Do you have antiak in your registry?

Even though I have "show hidden files" selected in folder options, antiak.sys is a hidden driver that I couldn't even find on my system in safe mode, yet Event Viewer is putting up errors that say,

"The following boot-start or system-start driver(s) failed to load: antiak".

I Googled this driver and read the reports raging from rootkit to AntiKeylogger driver to A-Squared and other possibilities. I recall once several years or more ago trying AntiKeylogger, then removing it, so it's not shocking to find that there may still be a driver on my system. Why it is trying to load is another question.

I searched the registry on both of my computers. On the one that is showing the Event Viewer error message, I have found about 10 reg entries for antiak. The other computer shows 2 reg entries.

--> What I'd like to know from fellow members is, can any of you find antiak in your registries?

Does anyone have any clue as to what this is from?

Since I can't find it on my HD, I can't submit it anywhere for analysis.

I have sent email to two different AntiKeylogger software companies (not sure which if either I used) asking them if they use this driver, and if it leaves these registry remnants.

 

That is most likely related to a program that wasn't uninstalled completely, you can uninstall the service using a-squared's HiJackFree.

 

I can delete the reg entries too. But I'm looking for help from Wilders members who may find antiak entries in their registries, and know from where they came.

 

Non existent in win 7.

I googled these..

http://r-1.ch/antiak.html
http://www.spydex.com/forum/board-general-action-display-num-19096974.html

Sul.

 

I'm taking a goog hard look at that removal tool right now.
I'm skeptical about running it though.
All right-click scans from avast, MBAM, HitmanPro and Prevx find no infections.
Jotti says nothing found and VirusTotal says it's okay, all except
Symantec which flags it as Suspicious.Insight

 

I cannot vouch for that removal tool. Be careful.

Sul.

 

I'm not gonna run it.
I would back up the registry then delete all 10 reg entries manually and feel better about life than I would using that tool.
Besides, I'd like to know what people here think or see.
Thanks Sul.

 

Found this in my registry using Malware Defender

HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603 000 antiak.sys

 

G1111 - that's because you used windows search to see if you had antiak.sys

Page42 - antiak.sys is from AntiKeylogger, personally I'd just remove the entries.

 

Lots of google results point to that being the case.
How do you know that to be true, stackz?

 

This is what I'm seeing on one machine...

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIAK

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ANTIAK\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antiak

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antiak\Enum

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIAK

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ANTIAK\0000

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\antiak

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIAK

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ANTIAK\0000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antiak

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antiak\Enum

 

You are correct. Ran CCleaner, MRU Blaster reran registry search in MD and it is gone.

 

I deleted 5 of the 11 reg entries. For some reason the 6 LEGACY entries wouldn't delete. Maybe I have to do it in safe mode?

But I got rid of the Antiak\Security service that was trying unsuccessfully to load. ZAP alerted me upon deleting one reg entry that a driver was being deleted and wanted me to allow or deny.

I'm trying ultimately to see if removing this service that was failing to load will improve my boot time and help certain apps that are struggling to load.

Time will tell.

 

Even though you might be admin, some registry keys are not allowed modification. You can change this of course by giving yourself full rights in the registry. Make sure you change it back afterwards.

Poke around those remaining to make sure there is not a reference to a CLSID or something. Just follow all {GUID} references out to see where they might lead.

Sul.

 

Well safe mode made no difference. I'll follow your advice, Sul...

 

To delete the Legacy entries, just right click on each entry, select permissions and give yourself full permission. OK the change and now you can delete them.

(For anyone interested - in Windows 7 you need to run as system to delete the Legacy entries)

 

Page42:

on the "legacy" items you just need to right click and raise the permissions level.
You will see when you try it.

sorry,stackz,same time,plus I had no idea about Windows7.

 

Open services.msc look for an antilogger service or something pertaining to antiak.sys and disable it. Reboot and try deleting the keys. LiveCD or ARK tool may be able to get a copy of antiak.sys. Submit antiak.sys to FileResearchCenter.

 

Thanks, guys, for all the help.
I was able to delete all antiak entries after giving myself full permission.
FWIW, my registry is now devoid of any antiak entries and the Event Viewer error message is no more.
That's perfect.
Boot time seems faster... I'm guessing that the time taken trying unsuccessfully to load the antiak driver may have been substantial, and could have been causing a conflict with a few of my security programs.
Any speculations on that?

 

The free search utility "Agent Ransack" should find it if it is in the system anywhere.

It can be deleted through Agent Ransack's gui if found.

You could also bring up Device Manager - View tab - Show Hidden Devices and check through "Non-Plug and Driver's" list to see if it shows up in there?

 

Not in Device Manager, Franklin... but I found other things in there to keep me occupied for awhile. And I'll look into Agent Ransack. That sounds like a utility that you use? Thanks for the suggestions.

 

Did you try running a EWS scan with Hitman Pro? Might come up with something on the system.

 

The reason it wasn't loading was likely because the file was missing. If you looked in Device Manager under Non-Plug and Play drivers you could probably have "uninstalled" it. You could've deleted it with pserv as well.

 

In Sully's first link, the antiak.sys entry in sevices.msc should be "AK Service". If you right-click that entry and click Properties you should see the file path and option to disable it. But seeing you already deleted the reg keys, services.msc or device manager might not list the driver now but it might still be present in the system.

 

I should have mentioned earlier that I did search in Services for anything related to antiak (anything listed in the A's) and nothing was present there. I agree with Espresso that, "The reason it wasn't loading was likely because the file was missing". However, you could be correct, "it might still be present in the system".

@ raven211... I did not try running an EWS scan with Hitman Pro. Upon reading your suggestion I did, however.