Ardamax - discover email address

Discussion in 'Malware Help (A Specialist Will Reply)' started by timoioi, Dec 8, 2006.

  1. timoioi

    timoioi Private E-2

    Hey there! Been looking around for a solution but to no avail. I'm trying to see if there is a way to discover the email address used on a machine infected with Ardamax? Of course, there is no access to the software using it's standard interface so determining the email would have to be through other means.

    thanks for any info!
     
    timoioi, Dec 8, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    I'm not sure what you are asking. PCs don't have email addresses. They have IP addresses. People (users) have email addresses. How do you know that Ardamax is installed and if it is, it is normally installed by someone who uses or owns the PC. So who installed it?

    What exactly is it that you are trying to trace if the key logger actually is installed?
    Are you trying to see if it is recording information and sending it somewhere external to your PC?
     
    chaslang, Dec 9, 2006
    #2
  3. timoioi

    timoioi Private E-2

    Ardamax popped up on a spybot s&d scan of a system and I am trying to see if I can track down the sender of it. Most likely just some unknown person that has nothing better to do, but I'd like to try to check none-the-less. I am not very familiar with the software itself, but I understand that it does log various bits of info (keylogs, screenshots, etc) and sends them to some email address specified by some originating user.

    Normally I'd just disregard such things and move on, but this one in particular caught my eye.
     
    timoioi, Dec 10, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Ardamax is typically installed locally and not via malware from the net. However it does have an option for a remote installer but your would still have to except the email and install it. Various scanning programs often have false detections for keyloggers. And since they are designed to be stealthed, it would be unlikely that Spybot would even see the real key logger if it were installed. Attach a log from Spybot. Also run the below:

    Download Blacklight Beta
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please post contents of the BlackLight log.
     
    chaslang, Dec 10, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds