The following tutorial demonstrates how to remove the Ardamax keylogger malware from your computer.

Commercial Keyloggers are malicious applications designed to take note of the interactions you have with your computer’s keyboard. This can include your keystrokes, usernames, passwords, sound from the microphone, screenshots from the camera, chat logs, browser history, emails, and more.

If you’ve ever wondered how unlikely it is for someone to look at you through your webcam, the answer lies with if you’ve got commercial keylogger malware on your computer. Not all commercial keyloggers are developed to make use of the camera, but some are. All it takes is for you to have downloaded a keylogger for it to be potentially taking screenshots of your camera.

The good news is that most commercial keyloggers aren’t downloaded from the internet like other malware. Given the specific intended user’s keyloggers target, most keyloggers are installed on a computer by someone who has had physical access to that computer.

Tips to Avoid Malware in the Future

If you have malware on your computer, you can always install an antimalware program and run a scan to try to remove it. But some experts suggest that even if you do that, it is not a given that all malware can be removed—once it gets access to your system, some of its associated files may prove close to impossible to extract.

So naturally, that means you should try preventing the malware from getting on your computer in the first place.

Here are some of the most common ways you can avoid getting malware on your PCs:

  • Be cautious when downloading. You can anticipate finding malware on some websites more than others. If you are using a reliable web browser, it should already provide timely protection by alerting you to sites littered with threats upon visiting them—do not ignore those warnings. What’s more, try not to visit any websites that you think maybe untrustworthy: Torrenting sites may offer handy legal files, and the founders are not necessarily evil, but you need to remember that random people around the world are uploading each of those files, including the directories of such sites riddled with illegal movie files. A notorious niche for malware is sites that host or share torrents for this reason—not everyone is interested in helping you download free files without getting something in return. Often that return comes in the form of malware tucked away within the files you download, tricking you into thinking that they are only movies.
  • Install (full paid versions of) third-party antimalware programs if you can. If your operating system is not providing adequate protection from malware threats, you ought to look into third-party programs. They will not always protect you in real-time for free, but the paid versions often do. That means if the program detects the file you are about to download is malware, it lets you know about it with a warning. At this stage, Microsoft Windows does not automatically block potentially unwanted programs, so third-party protection for malware may still be sensible to use.
  • Keep all data and personal information safe. The malware only becomes a problem when it nestles its way into your operating system, and in the precise location that its developer had set out for it. Simply being on your computer does not necessarily mean you encounter computer woes; it is what it does from that position that dictates your computer’s outcome. Moreover, not all malware is trying to cause computer problems. Sometimes it wants to snoop on your data instead. To keep prying malware at bay, look into ways of keeping your data safe, such as using file encryption. Windows 10 comes with EFS for encrypting individual files and also BitLocker encryption for the full disk.
  • Keep your software up to date. It does not matter what software you have; if it is outdated, then it may also be insecure. Simply being outdated software does not necessarily open up new avenues for vulnerabilities. Rather, new updates potentially close old vulnerabilities. It can be said with certainty that your software is safe to continue using if you know there are no vulnerabilities. However, if antivirus or manufacturers find vulnerabilities, updates are critical. If you do not want to follow the news every day, it is best to keep updating and know that you are safe. That means ensuring your operating systems are updated with their regular over-the-air software update rollouts. For Windows users, that means keeping the Windows Update automatic updates enabled, so the automatic updates can arrive when Microsoft has them prepared for your machine. Additionally, only uninstall a Windows update if you know your PC has an issue with its current software version.
  • Keep networks secure. All your computers (desktops, laptops, smartphones), and other peripherals such as printers, when connected to WiFi, are often connected to the same network. Ensure a secure network with a password. Otherwise, your WiFi connection will be open. The best security today is with WPA or WPA2 encryption. You typically do not have much to worry about here, as all competitive WiFi providers automatically implement it. But make sure it stays that way after you begin using it by not disabling the encryption. 
  • Do not use open WiFi. You have heard the warning: stay away from that open WiFi you get at airports, unless you need it. The idea behind this warning is because the connection is considered public that it also means people with malicious intent have easy access to it. Thus, the information on your smartphones, tablets, and laptops cannot be properly protected with open WiFi connections.

