Take A Look At This.....Keylogged ETC...

Thanks for that, but how exactly do i do those things...or unregister them or whatever, if someone could make a step by step guide, i'll be really happy.

There also may be a little money in it for someone if they can make a step by step short guide to slove the problem..

Cheers everyone.

 

Here you go.

EDIT:

Step 1: CTRL + ALT + DELETE.

This will open up the taskmanager.



Step 2: End the process, by either right clicking on the process and ending the process tree, or hitting the end process button




Step 3: Deleting all the shit you don't need.

Step 3A:Remove everything from these directories if you have them.

Code:

%program_files%\ckm
%program_files%\fkg
%programs%\ardamax keylogger

Step 3B: Remove all these files

Code:

akl.exe
akv.exe
ardamax keylogger.lnk
cmmd.006
cmmd.007
cmmd.exe
explorer.006
explorer.007
explorer.ex0
fkg.chm
fkg.exe
flash_player_v4.006
flash_player_v4.007
1661156
2827223
2831364
2831365
2831366
2840953
3049927
akl.chm
%program_files%\tnd\tnd.exe
%program_files%\tnd\tray.gif
%system%\nsk.exe
%program_files%\tnd\akv.exe
%program_files%\tnd\akv.ini
%program_files%\tnd\menu.gif
%program_files%\tnd\qs.html
%program_files%\tnd\tnd.002
%program_files%\tnd\tnd.003
%program_files%\tnd\tnd.004
%program_files%\tnd\tnd.006
%program_files%\tnd\tnd.007
%program_files%\tnd\tnd.chm
%program_files%\nsk\akv.exe
%program_files%\nsk\nsk.exe
%program_files%\tnd\uninstall.exe
%programs%\ardamax keylogger\ardamax keylogger.lnk
%programs%\ardamax keylogger\help.lnk
%programs%\ardamax keylogger\log viewer.lnk
kh.dll
license.txt
log viewer.lnk
menu.gif
qs.html
svchost.006
svchost.007
flash_player_v4.exe
help.lnk
install.exe
svchots.exe
sysw.006
sysw.007
topinstall.exe
tray.gif
uninstall.exe
%program_files%\ckm\akv.exe
%program_files%\ckm\ckm.003
%program_files%\ckm\ckm.004
%program_files%\ckm\ckm.006
%program_files%\ckm\ckm.007
%program_files%\ckm\ckm.chm
%program_files%\ckm\ckm.exe
%program_files%\ckm\license.txt
%program_files%\ckm\menu.gif
%program_files%\ckm\qs.html
%program_files%\ckm\tray.gif
sysw.exe
tnd.exe
%program_files%\ckm\uninstall.exe
kh.dll
install.exe
sysw.exe
svchots.exe
%program_files%\nsk\akv.exe
topinstall.exe
%program_files%\ckm\uninstall.exe
%program_files%\ckm\ckm.exe
%program_files%\ckm\akv.exe
%system%\nsk.exe
%program_files%\tnd\akv.exe
%program_files%\nsk\nsk.exe
%program_files%\tnd\tnd.exe
%program_files%\tnd\uninstall.exe
akl.exe
flash_player_v4.exe
fkg.exe
cmmd.exe

Step 3C: Opening your registry.

Do so, by going to Start -> Run and type in "regedit" and then hit ok.

You need to delete all these directories/files.

Code:

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run cmmd
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run fkg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ardamax keylogger 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ardamax keylogger displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\ardamax keylogger uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run fkg
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run cmmd

Step 4: kh.dll can probably be found by doing a search. Start -> Programs -> Search.

Search for "all files" and type in kh.dll. Remove it when it comes up.

 

Thanks very much Yakov....add me on MSN if you like...I'll probs be on tonight.

Thx so much.

 

Thanks a lot m8, i i have none of that stuff, i've looked in registry and neither the directries or the files exist.
I've looked for at least half the files you listed and none of them are there. I've looked for the process running, and that also isn't there.

I've looked for all of the above, and it isn't there, it's as if i'm not keylogged?

I don't know..Is there a chance it didn't infect my PC? or..?

Thanks very much Yakov.

What shall i do now lol :s

 

Have fun with that. Why would you open crap from RANDOM people? Srrsly. >_<

Here.

Oh try this also before you try anything else.

http://www.scanspyware.net/info/Ardamax.htm

Delete the following directories

%programfilesdir%\HTV
%programfilesdir%\NSK
%programsdir%\ARDAMAX KEYLOGGER
Ardamax Keylogger
%programsdir%\ARDAMAX KEYLOGGER LITE
%commonprogramsdir%\ARDAMAX KEYLOGGER
ARDAMAX KEYLOGGER LITE
%commonprogramsdir%\ARDAMAX KEYLOGGER LITE


Delete the following files

%programfilesdir%\HTV\HTV.exe
%programfilesdir%\HTV\HTV.006
%programfilesdir%\HTV\HTV.007
%programfilesdir%\HTV\HTV.003
%programfilesdir%\HTV\HTV.004
%programfilesdir%\HTV\AKV.exe
%programfilesdir%\HTV\qs.html
%programfilesdir%\HTV\HTV.chm
HTV.001
%programfilesdir%\HTV\HTV.002
HTV.005
%programfilesdir%\HTV\akv.cfg
HTV.009
%programfilesdir%\NSK\AKV.EXE
NSK.EXE
%programfilesdir%\NSK\QS.HTML
%programfilesdir%\NSK\NSK.CHM
tray.gif
%programfilesdir%\HTV\menu.gif
%programfilesdir%\NSK\TRAY.GIF
%programfilesdir%\NSK\MENU.GIF
Uninstall.exe
LICENSE.TXT
%programfilesdir%\NSK\UNINSTALL.EXE
%programsdir%\ARDAMAX KEYLOGGER\HELP.LNK
%programfilesdir%\Ardamax Keylogger\kh.dll
il.dll
akl.exe
%programfilesdir%\Ardamax Keylogger\AKV.exe
qs.html
%programfilesdir%\Ardamax Keylogger\AKL.chm
%programfilesdir%\Ardamax Keylogger\akl.001
%programfilesdir%\Ardamax Keylogger\akl.002
akv.ini
tray.gif
menu.gif
HELP.LNK
%commonprogramsdir%\Ardamax Keylogger\Help.lnk
%programsdir%\ARDAMAX KEYLOGGER\LOG VIEWER.LNK
license.txt
%programfilesdir%\ARDAMAX KEYLOGGER LITE\KH.DLL
%programfilesdir%\ARDAMAX KEYLOGGER LITE\AKL.CHM
%programfilesdir%\ARDAMAX KEYLOGGER LITE\AKL.EXE
akl.klf
Uninstall.exe
%commonprogramsdir%\Ardamax Keylogger\Log Viewer.lnk
%programsdir%\ARDAMAX KEYLOGGER\ARDAMAX KEYLOGGER.LNK
%programfilesdir%\ARDAMAX KEYLOGGER LITE\UNINSTALL.EXE
%programfilesdir%\ARDAMAX KEYLOGGER LITE\LICENSE_LITE.TXT
Ardamax Keylogger.lnk
ARDAMAX KEYLOGGER LITE.LNK


Delete the following registry keys

ARDAMAX KEYLOGGER LITE
akl.exe
ARDAMAX KEYLOGGER
ARDAMAX KEYLOGGER LITE

Delete the following registry values
NSK
fkg
HTV Agent

 

well, i never would accept a file through msn especially if i didnt know the person.. so u dont wan't to hard drive clean.. hmm. try system restore?

 

Honestly, it's hard to get rid of a keylogger without reformatting, most keyloggers, such as BPK, SC, ect, make a duplicate file of certain, important internal files. What I would do if I was you, is buy a flash drive, put all the files you obsolutely NEED on there, and reformat, it would be your safest bet, but if you absolutely can't....I guess search through all the files in your computer, look for duplicates and hope you delete the right one.

Sorry if I wasn't much help =\ lol

 

Thanks.

Daily, again none of the files or registries you posted exist.

I don't know...am i keylogged?

 

No you are not :S

 

Heh, % = variable.

So,

%program_files%

means it can be like

C:\Yakov's Files\program files\my files\keylogger

EDIT: Upon further research, I've realized that Task Manager may not pick up ARDAMAX. So try using a different task manager, which are available on the internet.

The reason none of daily's files show up, is because he's telling you what to delete if you have ARDAMAX LITE, and you're infected with Ardamax, not the lite version of it.

 

I've scanned my computer with Norton, Spyware Docter, ScanSpyware and Zone Alarm, all have come up clean.

I've used 2 complicated methods of finding and deleting spyware, and they both came up clean (I think).

I've tried both Yakov's and Daily's methods, and they came up with nothing...

I'm beginning to wonder whether I am keylogged.

Yakov, if you could explain exactly where the %programfiles% things are i'd appreciate it, cos i must be an idiot..

Keep tryin' guys please Thx

 

Ok

For example

%program_files%\ckm\ckm.003

Now my Program Files folder is in my C drive.

C:\Program Files <-

So I would go there ^ Look for a folder called "ckm". Then I would open it and search for the file "ckm.003" and delete it. Understand?

 

You might HAVE to format.

:\

 

Yeah, i get it, it's what i thought.

I've looked, NOTHING there...

That's like 5 spyware/virus scanners, 2 hard methods, tried both dailys and yakovs, tried everything :s

I'm going to bed now, I'll carry on tommorow.

Thx a lot guys.

 

Used now...

Norton, ZoneAlarm, Scanspyware, Spyware Docter, Dr Web Scanner, HiJack This and Spysweeper.

All get nothing.

 

Spy Bot Search and Destroy,
Delete all The Temp Files

 

Pretty sure thats right.. But just incase its not. Good luck : ]

 

Ouch, I hope you get rid of it dude.

 

oooo, I had ardamax awhile back. I just did a system restore, removed some remaining crap with spysweeper and spybot s&d, and finally did a manual search for any of those files. I never had any problems afterwards.

 

Thanks guys, that's the problem, i've searched it with like 7 or 8 different spyware/virus scanners and got nothing.