Should I block it?

98%
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization

VersionsAdditional versions

1.3.334.331 (Build 334.331) 25.00%
1.3.334.331 (Build 334.331) 25.00%
1.3.333.310 (Build 333.310) 25.00%
1.3.333.307 (Build 333.307) 25.00%

Relationships

Parent process
Child process
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegCloseKey, RegSetValueExA, RegEnumKeyA, DeleteService, SetFileSecurityA, GetSidSubAuthorityCount, GetTokenInformation, SetTokenInformation, RegSetKeySecurity, SetSecurityInfo, CreateProcessAsUserA, DuplicateTokenEx, RegCreateKeyA, AdjustTokenPrivileges, LookupPrivilegeValueA, OpenProcessToken, SetNamedSecurityInfoA, FreeSid, AllocateAndInitializeSid, SetNamedSecurityInfoW, GetAclInformation, AddAce, MakeAbsoluteSD, GetSecurityDescriptorControl, GetSecurityDescriptorLength, MakeSelfRelativeSD, GetSecurityDescriptorSacl, GetSecurityDescriptorDacl, GetSecurityDescriptorGroup, GetSidLengthRequired, InitializeSid, GetSidSubAuthority, CopySid, GetLengthSid, IsValidSid, RegDeleteValueA, RegNotifyChangeKeyValue, RegEnumKeyExA, SetSecurityDescriptorDacl, RegOpenKeyExA, InitializeSecurityDescriptor, RegEnumValueA, GetUserNameA, RegCreateKeyExA, RegQueryValueExA, RegDeleteKeyA, RegOpenKeyA, AddAccessAllowedAce, InitializeAcl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetSecurityDescriptorOwner
comctl32.dll
ImageList_LoadImageA
comdlg32.dll
GetSaveFileNameA, FindTextA
dnsapi.dll
DnsRecordListFree, DnsQuery_A
gdi32.dll
GetObjectA, CreateSolidBrush, GetDIBits, BitBlt, CreateCompatibleBitmap, SetTextColor, SetBkMode, SelectObject, CreateDIBSection, CreateCompatibleDC, DeleteDC, GetStockObject, DeleteObject, GetDeviceCaps, CreateFontA
iphlpapi.dll
GetIpForwardTable, GetAdaptersInfo, GetNetworkParams, GetAdaptersAddresses
kernel32.dll
DllMain
ole32.dll
CoUninitialize, CoCreateInstance, OleRun, CoCreateGuid, StringFromGUID2, CreateStreamOnHGlobal, CoInitialize, CoGetMarshalSizeMax, CoInitializeEx, GetHGlobalFromStream, CoSetProxyBlanket, CLSIDFromProgID, CoTaskMemAlloc, CoGetClassObject, OleLockRunning, CLSIDFromString, OleInitialize, CoTaskMemFree, OleUninitialize, CoMarshalInterface
oleacc.dll
AccessibleObjectFromPoint
rpcrt4.dll
UuidCreate, UuidCompare
setupapi.dll
SetupDiCreateDeviceInfoList, SetupDiOpenDeviceInfoA, SetupDiGetDeviceRegistryPropertyA, SetupDiDestroyDeviceInfoList, SetupDiGetClassDevsA, SetupDiEnumDeviceInfo, SetupDiGetDeviceInstanceIdA, SetupDiEnumDeviceInterfaces, SetupDiGetDeviceInterfaceDetailA