The following tutorial demonstrates how to remove the malware from your computer.

Method One: How to Remove Ardamax Keylogger by Manually Scanning Files, Folders, and Drives with Windows Defender in Windows 10

Windows 10’s default antivirus program, Microsoft Defender, (known as Windows Defender before the  Windows 10 November 2019 Update) doubles as very good antivirus and antimalware protection. The term “antimalware” is a more modern version of the term “antivirus” because a multitude of malicious programs exist today rather than computer viruses alone. Microsoft Defender finds all sorts of malware and is antimalware that keeps the traditional antivirus name to avoid confusion. That said, Microsoft Defender still might not remove a Potentially Unwanted Program (PUP) on your computer until you enable the PUP protection first. If you tried an antivirus/antimalware scan with Microsoft Defender and the malware was not found, you can try enabling the PUP protection and try again before installing third-party software on your computer.

See also: How to Use Malicious Software Removal Tool in Windows 10

Note: The terms “Potentially Unwanted Programs” (PUPs) and “Potentially Unwanted Applications” (PUAs) are interchangeable. When referring to misleading software installed as a bundle or without users’ consent, common antimalware programs use the term “PUP;” however, Microsoft prefers “PUA” in Windows 10.

Part One: How to Enable or Disable Microsoft Defender PUA Protection in Windows 10

When removing Potentially Unwanted Programs from your computer with the default Microsoft Defender antivirus, you should enable PUP protection first. Here is how to do that:

Option One: How to Enable or Disable Microsoft Defender PUP Protection in Windows PowerShell

1. Open an elevated Windows PowerShell. See this tutorial to read all the different ways in which you can open the elevated version of the Windows PowerShell: How to Open Elevated Windows PowerShell in Windows 10

2. If you are prompted by User Account Control, click on the Yes button.

3. Type one of the following commands into the Windows PowerShell window, depending on what you want to achieve, and then press the Enter key on your keyboard to execute it:

To Enable Microsoft Defender PUA Protection:
Set-MpPreference -PUAProtection 1
or
Set-MpPreference -PUAProtection Enabled

To Disable Microsoft Defender PUA Protection (Default):
Set-MpPreference -PUAProtection 0
or
Set-MpPreference -PUAProtection Disabled

Audit Mode – detects PUPs, but does not block them:
Set-MpPreference -PUAProtection 2
or
Set-MpPreference -PUAProtection AuditMode

4. Restart the computer before attempting to run a new Microsoft Defender antivirus scan that searched for extra PUPs.

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Two: How to Enable or Disable Microsoft Defender PUA Protection in Local Group Policy Editor

Notes:

  • You can only use this option from the Local Group Policy Editor starting from Windows 10 version 1809.
  • The Local Group Policy Editor is only available in Pro, Enterprise, and Education editions of Windows 10.
  • Though Microsoft changed the name Windows Defender to Microsoft Defender in Windows 10 version 1909, as of yet, the Local Group Policy Editor has not been updated to reflect this change. Should there come a time when the following path no longer works, try exchanging Windows Defender for Microsoft Defender in the Local Group Policy Editor where applicable.

1. Open the Local Group Policy Editor (gpedit.msc). See this tutorial to read all the different ways in which you can open the Local Group Policy Editor: How to Open Local Group Policy Editor in Windows 10

2. Using the Local Group Policy Editor’s left pane, navigate through to the following location:

Computer Configuration\Administrative Templates\Windows Components\Windows Defender Antivirus

3. With Windows Defender Antivirus selected, click on Configure detection for potentially unwanted applications from the right pane. (click to enlarge screenshot below)

Windows Defender Antivirus -- Configure detection for potentially unwanted applications

4. From the Configure detection for potentially unwanted applications policy, select either Not Configured (to turn off Windows Defender PUP protection), Enabled (to turn on Windows Defender PUP protection), or Disabled (to turn off Windows Defender PUP protection). (click to enlarge screenshot below)

Note: If selecting Enabled, a drop-down menu appears in the Options window that offers additional options to configure the group policy if you like. For example, from the drop-down menu, you can select Blocked which means the Configure detection for potentially unwanted applications policy will be enabled, and the potentially unwanted programs will be blocked from being downloaded onto your computer. It is suitable for most people to select Blocked from the drop-down menu in the Options window to stop PUPs getting onto your computer in future.

