Download Ardamax Keylogger 3.8.1 from here: http://www.ardamax.com/ [Register it to get the key]
Once you downloaded Ardamax open "setup_akl.exe".Install Ardamax on your PC (it will record all you'll type until you uninstall it).
Installing Aramax:-
-So, double click on "setup_akl.exe". In the new window (about the License Agreement), click on "I Agree".
-Be sure the 3 boxes are tick and click on "Next".
-Choose a new installation path or leave this one, and click "Install" (Ardamax is now installing).
-Once it's done, untick "View the Quick Tour" and press on "Finish".
Infecting a file
-In the new window, click on "Enter Key" and enter the name and serial, then press "OK".
-If everything went fine, the window should have close and now you'll have to do a right click on the Ardamax icon in the tray bar (in the right bottom corner of your screen), then click on "Remote Installation...".
-A new screen will open and you'll have to click on "Next".
-Tick the "Append keylogger engine to file or another application" and click on "Browse". Now, you'll have to browse for the file or the application you want to infect. It can be anything, and, don't worry, the file won't be infected (Ardamax will make a copy of it and leave the one you chose intact). So, when someone will double click on this file, Ardamax will be install on his PC (He won't see any Ardamax installation or w/e window and probably never know he's infected). Once you choosed the file, click on "Open".
-In the same window ("Appearance"), leave "Installation folder on target computer" the same, and under "Additional components", untick "Log Viewer" (untick all) and click on "Next".
-In "Invisibility" window, leave all options tick, click on "Next".
-Now, click on "Enable..." and in the window that popuped, enter a password. Leave all the options tick, and click on "Next".
-Untick "Check for updates" and click on "Next".
-Leave the 2 options tick, and I suggest to change the "Hidden mode on:" to something easier to remember (such as ctrl+z). Also, I would put a "Self destruct on:" date (you have to tick the box beside the date, scroll down and choose a date) this will uninstall Ardamax on the remote PC on the date you choosed)) such as a week later (or until you're sure you know what you want to). Click on "Next".
-Now, in the new window ("Control"), tick "Send logs every" and, right beside, choose the frequency of the logs you'll receive (usually 1/hour or 1/day is fine).
Using the infected file
A new window popuped, your infected file is there, it's call "Install.exe" and it have the icon you choosed. Don't touch at any other file in this folder, they are useless. I suggest you rename it.
You now have to spread this file and hope someone will download it and double click on it. Once he do this, Ardamax will start recoring and sending logs to your website.
I suggest emailing people and giving them the file, or upload it in forums. Of course you have to put (infect) Ardamax in a file that people are interested to download.
If they decide to scan the file at http://www.virustotal.com, they will know it's infected, though only "Webwasher-Gateway" detect Ardamax in the file as "Riskware.Ardamax.K.Gen" and "Ikarus" detect "Trojan-Dropper.Win32.Agent.bnk".
"Webwasher-Gateway" is the last antivirus VirusTotal use to scan, so if that person is lazy, you should be fine.
Basically, I think people can't get rid of Ardamax unless they re-install Windows, so if you didn't put "Self Destruct" date, you will receive logs for a very long time.
Once you downloaded Ardamax open "setup_akl.exe".Install Ardamax on your PC (it will record all you'll type until you uninstall it).
Installing Aramax:-
-So, double click on "setup_akl.exe". In the new window (about the License Agreement), click on "I Agree".
-Be sure the 3 boxes are tick and click on "Next".
-Choose a new installation path or leave this one, and click "Install" (Ardamax is now installing).
-Once it's done, untick "View the Quick Tour" and press on "Finish".
Infecting a file
-In the new window, click on "Enter Key" and enter the name and serial, then press "OK".
-If everything went fine, the window should have close and now you'll have to do a right click on the Ardamax icon in the tray bar (in the right bottom corner of your screen), then click on "Remote Installation...".
-A new screen will open and you'll have to click on "Next".
-Tick the "Append keylogger engine to file or another application" and click on "Browse". Now, you'll have to browse for the file or the application you want to infect. It can be anything, and, don't worry, the file won't be infected (Ardamax will make a copy of it and leave the one you chose intact). So, when someone will double click on this file, Ardamax will be install on his PC (He won't see any Ardamax installation or w/e window and probably never know he's infected). Once you choosed the file, click on "Open".
-In the same window ("Appearance"), leave "Installation folder on target computer" the same, and under "Additional components", untick "Log Viewer" (untick all) and click on "Next".
-In "Invisibility" window, leave all options tick, click on "Next".
-Now, click on "Enable..." and in the window that popuped, enter a password. Leave all the options tick, and click on "Next".
-Untick "Check for updates" and click on "Next".
-Leave the 2 options tick, and I suggest to change the "Hidden mode on:" to something easier to remember (such as ctrl+z). Also, I would put a "Self destruct on:" date (you have to tick the box beside the date, scroll down and choose a date) this will uninstall Ardamax on the remote PC on the date you choosed)) such as a week later (or until you're sure you know what you want to). Click on "Next".
-Now, in the new window ("Control"), tick "Send logs every" and, right beside, choose the frequency of the logs you'll receive (usually 1/hour or 1/day is fine).
Using the infected file
A new window popuped, your infected file is there, it's call "Install.exe" and it have the icon you choosed. Don't touch at any other file in this folder, they are useless. I suggest you rename it.
You now have to spread this file and hope someone will download it and double click on it. Once he do this, Ardamax will start recoring and sending logs to your website.
I suggest emailing people and giving them the file, or upload it in forums. Of course you have to put (infect) Ardamax in a file that people are interested to download.
If they decide to scan the file at http://www.virustotal.com, they will know it's infected, though only "Webwasher-Gateway" detect Ardamax in the file as "Riskware.Ardamax.K.Gen" and "Ikarus" detect "Trojan-Dropper.Win32.Agent.bnk".
"Webwasher-Gateway" is the last antivirus VirusTotal use to scan, so if that person is lazy, you should be fine.
Basically, I think people can't get rid of Ardamax unless they re-install Windows, so if you didn't put "Self Destruct" date, you will receive logs for a very long time.
0 comments:
Post a Comment