Spyware free software spyware removal Anti Spyware software free spyware check adware spyware remover anti virus downloadAnti Spyware Software
Spyware Detector - HomeSpyware Detector - PurchaseSpyware Detector - AffiliatesSpyware Detector - Download UpdatesSpyware Detector -FAQSpyware Detector -Contact Us

Home/ Spyware Encyclopedia / KeyLogger.Ardamax

 KeyLogger.Ardamax Technical Details
 CategoryKeyLogger
 Discovered 9/27/2005 5:54:00 PM
 Modified 6/16/2008 10:23:00 AM
 Threat LevelCritical
 DescriptionA key logger is a program that captures and logs keystrokes on the computer without the user's knowledge and consent.The logged data may be encrypted and is typically sent to a remote attacker. The key logger is usually hidden from the user and may use cloaking (rootkit) technology to hide from other software in order to evade detection by anti-malware applications.
 SummaryThe hosts file was updated with the following url-to-ip mappings: N/A

The following http urls were started:
www.cralcrt.com

Generated smtp traffic:
Email Sender:
*viadofile@gmail.com


Email Recipient:
*viadofile@gmail.com


Email Subject:
Log file


(3160 bytes)

Connection(s) established with remote IRC Server: N/A

The following hidden entries created:
Hidden process: %SYSDIR%\Sys32\YVEL.exe

The following internet connection was established: N/A

 When the KeyLogger is executed, it creates the following files:
 
NameVersionPublisherSignature (MD5)File Size (in Bytes)
..\ardamax keylogger \ardamax keylogger.lnk   530
..\ardamax keylogger \log viewer.lnk   542
..\tibiabot ng \tibiabot ng help.lnk   459
..\tibiabot ng \tibiabot ng on the web.lnk   469
..\tibiabot ng\tibiabot ng.lnk   549
..\tibiabot ng \uninstall tibiabot ng.lnk   561
..\akl\akl.dll  0ce3d5ea6062ea9cb68185d51c3742aa4096
..\akl\akl.dll  0f3ee5d90e31f2817bbf0d761f49b2cf4096
..\akl\akl.dll  343aca979cad291107ca0dbe2e1d89f14096
..\akl\akl.dll  38594625566c4de1d07e83035024683f4096
..\akl\akl.dll  3c8318b0ccce0a4185c23275d3e0eae84096
..\akl\akl.dll  65660be2f4ce4b16ee1bcf9408f33e554096
..\akl\akl.dll  8788ecc42556d9bc69dd076fd589238c4096
..\akl\akl.dll  92c78e13ab3dff35b6f7563efd46caeb4096
..\akl\akl.dll  f2ccdd5bbc9d0a80e8324a8ff9a884434096
..\akl\akl.dll  fa6c7b9d7e266f127ab26875e898029a4096
..\akl\akl.exe  0ce3d5ea6062ea9cb68185d51c3742aa4096
..\akl\akl.exe  0f3ee5d90e31f2817bbf0d761f49b2cf4096
..\akl\akl.exe  343aca979cad291107ca0dbe2e1d89f14096
..\akl\akl.exe  38594625566c4de1d07e83035024683f4096
..\akl\akl.exe  3c8318b0ccce0a4185c23275d3e0eae84096
..\akl\akl.exe  65660be2f4ce4b16ee1bcf9408f33e554096
..\akl\akl.exe  8788ecc42556d9bc69dd076fd589238c4096
..\akl\akl.exe  92c78e13ab3dff35b6f7563efd46caeb4096
..\akl\akl.exe  f2ccdd5bbc9d0a80e8324a8ff9a884434096
 When the KeyLogger is executed, it creates the following Registry entries:
 
..\software\microsoft\internet explorer\main\start page\"http://google.bearshare.com/"
..\software\microsoft\internet explorer\main\start page\"http://www.archiviofun.info"
..\software\microsoft\internet explorer\main\start page\"http://www.xg6hc.cn"
..\software\vb and vba program settings\rs2
..\software\classes\.llf
..\software\classes\clsid\{b6e3088d-3fe1-11d3-a2c1-c2e8bac6d11e}
..\software\classes\llftpns.netscapeprotocol
..\software\microsoft\windows\currentversion\app paths\llftp.exe
..\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\"CASH_E_GOLD"
..\software\microsoft\windows\currentversion\run\"efreesoft boss key"
..\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\"FARCAST"
..\software\microsoft\windows\currentversion\run\"fkg"
..\software\microsoft\windows\currentversion\run\"jornal nacional"
..\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"stt"
..\software\microsoft\windows\currentversion\run\"system16"
..\software\microsoft\windows\currentversion\run\"system32dvbi agent"
..\software\microsoft\windows\currentversion\run\"taskmam"
..\software\microsoft\windows\currentversion\run\"tibiagg2"
..\software\microsoft\windows\currentversion\run\"winsecure"
..\software\microsoft\windows\currentversion\run\"wyd"
..\software\microsoft\windows\currentversion\run\"xd"
..\software\microsoft\windows\currentversion\uninstall\laplink ftp
..\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\REMOTE LOGGER
..\software\ardamax keylogger lite
..\software\classes\clsid\{111e857e-d111-e4d2-738b-2d4f138429cc}
Recommendation to remove KeyLogger.Ardamax
Spyware Detector can remove KeyLogger.Ardamax, and thousands of other Spyware definitions, automatically and instantly. Click here to download Spyware Detector and scan for free.
Download Spyware Detector and Scan for FREE
 
Personalized e-Mail support by our Research Team. You send an "Export Log" report to us, we then add new definition and you eliminate spyware found on YOUR PC in the next Live Update. So, not only do you benefit but the whole community enjoys the feedback. 
Speed up your computer and increase browsing performance by deleting Spyware & Adware
Enjoy continuous protection and security with frequent spyware definition updates so you never have to worry about new threats and outdated software.
Surf the web with confidence knowing your online activities aren't being tracked, and your confidential data is secure from prying eyes.
 
Free Spyware Scan
 Search Threats
Testimonials

Read More
Information Desk
Spyware & Adware Categories we scan
  
List of Spyware &
Adware we remove
Submit a Threat
Submit a threat to be reviewed by our research team

Submit a Threat
Home| About Us| Purchase| Contact Us| FAQ| Privacy Policy