Tech Support Forum banner
Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
1,177 Posts
Discussion Starter · #1 ·
About a week ago; a product called Relevant Knowledge somehow deposited itself on my computer. When I discovered it; I went online and checked it out. Most every site listed it as spyware. I uninstalled the program. Then I opened the registry and found several more entries listed under this name. I removed them all. Everything seemed fine.

Today; my computer started behaving strangely. I ran an MBAM full scan. It detected the following items:


Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlvknlg64.exe (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxf.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\AppData\Local\temp\~osF40F.tmp\rlxg.dll (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
c:\Users\user\downloads\SETUPS\image2icon_installer_bs.exe (PUP.Adware.RKN) -> Quarantined and deleted successfully.

=========

Note that the MBAM log states it found no registry infections.

After MBAM quarantined and removed these infections; I found 9 executable entries in the registry for this item. I removed them.

My questions are:

What would have been the harm in leaving these executables in the registry?

Could these executables have silently reinstated parts of the program a week after I thought I had gotten rid of it?
 

·
TSF Team, Admin, Manager Security
Joined
·
5,057 Posts
Re: Possible Reinfection?

Hi,

Relevant Knowledge is adware/spyware. While it's potentially unwanted, it is fairly easy to remove. Simply uninstalling the program should have removed it's active functions, although this doesn't completely remove everything. Uninstallers often do not remove everything installed, just the active parts of the program.

You might want to try using RevoUninstaller to make sure it's completely removed, and any remnants are gone. Revo Uninstaller Pro - Uninstall Software, Remove Programs easily. There is a free version avaliable, as well as a trial for the more advanced version.

In this case, the executable files the registry entries referred to were likely already removed. No harm would have been done leaving these if the files have already been deleted, although if this was an active infection removing these keys would be necessary.

As for your second question, the registry entries don't contain the executable file itself, if the file has been deleted it won't cause any damage to your computer, or reintroduce any infection. Relevant Knowledge doesn't reinstall itself as far as I am aware, but other infections do use this method for reinfection.

If you are worried you might still be infected, or if further infections appear in any scans, you can post up a set of logs for an analyst to review.

To do this, please follow our first steps outlined here:
NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help
 

·
Registered
Joined
·
1,177 Posts
Discussion Starter · #3 ·
Re: Possible Reinfection?

Revo was the uninstaller I used, and I used the advanced selection. It did scan the registry but left several entries, including the executable entries. However; you have set my mind as ease. It's good to know the executable entries in the registry weren't a means for the program to re establish itself.

Thank you
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top