MonitoringTool:Win32/Ardamax is a key logger program that can capture user activity and save it to text or HTML format as a log file. Win32/Ardamax can be configured to send the log file via e-mail to a predefined address, and run in different configurations of hidden mode.
Win32/Ardamax can be installed from the product Web site. After installation, it may be present as the following files:
The registry may be modified to run Win32/Ardamax at each Windows start.
Adds value: "ardamax keylogger <version>"
With data: "%ProgramFiles%\ardamax keylogger\akv.exe"
To subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Other registry values may be created, such as an uninstall subkey that related to an entry in "Add or Remove Programs" for Win32/Ardamax. Win32/Ardamax can be configured to run in a hidden mode, which completely hides it from the Task Manager and the Programs menu.
Analysis by Subratam Biswas
The following system changes may indicate the presence of MonitoringTool:Win32/Ardamax: