Protection against Kickidler monitoring
Kickidler is a not very popular spyware yet. For this reason, most likely, it would not be taken for testing in our laboratory. But it turned out that its developers designed the feature for preventing the work of COVERT Pro.
It blocks the launch of COVERT Pro secure platform. We have to disappoint Kickidler’s developers – COVERT Pro detects monitoring tools before entering the secure platform. The workaround of this blocking is easy enough.
You can detect Kickidler’s presence on your computer in the “Network monitor” of COVERT Pro. Process grabber.exe is one of the modules of this spyware.
If you add it to the Database threats, this process will be blocked by COVERT Pro and monitoring will be stopped. This process is already included in the Database threats in the new versions of COVERT Pro.
Attacker’s computer will not be able to reconnect to your computer, but these attempts will be permanent.
In addition to the mentioned process, COVERT Pro shows you the presence of three additional modules that belong to Kickidler. This is a service named ngs for transmitting data, processes named grabberAgent.exe and grabberSubAgent.exe.
To disable blocking of the entrance to the COVERT Pro secure platform, you have to open the “System Processes“, where three processes are highlighted in red – grabber.exe, grabberAgent.exe and grabberSubAgent.exe. Then right-click on grabberAgent.exe and on grabberSubAgent.exe, in the shortcut menu select “Add into processes database to terminate“. Confirm your action by clicking on save button. Do not touch grabber.exe process and remove its name from the Database of threats. This is necessary if you want to open access for remote monitoring.
If you leave grabber.exe in the database, then when COVERT Pro starts, the remote computer will lose connection with your computer. Then you can enter the secure platform and attacker from remote computer will not see anything other than the desktop. There will not be loss of connection with your computer. The window of COVERT Pro on the monitoring screen of the Kickidler will not be displayed.
After these steps you can go into COVERT secure platform. At this moment Kickidler continues working. Your desktop will be visible in its interface before you enter to the secure platform. All your actions within the secure platform Kickidler will not be able to see.
In order to completely disable Kickidler monitoring, but leave the possibility of its restoration, the following actions should be taken. Run the “System Services“. Find the service named ngs, which is used to collect and transfer information, and deactivate it via the context menu.
After disabling the service ngs the processes grabberAgent.exe and grabberSubAgent.exe disappears from the list that you can see in the monitor “System processes”. These processes hide themselves from Windows Task Manager, but COVERT shows them even in its system processes monitor, without using the search function of hidden processes.
When this spyware is completely stopped, you can enter COVERT secure platform without any obstacles from Kickidler and work inside of the safe environment.
If there is a necessity to restore the monitoring at your computer, you should click on the “All Services” in the “System Services”. The services that are in Database threats but are not active at the moment will be highlighted in yellow.
Upon the restoring of ngs, it runs all the additional processes that were used previously. But this spyware will get access to your computer only when you close COVERT Pro.
For complete removal Kickidler from your computer you should click with the right mouse button on the ngs service in the window “Service system” and select “Open folder service” in the context menu.
Remove all content of the opened folder, after stopping this service via the context menu.
The ability to monitor your computer will be completely eliminated after these steps. COVERT allows you to detect, stop, restore, or delete online surveillance of Kickidler.
Checking Kickidler with 19 antiviruses shows that none of them consider it as a malware. If this program is installed on your computer, the antivirus will not inform you about it.
Download COVERT Pro and check FREE of charge your computer for spyware and rootkits, which were not detected by an antivirus.