Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Related files
rlvknlg.exe
Relevant-Knowledge by TMRG Inc. (Signed)
Version: | 1.3.336.313 (Build 336.313) |
MD5: | 7aecc8df4cf369b6c4e91bbb7d7bfcb7 |
SHA1: | 991908d3163adfd689f920fa8d9f36408f9601e8 |
SHA256: | fde44df79589ab09876531c81c4df1bb6357afd23e893a3ac824c31b1540ccfb |
Warning 10 antivirus scanners has detected malware.
Overview
rlvknlg.exe is malware that executes as a process with the local user's privileges typically within the context of its parent
rlservice.exe (Relevant-Knowledge by TMRG Inc.). The file is digitally signed by TMRG Inc. which was issued by the VeriSign certificate authority (CA). This particular version is usually found on Windows 7 Ultimate (6.1.7601.65536).
Details
File name: | rlvknlg.exe |
Publisher: | TMRG, Inc. |
Product name: | Relevant-Knowledge |
Typical file path: | C:\Program Files\relevantknowledge\rlvknlg.exe |
File version: | 1.3.336.313 (Build 336.313) |
Size: | 3.34 MB (3,501,848 bytes) |
Certificate |
Issued to: | TMRG Inc. |
Authority (CA): | VeriSign |
Effective date: | Thursday, December 22, 2011 |
Expiration date: | Sunday, December 22, 2013 |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Network connections
[UDP] listens on port 67
Malware detections
Based on 40+ industry antivirus scanners, 10 of them detected the following malware.
Antivirus engine | Engine version | Detection |
Avira AntiVir |
7.11.89.168 |
ADWARE/Adware.Gen |
avast! |
8.0.1489.320 |
Win32:Relevant-W [PUP] |
Comodo Internet Security |
16572 |
ApplicUnwnt |
Dr.Web |
8.13.10.1 |
DLOADER.Trojan |
ESET NOD32 |
7.8548 |
a variant of Win32/Adware.RK.AE |
F-Prot |
v6.4.7.1.166 |
W32/Relevant.A.gen!Eldorado |
K7 AntiVirus |
9.170.8983 |
Adware |
Kingsoft |
2013.4.9.267 |
Win32.AdWare.RK.ae.(kcloud) |
Malwarebytes |
1.75.0.1 |
PUP.Adware.RelevantKnowledge |
Sophos |
4.90.0 |
Generic Proxy-OSS Application |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00094663% | |
Kernel CPU: | 0.00056127% | |
User CPU: | 0.00038536% | |
Kernel CPU time: | 38,485 ms/min | |
CPU cycles: | 1,217,466/sec | |
Memory |
Private memory: | 8.82 MB | |
Private (maximum): | 16.1 MB | |
Private (minimum): | 5.58 MB | |
Non-paged memory: | 8.82 MB | |
Virtual memory: | 142.35 MB | |
Virtual memory (peak): | 175.68 MB | |
Working set: | 7.73 MB | |
Working set (peak): | 22.14 MB | |
Page faults: | 340,777/min | |
I/O |
I/O read transfer: | 270 Bytes/sec | |
I/O read operations: | 1/sec | |
I/O write transfer: | 133 Bytes/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 48.47 KB/sec | |
I/O other operations: | 330/sec | |
Resource allocations |
Threads: | 29 | |
Handles: | 545 | |
GUI GDI count: | 32 | |
GUI GDI peak: | 36 | |
GUI USER count: | 26 | |
GUI USER peak: | 29 | |
Process properties
Threads
Averages
ntdll.dll |
Total CPU: | 0.01347722% | |
Kernel CPU: | 0.00000000% | |
User CPU: | 0.01347722% | |
CPU cycles: | 199,424/sec | |
Memory: | 1.23 MB | |
rlvknlg.exe (main module) |
Total CPU: | 0.01168515% | |
Kernel CPU: | 0.00960559% | |
User CPU: | 0.00207956% | |
CPU cycles: | 172,547/sec | |
Memory: | 3.5 MB | |
rasman.dll |
Total CPU: | 0.00003611% | |
Kernel CPU: | 0.00003611% | |
User CPU: | 0.00000000% | |
CPU cycles: | 146/sec | |
Memory: | 84 KB | |
ole32.dll |
Total CPU: | 0.00003608% | |
Kernel CPU: | 0.00003608% | |
User CPU: | 0.00000000% | |
CPU cycles: | 1,201/sec | |
Memory: | 1.36 MB | |
Common loaded modules
These are modules that are typiclaly loaded within the context of this process.
Distribution by Windows OS
OS version | distribution |
Windows 7 Ultimate |
100.00% |
|
Distribution by PC manufacturer
PC Manufacturer | distribution |
Acer |
100.00% |
|