Configure detection for potentially unwanted applications policy settings

You can now close the Local Group Policy Editor and continue using your computer if you like.

Part Two: How to Manually Scan Files, Folders, and Drives with Microsoft Defender in Windows 10

Windows 10 provides the latest antivirus protection with Windows Security. Your device will be actively protected from the moment you start Windows 10. Windows Security continually scans for malware (all types of malicious software), viruses, and security threats. In addition to this real-time protection, updates are downloaded automatically to help keep your device safe and protected from threats.

Some features differ if you are running Windows 10 in S mode. Because this mode is streamlined for tighter security, the Virus & threat protection area has fewer options. However, that does not mean it is less secure—the built-in security of this mode automatically prevents viruses and other threats from running on your device, and you will receive security updates automatically.

Microsoft Defender automatically scans your system periodically, so it should pick up and remove any malware on your computer by itself over time. If you need a quick solution, Microsoft Defender also allows for manual scans so that you can scan any location on the operating system immediately.

Note: The Microsoft Defender antivirus application shown below comes out of the box on all versions of Windows 10, the latest version of Windows operating system. If you are running an older version of Windows, such as Windows 7, then you can skip to one of the next parts that shows you how to install a third-party antimalware application instead.

Option One: How to Scan with Microsoft Defender Using Context Menu

Here is how you can run an antivirus scan with the built-in Microsoft Defender antivirus program from the context menu of a file or folder:

Notes:

  • The Windows Security is available in all versions of Windows 10 after version 1703.
  • While Microsoft has changed the name from Windows Defender to Microsoft Defender as of Windows 10 version 1909, most locations around Windows, including the context menu via File Explorer, still list the older Windows Defender name. Should there come a time when the following path no longer works, try clicking on Scan with Microsoft Defender… instead of Scan with Windows Defender… from the context menu instead.

1. From File Explorer, select the drivefolder, or file that you suspect may contain the potential malicious program.

2. Right-click on Scan with Windows Defender from the context menu. (click to enlarge screenshot below)

The Downloads folder found within File Explorer; Scan with Windows Defender from its context menu
Select your file, folder, or drive from any area within File Explorer — you can find the main folders by selecting This PC from navigation pane — and then right-click on it, and select Scan with Windows Defender… from its context menu.

3. When the scan completes, Windows Security will open and show you the results. The total time for the scan to complete will vary. Scanning drives will take the longest, while scanning individual files the quickest. (click to enlarge screenshot below)

Notes:

    • The Windows Security application used to be called the Windows Defender Security Center in previous versions of Windows 10. All the settings within the app remained the same after the name change.
    • Starting with Windows 10 version 1803, the app has two new areas: Account protection and Device security.
Scan options: Custom scan running...
No matter what type of scan you choose, you can always observe the progress bar at the top of the page beneath the Scan options to see how the scan is progressing.

a. If there are no threats found, Windows Security will let you know as much in the same region where it previously show you the scan was underway. (click to enlarge screenshot below)

Scan options: No current threats found.

b. If there are threats found, however, it will let you know there are threats found, as well as the threat names and location in the same area. (click to enlarge screenshot below)

Scan options: Threats found. Start the recommended actions.

4. To remove any threats found, click on the Start actions button. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Security removing the threat immediately.

Windows Security: Start actions

Protection history: Threat found -- action needed
The malware we have used in these screenshots is test malware, designed to imitate how real malware works so that it will show up in Microsoft Defender scan results. We do not ever recommend downloading actual malware onto your computers.

You can now close the Windows Security app and continue using your computer if you like.

Option Two: Scan with Microsoft Defender in Windows Security

Here is how you can run an antivirus scan with the built-in Microsoft Defender antivirus program from the Windows Security app:

1. Open Windows Security. See this tutorial to read all the different ways in which you can open Windows Security in Windows 10: How to Open Windows Security in Windows 10

Microsoft Defender icon in Notification Area

2. Click on the Virus & threat protection icon in Windows Security’s Security at a glance page. (click to enlarge screenshot below)

Windows Security: Security at a glance

3. Do step 4, step 5, step 6, or step 7 depending on what it is that you would like to do.

4. To Run a Quick Scan with Microsoft Defender

a. Click on the Scan now button. (click to enlarge screenshot below)

Windows Security: Quick scan

5. To Run a Full Scan with Microsoft Defender

a. Select Full scan and then click on the Scan now button. (click to enlarge screenshot below)

Windows Security: Full scan

6. To Run a Custom Scan with Microsoft Defender

a. Select Custom scan and then click on the Scan now button. (click to enlarge screenshot below)

Windows Security: Custom scan

7. To Run an Offline Scan with Microsoft Defender

a. Select Windows Defender Offline scan and then click on the Scan now button. (click to enlarge screenshot below)

Windows Security: Windows Defender Offline scan

8. Select the filefolder, or drive that you want to scan and then click Select Folder. (click to enlarge screenshot below)

Custom Scan: Select folder, Razer Blade HDD

9. Microsoft Defender starts scanning the option that you chose. (click to enlarge screenshot below)

Windows Security: Full scan running

10. When the scan completes, you get the results in numbers. (click to enlarge screenshot below)

Scan options: No current threats.
If there are no threats found once the scan has completed, it will say so from the same region that previously showed you the progress bar. This region has changed a bit since the earlier versions of Windows 10; no longer is there a link that allows you to see threat details like previous versions offered. Simplifying this was perhaps a good idea because you should always remove the threat from the computer once it is found.

11. If there are threats found, however, it will let you know there are threats found, as well as the threat names and location in the same area. (click to enlarge screenshot below)

Scan options: Threats found. Start the recommended actions.
When threats are found, it tells you so and let’s you know that you need to get started with the recommended actions by clicking on the Start actions button.

12. To remove any threats found, click on the Start actions button. (click to enlarge screenshots below)

Note: Clicking on Start actions will result in Windows Security removing the threat immediately.

Windows Security: Start actions

Protection history: Threat found -- action needed
The malware we have used in these screenshots is test malware, designed to imitate how real malware works so that it will show up in Microsoft Defender scan results. We do not ever recommend downloading actual malware onto your computer.

You can now close the Windows Security app and continue using your computer if you like.

Option Three: How to Scan with Microsoft Defender from Windows PowerShell

Here is how you can run an antivirus scan with Microsoft Defender from the Windows PowerShell:

1. Open the Windows PowerShell. See this tutorial to read all the different ways in which you can open the Windows PowerShell application in Windows 10: How to Open Windows PowerShell in Windows 10

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it.

Update and Quick scan:
Update-MpSignature; Start-MpScan -ScanType QuickScan

Quick scan:
Start-MpScan -ScanType QuickScan

Full scan:
Start-MpScan -ScanType FullScan

Windows PowerShell: MPScan QuickScan running
Windows PowerShell: MPScan QuickScan completed

You can now close the Windows PowerShell window and continue using your computer if you like.

Option Four: How to Scan with Microsoft Defender from Command Prompt

Here is how you can run an antivirus scan with Microsoft Defender from the command line:

Note: Though Windows Defender has been renamed to Microsoft Defender, Microsoft has not yet updated the commands to reflect this change. Should there come a time when the following commands no longer work, try exchanging Windows Defender for Microsoft Defender in the commands where applicable.

