AIM Virus/Trojan: How to Remove lockx.exe Rootkit

Posted October 31, 2005 by MickeyMouse in Windows spyware

The new AIM virus/Trojan installs the lockx.exe rootkit. The following tutorial describes how to uninstall it.

With this AIM Trojan, the hardest thing to eliminate is the lockx.exe rootkit. Here is how to do it.

This is a summary of all the lockx.exe installs I have fixed recently. Many of them are not exactly the same. So if you cannot find all the files, you probably do not have them.

1. Download and Run AIMfix.
2. Download Hijack This.
3. Run it, and do a system scan.
4. Check the following, and have the program fix them. (Just select the ones you have):

  • O4 – HKLM\..\Run: [stratas] lockx.exe
  • O4 – HKLM\..\RunServices: [stratas] lockx.exe
  • O4 – HKCU\..\Run: [stratas] lockx.exe
  • Any entry with pokapoka in it
  • R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = htp://
  • R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = htp://
  • R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt://

5. You need to be sure that lockx.exe is removed from your system. It typically lives here: C:\Windows\System32\lockx.exe

You have several options for removing this file, but you must remove it. I would download and run KillBox. Put a checkmark next to Delete on reboot, type in C:\Windows\System32\lockx.exe, and hit the Delete File red circle button. You can also remove it by using any of these techniques.

6. Update and run your antivirus spyware. Run an online antivirus as well.

7. This should remove the rootkit; however, you likely still have a ton of spyware installed on your system. You can use any of these programs to clean the rest off. I like ewido as well.

The Conversation

Follow the reactions below and share your own thoughts.