Ardamax Keylogger

Blue · 15-08-2008, 12:43 AM

Just found out i've had a bloody keylogger on my system =/

annoyingly easy to check (i pressed shift ctrl alt and h and up popped a box asking for a password)

So yeah, ive searched through everything i can think of, and cant find a way to remove it. any help?

SaintSmithy · 15-08-2008, 12:50 AM

www.**********
ask who keylogged u
they produce the keylogger dl

DrLacero · 15-08-2008, 12:54 AM

Locate the directory it's running from (process manager, note the process that's running and search for it). Download Unlocker Assistant and remove it along with other suspect and similarly named files. Make sure to look through and find these entries:

Code:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallArdamaxKeylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsAppPathsakl.exe
HKEY_CURRENT_USERSoftwareArdamaxKeyloggerLite
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallArdamax Keylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunArdamaxKeylogger
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsApp Pathsakl.exe 
HKEY_CURRENT_USER SoftwareArdamax Keylogger Lite 
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunNSK 
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunArdamax Keylogger

A few searches found me that these are the active processes the Ardamax keylogger uses:

Code:

nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exeakl.exe

Next you need to unregister the .dlls it uses
Copy and post the following into Run (Windows Key + R)

Code:

exact directory path + "regsvr32 /u" + kh.dll

Code:

exact directory path + "regsvr32 /u" + il.dll

I hope that helps

Edit: The following is a complete list of the files that you should be looking for (as far as I know this is all of them)

Code:

settings.ini
akv.ini
kh.dll
il.dll
nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exe
il.dll
kh.dll
akv.ini
settings.iniakl.exe

Jordy · 15-08-2008, 01:15 AM

Originally Posted by DrLacero

Locate the directory it's running from (process manager, note the process that's running and search for it). Download Unlocker Assistant and remove it along with other suspect and similarly named files. Make sure to look through and find these entries:

Code:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallArdamaxKeylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsAppPathsakl.exe
HKEY_CURRENT_USERSoftwareArdamaxKeyloggerLite
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunNSK
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionUninstallArdamax Keylogger
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunArdamaxKeylogger
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindowsApp Pathsakl.exe 
HKEY_CURRENT_USER SoftwareArdamax Keylogger Lite 
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunNSK 
HKEY_LOCAL_MACHINE SOFTWAREMicrosoftWindows CurrentVersionRunArdamax Keylogger

A few searches found me that these are the active processes the Ardamax keylogger uses:

Code:

nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exeakl.exe

Next you need to unregister the .dlls it uses
Copy and post the following into Run (Windows Key + R)

Code:

exact directory path + "regsvr32 /u" + kh.dll

Code:

exact directory path + "regsvr32 /u" + il.dll

I hope that helps

Edit: The following is a complete list of the files that you should be looking for (as far as I know this is all of them)

Code:

settings.ini
akv.ini
kh.dll
il.dll
nsk.exe
akv.exe
akl.exe
akv.exe
nsk.exe
il.dll
kh.dll
akv.ini
settings.iniakl.exe

That looks very useful, would it not be advisable to pull out the ethernet cable and disconnect from the internet as well and change your online passwords and emails preferably. Recap what you've done on your computer and take nothing for granted.

Try think how you got it too, I would rep you Dr but I can't

~~ClassicLegend~~ · 15-08-2008, 01:46 AM

I had one too, just then I resotred a couple days back and changed some pws on laptop

~~ClassicLegend~~ · 15-08-2008, 02:12 AM

Originally Posted by ClassicLegend

I had one too, just then I resotred a couple days back and changed some pws on laptop

So will it be fixed now?

DrLacero · 15-08-2008, 11:57 AM

Originally Posted by ClassicLegend

So will it be fixed now?

I very much doubt it.

~~ClassicLegend~~ · 15-08-2008, 12:04 PM

Originally Posted by DrLacero

I very much doubt it.

Hmm, cheers for help but getting it fixed, my dads doing it we cleaning it out and scanning big and such

iUnknown · 15-08-2008, 12:32 PM

In future, simply download the ardamax keylogger removal tool off the ardamax website...

http://www.ardamax.com/downloads/aklremover.exe

~~ClassicLegend~~ · 15-08-2008, 12:36 PM

That does remove the trojan itsrlf only if you downloaded the keylogger to keylog some one else, doesnt it..

Thread: Ardamax Keylogger

Thread Tools

Ardamax Keylogger

Posting Permissions