AIM Virus/Trojan: How to Remove lockx.exe Rootkit

Contributor Icon Contributed by MickeyMouse Date Icon October 31, 2005  
Tag Icon Tagged: Windows spyware

The new AIM virus/trojan installs the lockx.exe rootkit. Here is how to uninstall it.

This new AIM trojan installs a bunch of junk. The hardest thing to get rid of is the lockx.exe rootkit. Here’s how to do it.

This is a summary of all the recent lockx.exe installs I have fixed recently. Many of them are not exactly the same. So if you can’t find all the files, you probably do not have them.

1. Download and Run AIMfix.
2. Download Hijack This
3. Run it and do a system scan
4. Check the following and have the program fix them. Just select the ones you have:

  • O4 - HKLM\..\Run: [stratas] lockx.exe
  • O4 - HKLM\..\RunServices: [stratas] lockx.exe
  • O4 - HKCU\..\Run: [stratas] lockx.exe
  • Any entry with pokapoka in it
  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = htp://ww.clickhere4search.com/sp2.php
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = htp://ww.clickhere4search.com/sp2.php
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt://ww.clickhere4search.com/sp2.php

5. You need to be sure that lockx.exe is removed from your system. It typically lives here: C:\Windows\System32\lockx.exe

You have several options on removing this file, but you must remove it. I would download and run KillBox. Put a checkmark next to Delete on reboot, type in C:\Windows\System32\lockx.exe, and hit the Delete File red circle button. You can also remove it by using any of these techniques.

6. Update and run your antivirus spyware. Run an online antivirus as well.

7. This should remove the rootkit; however, you likely still have a ton of spyware installed on your system. You can use any of these programs to clean the rest of the junk off. I like ewido as well.

Previous recipe | Next recipe |
 
blog comments powered by Disqus