My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Adware.Relevant.A

MEDIUM
LOW
approx. 1500K
(Relevant)

Symptoms

A “rlvknlg.exe” or “rk.exe” process is running in the background. Internet Explorer pop-ups regarding surveys appear from time to time.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Dan Anton, virus researcher

Technical Description:

Adware.Relevant is a potentially unwanted application with adware and backdoor capabilities that runs in the background and monitors user browser behavior. When installed, it displays survey pop-ups, starts listening on 8254 TCP port, allowing incoming internet connections and also adds the main process to the exceptions list of Windows Firewall. Adware.Relevant comes bundled with several shareware programs, such as screensavers or burning software, and even if it displays a license agreement (EULA) regarding the pop-ups and the monitoring functionality, it doesn’t state the backdoor capability.

When installed, Adware.Relevant performs the following actions:

1.    Adds the following files:

%sysdir%\rkinstaller.exe
%sysdir%\rkupginstaller.exe
%sysdir%\rlvknlg.exe
%sysdir%\rk.exe
%sysdir%\rk.bin
%sysdir%\rlls.dll

2.    Adds the following value:

“RelevantKnowledge” = “%sysdir%\rlvknlg.exe”

to the registry subkey:

“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run”

where %sysdir% refers to the System directory (default is “C:\Windows\System32\”).

RelevantKnowledge pop-up example:


RelevantKnowledge backdoor listening: