About a week ago; a product called Relevant Knowledge somehow deposited itself on my computer. When I discovered it; I went online and checked it out. Most every site listed it as spyware. I uninstalled the program. Then I opened the registry and found several more entries listed under this name. I removed them all. Everything seemed fine.
Today; my computer started behaving strangely. I ran an MBAM full scan. It detected the following items:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\downloads\SETUPS\image2icon_installer_bs.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
=========
Note that the MBAM log states it found no registry infections.
After MBAM quarantined and removed these infections; I found 9 executable entries in the registry for this item. I removed them.
My questions are:
What would have been the harm in leaving these executables in the registry?
Could these executables have silently reinstated parts of the program a week after I thought I had gotten rid of it?
Today; my computer started behaving strangely. I ran an MBAM full scan. It detected the following items:
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\downloads\SETUPS\image2icon_installer_bs.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.
=========
Note that the MBAM log states it found no registry infections.
After MBAM quarantined and removed these infections; I found 9 executable entries in the registry for this item. I removed them.
My questions are:
What would have been the harm in leaving these executables in the registry?
Could these executables have silently reinstated parts of the program a week after I thought I had gotten rid of it?
