When I remove rk.exe, it breaks my Windows Firewall/Internet Connection Sharing (ICS) service - and I can't acquire an IP address.
Also, I found there's an interdepency with another malware, I think it's newdot~6.dll. If you remove the registry entries for that one, it errors out rk.exe, which breaks your connectivity. Both exploit rundll32.exe, incidentally.
was just poking around with the Windows Firewall on my system. When I went to look at the exceptions, I was confronted with an entry that I couldn't recognize, rk.exe. Rk.exe was allowed full access to and from my computer. I did a quick search for rk.exe on the internet and came across ProcessLibrary's website which stated the following about rk.exe: rk.exe is a process that belongs to a software from RelevantKnowledge. The software monitors how you use the Internet as well as displays various surveys in popup windows. This process should be removed to protect your personal privacy.
Well, I actually have never seen any activity from rk.exe on my system, and infact, the file doesn't even exist. I must have cleaned it out with a spyware remover like, AdAware or Webroot's Spysweeper. The point of the matter is that this entry has found it's way into my Windows Internet Connection Firewall Exceptions list without my knowledge. And as it turns out, isn't that hard to do.
As long as the person currently logged into the computer has Administrative privileges, an application can easily add an entry into the HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ key that will allow any application full rights to and from the computer without the user's interaction or knowledge.