Home / malwarePDF  

Adware.Relevant.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Adware.Relevant.A is also known as Relevant.

Explanation :

Adware.Relevant is a potentially unwanted application with adware and backdoor capabilities that runs in the background and monitors user browser behavior. When installed, it displays survey pop-ups, starts listening on 8254 TCP port, allowing incoming internet connections and also adds the main process to the exceptions list of Windows Firewall. Adware.Relevant comes bundled with several shareware programs, such as screensavers or burning software, and even if it displays a license agreement (EULA) regarding the pop-ups and the monitoring functionality, it doesn’t state the backdoor capability.

When installed, Adware.Relevant performs the following actions:

1. Adds the following files:

%sysdir%
kinstaller.exe
%sysdir%
kupginstaller.exe
%sysdir%
lvknlg.exe
%sysdir%
k.exe
%sysdir%
k.bin
%sysdir%
lls.dll

2. Adds the following value:

“RelevantKnowledge” = “%sysdir%
lvknlg.exe”

to the registry subkey:

“HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun”

where %sysdir% refers to the System directory (default is “C:WindowsSystem32”).

RelevantKnowledge pop-up example:


RelevantKnowledge backdoor listening:

Last update 21 November 2011

 

TOP