1. /
  2. Security Response/
  3. Spyware.Ardakey


October 30, 2007 2:49:46 PM
Risk Impact:
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
When the program is executed, it creates the following files:
  • %UserProfile%\Start Menu\Programs\Ardamax Keylogger\Help.lnk
  • %UserProfile%\Start Menu\Programs\Ardamax Keylogger\Ardamax Keylogger.lnk
  • %UserProfile%\Start Menu\Programs\Ardamax Keylogger\Log Viewer.lnk
  • %ProgramFiles%\NSK\AKV.exe
  • %ProgramFiles%\NSK\license.txt
  • %ProgramFiles%\NSK\menu.gif
  • %ProgramFiles%\NSK\NSK.002
  • %ProgramFiles%\NSK\NSK.003
  • %ProgramFiles%\NSK\NSK.004
  • %ProgramFiles%\NSK\NSK.005
  • %ProgramFiles%\NSK\NSK.006
  • %ProgramFiles%\NSK\NSK.007
  • %ProgramFiles%\NSK\NSK.chm
  • %ProgramFiles%\NSK\NSK.exe
  • %ProgramFiles%\NSK\qs.html
  • %ProgramFiles%\NSK\tray.gif
  • %ProgramFiles%\NSK\Uninstall.exe
  • %ProgramFiles%\Ardamax Keylogger\AKL.exe
  • %ProgramFiles%\Ardamax Keylogger\kh.dll
  • %ProgramFiles%\Ardamax Keylogger\il.dll
  • %ProgramFiles%\Ardamax Keylogger\AKV.exe
  • %ProgramFiles%\Ardamax Keylogger\Uninstall.exe
  • %ProgramFiles%\Ardamax Keylogger\license.txt
  • %ProgramFiles%\Ardamax Keylogger\qs.html
  • %ProgramFiles%\Ardamax Keylogger\tray.gif
  • %ProgramFiles%\Ardamax Keylogger\menu.gif
  • %ProgramFiles%\Ardamax Keylogger\AKL.chm
  • %ProgramFiles%\Ardamax Keylogger\akl.001
  • %ProgramFiles%\Ardamax Keylogger\akl.002
  • %ProgramFiles%\Ardamax Keylogger\akv.ini

It creates the following files, if the Lite version is installed:
  • %UserProfile%\Programs\Ardamax Keylogger Lite\Ardamax Keylogger Lite.lnk
  • %UserProfile%\Start Menu\Programs\Ardamax Keylogger Lite\Help.lnk
  • %ProgramFiles%\Ardamax Keylogger Lite\AKL.chm
  • %ProgramFiles%\Ardamax Keylogger Lite\akl.exe
  • %ProgramFiles%\Ardamax Keylogger Lite\kh.dll
  • %ProgramFiles%\Ardamax Keylogger Lite\license_lite.txt
  • %ProgramFiles%\Ardamax Keylogger Lite\Settings.ini
  • %ProgramFiles%\Ardamax Keylogger Lite\Uninstall.exe

The program creates the following registry subkeys:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\akl.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardamax Keylogger

It creates the following subkeys, if the Lite version is installed:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ardamax Keylogger Lite
  • HKEY_CURRENT_USER\Software\Ardamax Keylogger Lite

Next, it creates the following registry entries so that it executes whenever Windows starts:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"NSK" = "%ProgramFiles%\NSK\NSK.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Ardamax Keylogger" = "%ProgramFiles%\Ardamax Keylogger\akl.exe"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\App Paths\"akl.exe" = "%CurrentFolder%\akl.exe"

If the Lite version is installed, it creates the following registry entry so that it executes whenever Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Ardamax KeyLogger" = "%ProgramFiles%\Ardamax Keylogger\Lite\akl.exe"

It prompts the user to install the following components:
  • Keylogger Engine
  • Log Viewer
  • Documentation

The program may perform the following functions:
  • Keystroke logging
  • Log transferring via email
  • Log transferring via FTP
  • Hiding and Unhiding its tray icon using the Ctrl+Alt+Del+H key combination

It stores the gathered information in one of the following files:
  • %ProgramFiles%\NSK\NSK.002
  • %CurrentFolder%\Akl.klf
Summary| Technical Details| Removal

Search Threats

Search by name
Example: W32.Beagle.AG@mm
STAR Antimalware Protection Technologies
Internet Security Threat Report
Symantec DeepSight Screensaver