RLWA.EXE – KeyLogger Ardamax

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

Manual removal instructions:

RLWA.EXE – KeyLogger Ardamax removal

File MD5 Virus Alias
RLWA.EXE 17535dddecf8cb1efdba1f1952126547 KeyLogger Ardamax
RLWA.EXE 17535dddecf8cb1efdba1f1952126547 Trojan UnwantedProgram
RLWA.EXE 17535dddecf8cb1efdba1f1952126547 Trojan Generic
RLWA.EXE 17535dddecf8cb1efdba1f1952126547 Trojan Agent

RLWA.EXE size: 484864 bytes
RLWA.EXE hash: 17535DDDECF8CB1EFDBA1F1952126547

Created files:

%SysDir%\28463\AKV.exe
%SysDir%\28463\RLWA.001
%SysDir%\28463\RLWA.006
%SysDir%\28463\RLWA.007
%SysDir%\28463\RLWA.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RLWA Agent: %WinDir%\System32\28463\RLWA.exe

Detected by UnHackMe:

RLWA.EXE
Default location: %SYSDIR%\28463\RLWA.EXE

Dropper information:
MD5: 4b39ed5b5baf28bbaca73393385b0e18
File size: 516864 bytes