemrestore

 

[Rikus]

all the above post you must do and untick system restore.WHen the virus is off you can activate again systemrestore

Good point!

I am so windgat I have it off all the time so tend to forget about it.
I have mine off as my laptop is seriously slow with it on

 

[rexter]

ok guys i went into safe mode and i still cannot get the antivirus to start up i went to try and delete the winkey.dll but it says file protected and unable to delete .... my system restore is off....

also i get this message at startup :

DEMO
this program is protected with unregistered version of DotFix NiceProject

i dont know what else to do to delete this ****

 

[Random717]

this will get rid of any virus...
download Hiren's bootcd, around 68MB (you can find it on 9down, latest version is 8.9). It's an ISO file that you burn onto cd, then boot up from it. It has 2 antivirus programs on it, pick one, run it, make it do a full search of all your hard drives. It should delete or quarantine all infected files. When it's done, reboot your pc.
Once you're back in Windows, uninstall f-prot and get a decent free antivirus program like AVG, and make sure you run Windows update (or download Autopatcher) to get your OS secure.

 

[Tux]

You could also try http://housecall.trendmicro.com but it's a bit slow at times