Just found out i've had a bloody keylogger on my system =/

annoyingly easy to check (i pressed shift ctrl alt and h and up popped a box asking for a password)

So yeah, ive searched through everything i can think of, and cant find a way to remove it. any help?

www.**********
ask who keylogged u
they produce the keylogger dl

Locate the directory it's running from (process manager, note the process that's running and search for it). Download Unlocker Assistant (http://ccollomb.free.fr/unlocker/) and remove it along with other suspect and similarly named files. Make sure to look through and find these entries:


HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionUninstallArdamaxKeylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsAppPaths akl.exe
HKEY_CURRENT_USERSoftwareArdamaxKeyloggerLite
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallArdamax Keylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRunArdamaxKeylogger
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsApp Pathsakl.exe
HKEY_CURRENT_USER SoftwareArdamax Keylogger Lite
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunArdamax Keylogger
A few searches found me that these are the active processes the Ardamax keylogger uses:

nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exeakl.exeNext you need to unregister the .dlls it uses
Copy and post the following into Run (Windows Key + R)


exact directory path + "regsvr32 /u" + kh.dll
exact directory path + "regsvr32 /u" + il.dll

I hope that helps :)

Edit: The following is a complete list of the files that you should be looking for (as far as I know this is all of them)



settings.ini
akv.ini
kh.dll
il.dll
nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exe
il.dll
kh.dll
akv.ini
settings.iniakl.exe

Locate the directory it's running from (process manager, note the process that's running and search for it). Download Unlocker Assistant (http://ccollomb.free.fr/unlocker/) and remove it along with other suspect and similarly named files. Make sure to look through and find these entries:


HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionUninstallArdamaxKeylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsAppPaths akl.exe
HKEY_CURRENT_USERSoftwareArdamaxKeyloggerLite
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallArdamax Keylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRunArdamaxKeylogger
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsApp Pathsakl.exe
HKEY_CURRENT_USER SoftwareArdamax Keylogger Lite
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunArdamax Keylogger
A few searches found me that these are the active processes the Ardamax keylogger uses:

nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exeakl.exeNext you need to unregister the .dlls it uses
Copy and post the following into Run (Windows Key + R)


exact directory path + "regsvr32 /u" + kh.dll
exact directory path + "regsvr32 /u" + il.dllI hope that helps :)

Edit: The following is a complete list of the files that you should be looking for (as far as I know this is all of them)



settings.ini
akv.ini
kh.dll
il.dll
nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exe
il.dll
kh.dll
akv.ini
settings.iniakl.exeThat looks very useful, would it not be advisable to pull out the ethernet cable and disconnect from the internet as well and change your online passwords and emails preferably. Recap what you've done on your computer and take nothing for granted.

Try think how you got it too, I would rep you Dr but I can't :P

I had one too, just then I resotred a couple days back and changed some pws on laptop

I had one too, just then I resotred a couple days back and changed some pws on laptop
So will it be fixed now?

So will it be fixed now?

I very much doubt it.

I very much doubt it.
Hmm, cheers for help but getting it fixed, my dads doing it we cleaning it out and scanning big and such

In future, simply download the ardamax keylogger removal tool off the ardamax website...

http://www.ardamax.com/downloads/aklremover.exe

That does remove the trojan itsrlf only if you downloaded the keylogger to keylog some one else, doesnt it..

I have the strangest feeling i keylogged myself some time ago and forgot about it :(

(ps i used that download off the site after i posted this thread) Thanks a lot for all you help :)

That looks very useful, would it not be advisable to pull out the ethernet cable and disconnect from the internet as well and change your online passwords and emails preferably. Recap what you've done on your computer and take nothing for granted.

Try think how you got it too, I would rep you Dr but I can't :P

Anybody reading this don't change passwords until you are completely sure it has gone.

You probably did keylog yourself as the password box doesn't normally come up unless you have Ardemax installed (it never used to).

In future, simply download the ardamax keylogger removal tool off the ardamax website...

http://www.ardamax.com/downloads/aklremover.exe
Yeah, thats it, it's the remove.