From: "Glenn Meadows" 

Consider running SpyBot S&D "Teatimer" resident registry
track program...it will popup anytime anything attempts to make a registry
entry, and allow you to accept the registry change or not.  It can also log
the change for you, so you know exactly what keys were added or changed by
the changing program.

--

Glenn M.
"Geo."  wrote in message
news:421a36cd$1{at}w3.nls.net...
>I found this interesting because it appears to be something spyware is
> currently doing.
>
> Geo.
>
> http://habaneronetworks.com/viewArticle.php?ID=144
>
> I was just poking around with the Windows Firewall on my system. When I
> went
> to look at the exceptions, I was confronted with an entry that I couldn't
> recognize, rk.exe. Rk.exe was allowed full access to and from my computer.
> I
> did a quick search for rk.exe on the internet and came across
> ProcessLibrary's website which stated the following about rk.exe:
>
> rk.exe is a process that belongs to a software from RelevantKnowledge. The
> software monitors how you use the Internet as well as displays various
> surveys in popup windows. This process should be removed to protect your
> personal privacy. For more information visit their privacy policy
> agreement
> at http://www.relevantknowledge.com/Agreement.htm
>
> Let's see, RelevantKnowledge, um, never heard of them, I know what
> software
> I have installed, and none is from this company. Anyway, what else does it
> say? Um, 'The software monitors how you use the Internet', well, this
> can't
> be too good, ok then, how about 'displays various surveys in popup
> windows'.
> so let's add it up:
>
> Never heard of the company        Bad
> Monitors My Internet Activity     Bad
> Displays Popups                         Bad
>
>
> Well, to me, this does look like spyware and adware. It is spyware because
> it is monitoring and probably recording information about where I am going
> and what I am doing on the Internet. It is also adware because of the nice
> popups it will provide me.
>
> Well, I actually have never seen any activity from rk.exe on my system,
> and
> infact, the file doesn't even exist. I must have cleaned it out with a
> spyware remover like, AdAware or Webroot's Spysweeper. The point of the
> matter is that this entry has found it's way into my Windows Internet
> Connection Firewall Exceptions list without my knowledge. And as it turns
> out, isn't that hard to do.
>
> As long as the person currently logged into the computer has
> Administrative
> privileges, an application can easily add an entry into the
> HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/Author
> izedApplications/List/ key that will allow any application full rights to
> and from the computer without the user's interaction or knowledge.
>
>
> Just because you think that Microsoft and their supposedly secure Windows
> Firewall is running doesn't mean that your safe. You must check the
> settings
> of the firewall regularily. Always scan your system at the minimum once a
> week with the anti-spyware tools and ensure that you run SpywareBlaster
> everytime you use your computer.
>
> For more information about SpywareBlaster please visit here, for more
> information about anti-spyware and anti-adware products, please read a
> full
> review of the top 5 ad / spyware fighters at:
> http://habaneronetworks.com/viewArticle.php?ID=95.
>
>
> If you are currently using Window's own firewall to protect you, either
> ensure that there are no unknown exceptions or find a better firewall.
>
>

--- BBBS/NT v4.01 Flag-5