1. Open the Command Prompt. See this tutorial to read all the different ways in which you can open the Command Prompt application in Windows 10: How to Open Command Prompt in Windows 10

2. Type the command below that best suits your needs and then press the Enter key on your keyboard to execute it. (click to enlarge screenshot below)

Update and Quick scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -SignatureUpdate & "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Quick scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 1

Full scan:
"%ProgramFiles%\Windows Defender\MpCmdRun.exe" -Scan -ScanType 2

Command Prompt: Windows Defender ScanType 1

You can now close the Command Prompt window and continue using your computer if you like.

Method Two: How to Remove Ardamax Keylogger Using Malwarebytes

If scanning with the Windows Security antimalware protection doesn’t remove the Ardamax keylogger, you can try installing third-party antimalware tools, such as Malwarebytes, and see if that removes the keylogger instead. You can also use an antimalware program such as Malwarebytes to remove the extensions and all other related files remaining on your computer, so you don’t have to do any of it manually.

Note: Malwarebytes also has an application for smartphones that run on Android and iOS. Here is a tutorial for how to install Malwarebytes on Android:

The iOS version will be very similar, apart from needing to use the Apple App Store in place of the Google Play Store. You will not have any problems finding it because your iOS software only comes with the Apple App Store.

1. Download the Malwarebytes for Windows from the Malwarebytes website.

2. If prompted by your web browser with a message that says “This type of file can harm your computer. Do you want to keep the executable (.exe) file anyway?,” click on the Keep button.

3. If you are prompted by User Account Control asking “Do you want to allow this app to make changes to your device,” click on the Yes button.

4. Click on the Scan Now button to begin scanning the computer for malware and other potentially unwanted programs. (click to enlarge screenshot below)

5. Wait for the scan to complete. (click to enlarge screenshot below)

6. Select all of the malware and potentially unwanted programs that you want to be removed from the computer and then click on the Quarantine Selected button. (click to enlarge screenshot below)

7. You may get a message from Malwarebytes letting you know that all selected items have been removed successfully, but the computer must be restarted before the removal process can be completed. Select the Yes button to reboot your computer now. (click to enlarge screenshot below)

8. Upon signing back in to your computer, the Malwarebytes interface will open and let you know that the scan and quarantine are complete. (click to enlarge screenshot below)

Note: You can also export the scan results by clicking on Export summary from the main Malwarebytes results page and then clicking on the Export button from the scan report. (click to enlarge screenshot below)

You can now close the Malwarebytes interface and continue using your computer if you like.

That’s all.

FAQ

Do I Have to Complete All the Methods Before the Malware Is Removed?

No, you do not—unless otherwise stipulated. Your computer will often be removed from all malware by using one of the methods available. It’s when you try one method, and the malware remains that you should try another method in the tutorial.

Are the Methods Listed in Order of What Should Work Better?

Not necessarily. We sometimes put the Windows Security before third-party applications because if you use Windows, you might prefer solving the problem without having installed another program on the computer. Windows Security is also free to use for your duration of using the operating system, which could mean more convenience to you.

Nevertheless, if you prefer using third-party programs, or your computer is not running Windows, then you can skip the Windows Security method and try using the third-party program recommendations instead.

Do I Have to Complete All Parts of the Windows Security Tutorial?

No, you do not. We have listed all the different ways you can run an antimalware scan with Windows Security for your convenience, but you only need to choose one of the methods to remove the malware.

Sometimes you may need to be able to get access to all options of running an antimalware scan—especially if your computer is currently being affected by the malware—which is why we have listed all the ways you can run scans with Windows Security.

Why Do You Have a Tutorial for Android but Not for iOS?

Both apps should be very similar, so we chose one app for the tutorial at this time. We may update it in the future if and when the tutorials differ enough to require separate tutorials for both platforms.

Since Android is currently the more open operating system of the two—and therefore potentially more susceptible to malware—it makes sense that in theory, more people will potentially get malware on Android than iOS at this time. What’s more, you also get far more applications to choose from on the Google Play Store than with Apple’s App Store because Android has more users.

That said, the only reason Android is more open is that people choose to open it—it does not automatically come that way out of the box. So we are not necessarily suggesting that iOS is naturally more secure than Android.