Cannot remove Win32: Pakes - AKM [Trj] and others.

My friend’s PC is not at all happy :frowning:

Initially it would not let me install avast. On startup I restored the system to its last known good configuration. Then I was able to install avast home edition. On first boot scan 14 viruses/trojans were found. I scanned several times, but some could not be dealt with. These are:

1. Win32: Pakes - AKM (Trj) found at C:\Windows\System32\ipxa.dll
2. Win32: Agent - OCV (Rtk) found at C:\Documents and Settings\Username\Local Settings\Temp\rmiocpyc.dat
3. Win32: Agent - NGL (Trj) found at C:\Windows\System32\Drivers\rmiocpyc.dat
4. Win32: Agent - PSI (Rtk) found at C:\Windows\System32\Drivers\otbivigo.dat

I also installed spyware blaster and ad-aware, but could not get rid of these babies. Can anyone help?

Thanks

I suggest:

  1. Disable System Restore and reenable it after step 3.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.