The following instructions have been created to help you to get rid of "Ardamax" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site.
Threat Details:
Categories:
Description: Ardamax Keylogger is a keystroke recorder that captures user's activity and saves it to an encrypted log file. The log file can be viewed with the powerful Log Viewer. Logs can be automatically sent to an e-mail address, access to the keylogger is password protected. Besides, Ardamax Keylogger logs information about the Internet addresses the user has visited. This invisible spy application is designed for Windows 98, ME, NT4, 2000, XP and 2003.
Supposed Functionality: Keylogger
Privacy Statement: Ardamax Keylogger: License
Anyone may use this software during a test period of 7 days. Following this test period of 7 days or less, if you wish to continue to use Ardamax Keylogger, you MUST register.
Once registered, the user is granted a non-exclusive license to use Ardamax Keylogger for any legal purpose, at a time. The registered Ardamax Keylogger software may not be rented or leased, but may be permanently transferred, if the person receiving it agrees to terms of this license. If the software is an update, the transfer must include the update and all previous versions.
Any use of the program which is illegal under international or local law is forbidden by this licence. Any such action is the sole responsibility of the person committing the action.
Ardamax Keylogger was created as a solution for remote computer monitoring and surveillance. Our software is NOT designed to be used for malicious purposes. Using this software against any of the terms and conditions is against the LAW, and we will not be held accountable if you get into legal issues that may arise from using it.
You agree not to use this software to upload or distribute in any way files that contain viruses, corrupted files, or any other similar software or programs that may damage the operation of another's computer; not to use this software to collect or harvest personal information.
The Ardamax Keylogger unregistered (trial) version may be freely distributed provided the distribution package is not modified. No person or company may charge a fee for the distribution of Ardamax Keylogger without written permission from the copyright holder.
ARDAMAX KEYLOGGER IS DISTRIBUTED "AS IS". NO WARRANTY OF ANY KIND IS EXPRESSED OR IMPLIED. YOU USE AT YOUR OWN RISK. THE AUTHOR WILL NOT BE LIABLE FOR DATA LOSS, DAMAGES, LOSS OF PROFITS OR ANY OTHER KIND OF LOSS WHILE USING OR MISUSING THIS SOFTWARE.
You may not use, copy, emulate, clone, rent, lease, sell, modify, decompile, disassemble, otherwise reverse engineer, or transfer the licensed program, or any subset of the licensed program, except as provided for in this agreement. Any such unauthorized use shall result in immediate and automatic termination of this license and may result in criminal and/or civil prosecution.
All rights not expressly granted here are reserved by Ardamax Software.
Installing and using Ardamax Keylogger signifies acceptance of these terms and conditions of the license.
If you do not agree with the terms of this license you must remove Ardamax Keylogger files from your storage devices and cease to use the product.
Removal Instructions:
Autorun:
Please use Spybot-S&D, RunAlyzer or msconfig.exe to remove the following autorun entries.
- Entries named "UIB" and pointing to "<$SYSDIR>\UIB.exe".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
- The file at "<$SYSDIR>\UIB.exe".
- A file with an unknown location named "Tibia.exe".
- A file with an unknown location named "Tibia_Multi-ip_Changer.exe".
- A file with an unknown location named "TibiaBOT.exe".
Make sure you set your file manager to display hidden and system files. If Ardamax uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
- The directory at "<$LOCALSETTINGS>\Temp\IP LIST".
Make sure you set your file manager to display hidden and system files. If Ardamax uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help, - Please read these instructions before requesting assistance,
- Then start your own thread in the Malware Removal Forum where a volunteer analyst will advise you as soon as available.
Manual Removal Guide for Ardamax
Reply With Quote