LYS.002 – KeyLogger Ardamax

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

LYS.002 – KeyLogger Ardamax removal

File MD5 Virus Alias
LYS.002 e7879e2f301a885bb46ec1782a6d6278 KeyLogger Ardamax
LYS.002 e7879e2f301a885bb46ec1782a6d6278 Trojan SuspiciousFile
LYS.002 e7879e2f301a885bb46ec1782a6d6278 Trojan Generic
LYS.002 e7879e2f301a885bb46ec1782a6d6278 Worm AMN
LYS.002 e7879e2f301a885bb46ec1782a6d6278 Trojan Swizzor
LYS.002 e7879e2f301a885bb46ec1782a6d6278 Trojan Agent

LYS.002 size: 55296 bytes
LYS.002 hash: E7879E2F301A885BB46EC1782A6D6278

Created files:

%SysDir%\OXICEU\AKV.exe
%SysDir%\OXICEU\LYS.001
%SysDir%\OXICEU\LYS.002
%SysDir%\OXICEU\LYS.003
%SysDir%\OXICEU\LYS.004
%SysDir%\OXICEU\LYS.005
%SysDir%\OXICEU\LYS.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\LYS Start: %WinDir%\System32\OXICEU\LYS.exe

Detected by UnHackMe:

LYS.002
Default location: %SYSDIR%\OXICEU\LYS.002

Dropper information:
MD5: 004fb073a037479e9185f6c089d075eb
File size: 1427456 bytes