shell32.dll
SHGetFolderPathA, SHGetSpecialFolderPathA, SHGetSpecialFolderPathW, ShellExecuteA, Shell_NotifyIconA
shlwapi.dll
SHCopyKeyA
user32.dll
UpdateLayeredWindow, KillTimer, SetTimer, GetClientRect, GetDesktopWindow, ReleaseDC, GetDC, InsertMenuItemA, CreatePopupMenu, LoadImageA, TrackPopupMenu, GetCursorPos, DestroyMenu, DestroyIcon, FindWindowA, IsWindow, GetWindowRect, SetWindowTextA, PeekMessageA, UpdateWindow, MsgWaitForMultipleObjects, DestroyWindow, SendMessageA, SetWindowLongA, GetWindowLongA, CreateWindowExA, TranslateMessage, RegisterClassExA, LoadCursorA, LoadIconA, PostMessageA, IsDialogMessageA, SetDlgItemTextA, LoadAcceleratorsA, ShowWindow, RegisterWindowMessageA, CallWindowProcA, DefWindowProcA, GetMenu, DrawTextA, SetForegroundWindow, SetFocus, SetActiveWindow, MoveWindow, PostQuitMessage, GetWindowThreadProcessId, PostThreadMessageA, DispatchMessageA, GetMessageA, MessageBoxA, wsprintfA, UnhookWindowsHookEx, InvalidateRect, MsgWaitForMultipleObjectsEx, IsWindowVisible, EnumWindows, ClientToScreen, SetWindowsHookExA, SetWindowPos, FlashWindowEx, DestroyAcceleratorTable, ScreenToClient, GetFocus, GetClassInfoExA, UnregisterDeviceNotification, RegisterDeviceNotificationA, CreateDialogParamA, RemoveMenu, GetSubMenu, LoadMenuA, EnableWindow, ExitWindowsEx, SetClassLongA, GetSystemMetrics, GetDlgItem, SetCapture, CallNextHookEx, GetParent, ReleaseCapture, IsChild, GetWindowTextLengthA, RedrawWindow, GetWindowTextA, GetSysColor, CreateAcceleratorTableA, GetWindow, SystemParametersInfoA, InvalidateRgn, GetClassNameA, CharNextA, EndPaint, EndDialog, CheckMenuItem, UnregisterClassA, RegisterClassA, IsWindowEnabled, SetDlgItemInt, EnumChildWindows, LoadStringA, FillRect, TranslateAcceleratorA, BeginPaint
version.dll
GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA
wininet.dll
HttpSendRequestA, InternetQueryOptionA, HttpQueryInfoA, InternetSetOptionA, DeleteUrlCacheEntry, HttpOpenRequestA, RetrieveUrlCacheEntryStreamA, ReadUrlCacheEntryStream, UnlockUrlCacheEntryStream, InternetConnectA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA, InternetGetConnectedState, InternetReadFile
winmm.dll
joyGetNumDevs, waveOutGetNumDevs, auxGetNumDevs, mixerGetNumDevs, midiOutGetNumDevs, midiInGetNumDevs, waveInGetNumDevs
winspool.drv
EnumPrintersA
ws2_32.dll
WSAWaitForMultipleEvents, WSACloseEvent, WSAEnumNetworkEvents, WSACreateEvent, WSAEventSelect

