Getting Infected with Relevant Knowledge a.k.a. rlvknlg.exe Spyware

When I woke up this morning, I was greeted by an uninvited visitor when I opened my laptop. I saw a pop-up from Skype asking permission for me to install the rlvknlg.exe file. Skype was asking me 2 options: Allow or Deny. I had to think twice if I was reading the message right since I thought it was a person who was asking to be added in Skype. But when I saw the .exe extension on the file that wants to be added to my system, I got suspicious. I immediately opened Google and searched for the keyword “rlvknlg” and I found out that it’s a Spyware or a Malware. Yes, the uninvited guest was a Spyware and one thing’s for sure, I hate Spywares and viruses!

I immediately clicked the “Deny” button in Skype and thought hard how it got there. To be sure my Lenny is safe, I immediately opened my free version of the AVG Anti-virus software and started a simple scan.

avg scan of the rlvknlg.exe virus

It only took 3 scans to my system file before my anti-virus software found the culprit. The scan says that the Relevant Knowledge program is potentially harmful. And it has listed 113 threats found which connects to this file.

While my AVG software is doing all the works, I searched the information online and found out that the rlvknlg.exe file could pose as a different file to camouflage itself. But upon seeing the partial results of my scan, I saw that the Relevant Knowledge program resides in my Program Files. Upon checking the file, I indeed found Lenny’s unwanted guest.

rlvknlg.exe malware

For the untrained eye, no one would suspect that the Relevant Knowledge folder, on top, was a Spyware. For all I care, it could be a version of those Britannica Encyclopedias. But I know I don’t have an online encyclopedia. So I checked the folder and whala! Look what I found. The unwanted file is lurking inside Lenny’s organs!

rlvknlg.exe virus

Inside the Relevant Knowledge folder, I saw the rlvknlg.exe file along with its component files.

It made me realize that this spyware is very daring since it’s just there, out in the open. So I checked deeper to see if I can also find it  in the Programs and Features of my Control Panel.

rlvknlg in my Windows Program and Features files

And there it is. 5.27MB belonging to a TMRG, Inc. Further inspection shows that this was installed today, June 16, 2012. The last file I remembered installing for the past 2 days were an FLV to AVI and an FLV to MP3 converter that I installed 2 days ago and then the 7-Zip 9.20 file I installed yesterday since I needed to extract certain files I downloaded online.

I could easily uninstall this file but I am trying to wait for my AVG scan to finish scanning my whole computer.

Based on the research I made, some claim that this file is a genuine software and anyone could easily uninstall it from the Control Panel. They say that this is not a Spyware. I guess those who are saying that are either employees of the company who made this file or were paid to place those comments on the websites who made positive write ups about this spyware.

Upon further research, I also found out that getting infected with the Relevant Knowledge a.k.a. rlvknlg.exe Spyware, the spyware that came from Comscore.com, allows the program to monitor my internet activity…

“RelevantKnowledge monitors your Internet surfing, by routing your Internet activities through their service and logging information about the web pages that you visit and the actions that you take, such as the purchases and transactions you make.”

“Relevant Knowledge monitors browsing habits and purchasing activities. The data collected is sent to the creator of the application or third-parties. It displays surveys in a pop-up window. Relevant Knowledge uses Internet connection in the background without a user’s knowledge and in some cases may even affect Internet connection speed because your Internet connections will go through its own proxy.”

No matter what supporters, paid or not, of this software says, to me, this is still a Spyware.

According to wiki

Spyware is a type of malware (malicious software) installed on computers that collects information about users without their knowledge. The presence of spyware is typically hidden from the user and can be difficult to detect. Spyware is often secretly installed on a user’s personal computer without their knowledge.

When I installed programs in my computer the past 2 days, I was very keen on making sure that I didn’t install those unwanted toolbars, browsers, games and what have yous. I would have seen this Spyware on the fine print before accepting the EULA of the programs I installed. So to make it simple. I didn’t consent to this program being installed on my computer yet the rlvknlg.exe file found its way into my system and secretly installed itself on my laptop.

rlvknlg spyware running on my task manager
the Relevant Knowledge program is running in my task manager!

How To Remove the Relevant Knowledge program also known as the rlvknlg.exe spyware

To those who got infected by the rlvknlg.exe spyware, you can try uninstalling it from your Control Panel, as suggested online, then restart your computers. Afterwhich, open the folder in the Program Files and check if you can still see files in there and delete them. Then do a thorough scan of your computer using your anti-virus software to ensure that you got rid of the spyware that is the rlvknlg.exe file.

avg scan result due to relevant knowledge spyware infection

Here’s the result of my scan. It tells me that 128 files/programs were found to be threats and AVG is asking me to restart the computer to finish removing everything. Upon closer look on the image below, 113 files were found to be Spywares or files that got infected with the Relevant Knowledge Spyware.

avg scan result due to relevant knowledge spyware infection 1

So the only common thing to do was to follow AVG’s advise to reboot the laptop to finish the process. When the laptop was back on, I realized that the Spyware was still there. I had to go to the Program Files and remove the other files that were not removed by AVG. I basically deleted the entire Relevant Knowledge folder.

When I thought that it was finally done, I went online and went to Google.com. However, it redirects me to Google.com.kh, Cambodia’s URL. This meant only one thing. My system’s still infected (i think). I tried to research for information again online on what I needed to do but all the info I found asked me to download a malware removal program which I refused to install on my PC. I went to the registry by typing “regedit” on the RUN command and checked on random registries and I found the folder which contained the file. I  successfully deleted them all but the Services section of the Administrative Tools in Control Panel still shows I have the Relevant Knowledge. I dunno if I’m safe now considering that the Services folder shows that there’s an error pointing to that program. Then I tried to search for the keywords in my drive but couldn’t find any.

The Relevant Knowledge spyware monitors your internet activity and uses your internet speed to send back the data it has collected so this means I need to make sure my computer is clean of this program before I can move forward with more important things to do.

I’m supposed to be cramming now for a project I need to finish but this annoying spyware is stalling my productivity and wasted my entire day. I’m tired and right now, I just gave up removing it out of my Lenny. I know it’s still there since my browser is still not working properly no matter how hard I tried to tweak its settings. As long as my internet speed is back, I’ll leave it at that and will remove it on a later date.

Copy Protected by Chetan's WP-Copyprotect.
%d bloggers like this: