A “rlvknlg.exe” or “rk.exe” process is running in the background. Internet Explorer pop-ups regarding surveys appear from time to time.
Please let BitDefender disinfect your files.
Dan Anton, virus researcher
Adware.Relevant is a potentially unwanted application with adware and backdoor capabilities that runs in the background and monitors user browser behavior. When installed, it displays survey pop-ups, starts listening on 8254 TCP port, allowing incoming internet connections and also adds the main process to the exceptions list of Windows Firewall. Adware.Relevant comes bundled with several shareware programs, such as screensavers or burning software, and even if it displays a license agreement (EULA) regarding the pop-ups and the monitoring functionality, it doesn’t state the backdoor capability.
When installed, Adware.Relevant performs the following actions:
1. Adds the following files:
2. Adds the following value:
“RelevantKnowledge” = “%sysdir%\rlvknlg.exe”
to the registry subkey:
where %sysdir% refers to the System directory (default is “C:\Windows\System32\”).
RelevantKnowledge pop-up example:
RelevantKnowledge backdoor listening: