How do I get rid of trojan horse rootkit-Pakes.L or Pakes.AA

I have a trojan horse rootkit-Pakes on my windows XP system.
It is always producing annoying popups.  AVG has detected its
presence but cannot remove it.  AVG was up to date at the time
of the infection.  I have tried Malwarebytes anitmalware and spybot
search and destroy but they do not remove it.  Also an AVG scan
identifies 3 infections that it cannot do anything with.  Any suggestions
would be most appreciated.
thanks,
capreol
Richard ChristensenRetired computer technicianAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

frzsomborCommented:
Hello!

Please download and use Hitman Pro
http://www.surfright.nl/en/downloads/

If it's not a solution, you can try to download NOD32, install it, reboot in safe mode, and start nod32 virus scan
0
frzsomborCommented:
OFF:
I can see that you accidentally created this question twice
Delete the other before any comment added on it.
http://www.experts-exchange.com/Software/Internet_Email/Anti_Spyware/Q_25983556.html
0
Richard ChristensenRetired computer technicianAuthor Commented:
thanks.  I accidentally created the question twice.  Just deleted the second one.
capreol
0
How the Cloud Can Help You as an MSSP

Today, every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. Register today to learn more!

Richard ChristensenRetired computer technicianAuthor Commented:
I will try the Hitman Pro.  To the best of your knowledge can it remove
this rootkit trojan horse Pakes.L or Pakes.AA?  Also is the NOD32 virus scan
program free or is it a pay version?
thanks,
capreol
0
frzsomborCommented:
I don't know that Hitman Pro can kill exactly this rootkit/trojan, but I know that it is really good (best?) killing rootkits.
Unfortunately they are not free, but they do have at least a free trial version.
I've heard really good things about Hitman Pro nowdays, so I think you should try it.
0
Richard ChristensenRetired computer technicianAuthor Commented:
thanks...I will give it a try and let you know.
capreol
0
JeremySBrownCommented:
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for further instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
johnb6767Commented:
Procedure I use for killing hard to remove viruses.... Granted you have identified the files in question......

Right click the File>Properties>Security>Advanced Button>Uncheck "Inherit Permissions>Select "Copy" in the pop up box, >Clock OK, and in the users section at the top, remove all but your logged in user and SYSTEM. Set "Deny, Full Control" rights on the file.

Reboot, and then go back into the file properties, and grant yourself Full control, then delete the file......
Works across All OS flavors, but in the Home Versions, use it in Safe Mode.....
0
optomaCommented:
Another option is to run TdssKiller if Hitmanpro or Combofix fail to replace the patched system file

http://support.kaspersky.com/viruses/solutions?qid=208280684

Post any logfiles produced
0
sap000Commented:
Download it and burn in a cd. boot from this rescue disk. do a live update and scan u r system. 100% you will get rid of this rootkit

http://rapidshare.com/files/310845698/hxr.part1.rar
http://rapidshare.com/files/310854483/hxr.part2.rar 
0
rosscappsCommented:
Hi
Had this very one this morning and AVG rescue CD managed to stomp it.
You must boot from this CD though!
http://www.avg.com/gb-en/avg-rescue-cd
0
M1K3Y_GCommented:
I agree with roscapps. The avg rescue cd is awesome.
after thats done i always run superanti spyware portable or malwarebytes just to make sure everything is gone. Then lastly Ccleaner just for clean up.

0
sb7785Commented:
In addition to the other great suggestions posted; if they all fail, try creating a bootable antivirus CD. If that doesn't fix it, then you've got some serious problems. It's always good to keep on hand at anytime:
http://www.experts-exchange.com/Software/Internet_Email/Anti-Virus/Q_25347695.html 
http://www.experts-exchange.com/articles/Storage/Misc/Creating-a-bootable-CD-USB.html 
What I like is that there are just some pesky items that can't be removed while in Windows. I run from a bootable source first, then go into Windows and see what's left over and then deal with it after. The bootable CD sometimes will take care of 80-100% of the infected items; making it that much easier. Best of luck to you.
0
c_a_n_o_nCommented:
If your system is/was infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.
http://download.bitdefender.com/rescue_cd/

Instructions on the product.
http://www.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.