rlvknlg.exe

Relevant-Knowledge by TMRG (Signed)

Remove rlvknlg.exe
Version:   1.3.333.310 (Build 333.310)
MD5:   7e54edd63d1599808020532766f61a2b
SHA1:   dc82855ddba43f61c3f8b3ce6494fc1cb76d214b
SHA256:   6ef05b77d3931da067321b07f4ac93eab3e4fc6e890d69be9bc74fec854ac812
Warning 15 antivirus scanners has detected malware.

What is rlvknlg.exe?

Relevant-Knowledge maintains a group of users who have monitoring software (with brands including PermissionResearch, OpinionSquare and VoiceFive Networks) installed on their PCs in exchange for joining the Relevant-Knowledge research panels, users are presented with various benefits, including computer security software, Internet data storage, virus scanning and chances to win cash or prizes.

About rlvknlg.exe (from TMRG)

RelevantKnowledge is part of an online market research community with over 2 million members worldwide. RelevantKnowledge relies on its members to gain valuable insight into Internet trends and behavi

DetailsDetails

File name:rlvknlg.exe
Publisher:TMRG, Inc.
Product name:Relevant-Knowledge
Typical file path:C:\Program Files\relevantknowledge\rlvknlg.exe
File version:1.3.333.310 (Build 333.310)
Size:2.85 MB (2,983,472 bytes)
Certificate
Issued to:TMRG
Authority (CA):Thawte
Expiration date:Wednesday, December 1, 2556
Digital DNA
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Program Files\RelevantKnowledge\rlvknlg.exe'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'RelevantKnowledge' → C:\Program Files\relevantknowledge\rlvknlg.exe -boot
Network connections
Access through an approved Windows firewall exception
  • [UDP] listens on port 58538

    • MalwareMalware detections

    Based on 40+ industry antivirus scanners, 15 of them detected the following malware.
    Antivirus engineEngine versionDetection
    Avira AntiVir 7.11.47.170 ADWARE/Adware.Gen
    avast! 6.0.1289.0 Win32:Relevant-Z [PUP]
    AVG 2014.0.3629 Skodna.Generic.ADT
    Comodo Internet Security 13981 UnclassifiedMalware
    Dr.Web 7.0.4.09250 Trojan.DownLoad3.8818
    Emsisoft Anti-Malware 3.0.0.567 Riskware.Win32.RelevantKnowledge.AMN (A)
    ESET NOD32 7.7628 a variant of Win32/Adware.RK.AE
    F-Prot v6.4.6.5.141 W32/Relevant.A.gen!Eldorado
    K7 AntiVirus 9.153.7774 Adware
    McAfee 5.400.1158 Artemis!7E54EDD63D15
    McAfee Gateway Anti-Malware v2012.1-dat Artemis!7E54EDD63D15
    Norman 6.08.06 W32/RelevantKnowledge.AWC
    Sophos 4.82.0 Generic Proxy-OSS Application
    SUPERAntiSpyware 5.6.0.1008 Spyware.RelevantKnowledge
    VIPRE Antivirus 13694 Adware.Win32.RelevantKnowledge.a (v)

    ResourcesResource utilization

    (Note: statistics below are averages based on a minimum sample size of 200 unique participants)
    Averages
     
    CPU
    Total CPU:0.10047572%
    0.028634%
    Kernel CPU:0.02641721%
    0.013761%
    User CPU:0.07405851%
    0.014873%
    Kernel CPU time:11,359 ms/min
    100,923,805ms/min
    Memory
    Private memory:42.24 MB
    21.59 MB
    Private (maximum):23 MB
    Private (minimum):21.29 MB
    Non-paged memory:42.24 MB
    21.59 MB
    Virtual memory:259.77 MB
    140.96 MB
    Virtual memory (peak):301.51 MB
    169.69 MB
    Working set:22.8 MB
    18.61 MB
    Working set (peak):46.31 MB
    37.95 MB
    Resource allocations
    Threads:39
    12
    Handles:1274
    600
    GUI GDI count:133
    103
    GUI GDI peak:137
    142
    GUI USER count:77
    49
    GUI USER peak:83
    71

    BehaviorsProcess properties

    Integrety level:Undefined
    Platform:64-bit
    Command line:"C:\Program Files\relevantknowledge\rlvknlg.exe" -boot
    Owner:User
    Parent process:rlservice.exe (Relevant-Knowledge by TMRG)

    ResourcesThreads

    Averages
     
    rlvknlg.exe (main module)
    Total CPU:0.11857457%
    0.272967%
    Kernel CPU:0.09782495%
    0.107585%
    User CPU:0.02074962%
    0.165382%
    CPU cycles:2,991,748/sec
    5,741,424/sec
    Context switches:4/sec
    79/sec
    Memory:3 MB
    1.16 MB
    wow64.dll
    Total CPU:0.00340643%
    Kernel CPU:0.00170321%
    User CPU:0.00170321%
    CPU cycles:27,955/sec
    Memory:252 KB

    Windows OS versionsDistribution by Windows OS

    OS versiondistribution
    Microsoft Windows XP 75.00%
    Windows 7 Ultimate 25.00%

    Distribution by countryDistribution by country

    United States installs about 33.33% of Relevant-Knowledge.
    Back to top
    Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

    Download it for FREE