Trojan.Pakes

Trojan.Pakes, also commonly referred to as Trojan.Win32.Pakes.bqb is a well-known and despised seditious Trojan. One of its main goals is to act as a gateway for other equally harmful and destructive threats to enter the PC more easily. It will grant remote access to faceless hackers, which will ultimately assume control of the compromised PC. This Trojan gains entry to the system by bundling itself with other security downloads and updates obtained from third party websites. Most recently it has also been reported that browser hijacking websites using seditious drive-by download tactics as part of their online marketing campaigns surreptitiously root this malicious Trojan into unsuspecting users’ PCs. Some of the harmful software this infection has been found to download includes ISTBar, Internet Optimizer, Sidebar, and Target Saver. Although these threats require removal, this report focuses on helping you to delete Trojan.Pakes.

Trojan BHO.MJX, Trojan Crypt.WKG, Trojan Pakes.FLB, Trojan Pakes.FLC, and Trojan Pakes.FLD are few of the many names that Trojan.Pakes is known by. According to our researchers, the original infection was targeted at Windows XP systems which, as you know, are no longer supported by Microsoft, and are much more vulnerable. Although it is possible that new variants can affect operating systems running on Windows 7 as well, it is most likely that it will have to be removed from Windows XP systems. The main goal for this infection is to install rogue security software and convince you that your operating system is infected with malware. If you are tricked into believing this, the Trojan will attempt to convince you to pay money for the malware removal services. According to our analysis, this malware performs various actions silently, and this is why some users do not realize being scammed.

Once installed, Trojan.Pakes makes changes in the Windows Registry. It is capable of changing certain values and value data under HKCU\Control Panel\Desktop. This Trojan modifies the value data associated with your wallpaper and background to introduce you to an intimidating desktop image that is meant to trick you into believing that your operating system is infected. This image states: “Warning! Spyware detected on your computer! Install an antivirus or spyware remover to clean your computer.” Of course, this warning is fictitious, and you should realize this right away, considering that Windows or authentic AVs would never send you a warning in this manner. We have also found that this Trojan is launched from HKLM\Software\Microsoft\Windows\CurrentVersion\Run, where the ctfmona value is created. Ctfmona.exe is the installer of this threat, and ctfmonb.bmp and blackster.scr are the files that represent the wallpaper with the fake security warning.

The clandestine Trojan.Pakes has also been found to connect to remote servers silently. This silent connection can be used to transmit information about your operating system and possibly download necessary elements. Needless to say, it also creates a security backdoor to let in malicious rogues. If fake AV tools slither in, they might perform fake system cans to list bogus infections and further intimidate you. The worst thing you can do – besides letting in this malware – is to pay money for the services they promote. Rogue anti-malware software is not created to help you delete infections or protect your operating system from them. They are created to trick you into giving up your money! If you have been tricked into making a transaction, your credit card information might have been collected as well, and that is bad news. Report the fraud to the authorities and remove the infection as soon as possible.

We provide a manual removal guide that you can use to eliminate Trojan.Pakes. This guide shows how to get rid of malicious files and delete/modify registry data. If you are not sure you can perform every single step without making a mistake, do NOT proceed manually. Instead, employ an automated malware remover to securely eliminate all existing threats. This method is irreplaceable if other threats are active. Although this malicious Trojan is meant to download a rogue, it could have entered your operating system bundled with other threats, or it could have been downloaded by another clandestine Trojan. A legitimate, updated anti-malware tool will eliminate all existing threats within a few minutes; however, if you choose the manual option, you need to be ready to spend some time in front of your computer.

Trojan.Pakes Removal

1. Launch Explorer by tapping Win+E keys.
2. Type C:\WINDOWS\system32\ into the address bar and tap Enter.
3. Right-click and Delete these files: ctfmona.exe, blackster.scr, ctfmonb.bmp.
4. Launch RUN by tapping Win+R keys.
5. In the panel on the left navigate to HKCU\Control Panel\Desktop.
6. Right-click the value “Wallpaper” and click Modify.
7. Erase “C:\WINDOWS\system32\ctfmonb.bmp”.
8. Right-click the value “OriginalWallpaper” and click Modify.
9. Erase “C:\WINDOWS\system32\ctfmonb.bmp”.
10. Right-click the value “ConvertedWallpaper” and click Modify.
11. Erase “C:\WINDOWS\system32\ctfmonb.bmp”.
12. Navigate to HKLM\Software\Microsoft\Windows\CurrentVersion\Run.
13. Right-click and Delete value “ctfmona” (value data C:\WINDOWS\system32\ctfmona.exe).