Ehks removal

Spyware Ehks Information
Name: Ehks Category: Keylogger Author: Expl0it_shad0w Dangerous: Yes

Ehks belongs to Keylogger spyware category.
It's presense means that your computer is infected with malicious software and is insecure.

Ehks description by Expl0it_shad0w:

Vendor: -= ev0luti0n HTTP key logger 2.0 beta =- ~ expl0it_shad0w ~ Introduction Hey again all, im back with ehks v2beta. Ive changed this version alot. It seems by the feedback you guys gave me last time, that v1 wasent good. Most of the feedback was negative & it didnt work. And alot of you infected your selfs & asked me about where to find the missing (.dll). There was never a missing (.dll), it was a fake error meesage, like I stated in the readme file. Anyway Ive took out the fake error message this time, so you might´ve to bind it with another program/jpeg or whatever. NOTE: DONT OPEN SERVER.EXE unless you wanna infect your self.... Instructions Follow these instructions. 1. Rename "Sever.exe" to what ever you want, make it convincing, not like "TROJAN.exe" or "KEYLOGGER.exe". 2. Send it to them & tell them its a new hacking utility, NOTE: Try binding it with a real one. If you know how. ( Once the victim opens it, it hides in memory & monitors all the key stokes on the computer, so you can view them with an Internet Browser like MSIE. ) 3> Connect to there machine on port 80 with an Internet browser, as stated above. Type in there IP address into it & just hit Enter. For example if the victims IP address was 127.0.0.1 you type in 127.0.0.1 or just 127.0.0.1. There IP WONT be 127.0.0.1. (or) If you´ve Physical Machine Access, rather than remote, you can just opne up an internet browser on there machine & type in 127.0.0.1 & this should bring it up. Features/Misc Heres whats been added in version 2beta. * Better Takething code - hopefully wont crash. * Better Keylogging code - you can now see the windows handle & what they´re typing in it. * Better HTML log file - much more person friendly. * Added Anti-firewall/Anti-AntiVirus - this will hopefully stop most firewalls & anti-viruses. expl0it_shad0w ehks v2.1 is simply a key logger which lets you check the log any file remotely through a web browser (e.g, Internet Explorer) Connect to there machine on port 80 with an Internet browser. This version is 100% Different, ive completely re-built it. Supported Version of Windows, * win9x - Ive only tested on a 9x box, so if you guys are going to try on a different machine, let me know im uncertain as to weather or nto it works win XP, some beta testers say yes, some say no, im looking, into this for the next version. The key logger doesnt run under NT, I´ve tried, but feel free to test for your selfs, & give me feedback on the result. Features/Misc Ehks has been 100% re-built. Heres whats been added/changed in version 2.1. * Better Takething code - hopefully wont crash. * Changed Keylogging code - you can now see the windows handle. * Changed HTML log file - alot better, so people have said anyway. * Added Anti-firewall/Anti-AntiVirus - this will stop most firewalls & AVS´s * Added Function to get dialup, share, & other chached passwords. * Added Function to get Machine Info * Multi-Log File Support - all log any file have there own unique filename * Added Mutex usegae, to stop cant write to file error´s hopefully expl0it_shad0w

This Keylogger is also known as:

•Trojan.Spy.Delf.d.
• Trojan.Spy.Ehks.20.
• Trojan.Spy.Ehks.21.

>> Delete Ehks automatically - Download Spyware Doctor

Ehks Removal Instructions
Kill the following processes client.exe, ehks21.exe, server.exe, spooi32.exe, ymupdater.exe
Delete these registry entries HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\spoolersubsystemprocess HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\ymupdater
Remove the following files client.exe, ehks21.exe, readme.txt, server.exe. evlog.dat, evo_12-11-22_11-20.html, smsg.html, spooi32.exe, ymupdater.exe in Windows\system\

Bookmark Ehks page

Previous Spyware: Remove Ehg.UbiSoft.Hitbox

Next Spyware: Remove Ehks 2.0