{
	"id": "fd8d8f5e-d4e1-44e2-91b3-e805df999d70",
	"created_at": "2026-04-06T00:22:09.358385Z",
	"updated_at": "2026-04-10T03:20:00.489295Z",
	"deleted_at": null,
	"sha1_hash": "080d943733811dbc368215ae489b05bfcfe95c79",
	"title": "Matiex Keylogger",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 3927530,
	"plain_text": "Matiex Keylogger\r\nBy Tomas Meskauskas\r\nPublished: 2025-06-09 · Archived: 2026-04-05 19:55:29 UTC\r\nWhat is Matiex?\r\nMatiex is a keystroke logger which is capable of taking screenshots, recording sound with the computer\r\nmicrophone and data saved in the system clipboard. Its users can receive logged data via Telegram, SMTP, FTP\r\nand Discord. Research shows that this keystroke logger can be purchased for US$25, $60, or $99 depending on\r\nthe subscription plan.\r\nGenerally, cyber criminals attempt to deceive users into installing this software on their computers in order to steal\r\nsensitive information, which can then be misused to generate revenue.\r\nMatiex malware overview\r\nA keylogger is a type of software that is often used by cyber criminals to monitor and record each keystroke typed\r\non an infected computer's keyboard. In most cases, cyber criminals seek to steal information such as logins,\r\npasswords (and other credentials), credit card details, and other personal, sensitive details.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 1 of 17\n\nThis particular keylogger can be used to take screenshots, access and use the computer microphone and steal data\r\nsaved on the operating system clipboard. Therefore, cyber criminals behind Matiex can misuse stolen information\r\nand/or access other data to steal identities, personal accounts, make fraudulent purchases and transactions, and for\r\nother malicious purposes.\r\nAdditionally, Matiex is capable of generating fake message boxes (pop-ups) containing any text. It also includes a\r\n\"self destruct\" feature, which allows this keylogger to uninstall itself at a certain designated time. If there is any\r\nreason to suspect that Matiex or other malware of this type is installed on your computer, remove it immediately.\r\nHaving a computer infected with a keylogger can be the reason behind serious issues such as identity theft,\r\nmonetary loss, loss of access to personal and important online accounts, etc.\r\nThreat Summary:\r\nName Matiex keystroke logger\r\nThreat Type Keylogger, password-stealing virus, banking malware, spyware.\r\nDetection\r\nNames\r\nAvast (VBA:Downloader-GAK [Trj]), BitDefender (Trojan.GenericKD.34198436),\r\nESET-NOD32 (VBA/TrojanDownloader.Agent.TVO), Kaspersky (HEUR:Trojan-Downloader.MSOffice.SLoad.gen), Full List (VirusTotal)\r\nSymptoms\r\nKeyloggers are designed to stealthily infiltrate the victim's computer and remain silent,\r\nand thus no particular symptoms are clearly visible on an infected machine.\r\nDistribution\r\nmethods\r\nInfected email attachments, malicious online advertisements, social engineering, software\r\n'cracks'.\r\nDamage\r\nStolen passwords and banking information, identity theft, the victim's computer added to\r\na botnet.\r\nMalware\r\nRemoval\r\n(Windows)\r\nTo eliminate possible malware infections, scan your computer with legitimate antivirus\r\nsoftware. Our security researchers recommend using Combo Cleaner.\r\n Download Combo Cleaner\r\nTo use full-featured product, you have to purchase a license for Combo Cleaner. 7 days\r\nfree trial available. Combo Cleaner is owned and operated by RCS LT, the parent\r\ncompany of PCRisk.com.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 2 of 17\n\nSimilar malware examples\r\nHakops, Amadey and Cheetah are some of examples of other malicious programs that function as keyloggers. In\r\nmost cases, cyber criminals attempt to trick users into installing this software so that they can steal information\r\nand misuse it to generate as much revenue as possible.\r\nThere are many legitimate keyloggers on the web, however, in some cases, cyber criminals use them to monitor\r\nvictims. I.e., legitimate keyloggers can be used for malicious purposes.\r\nHow did Matiex infiltrate my computer?\r\nResearch shows that cyber criminals use malspam email campaigns to deceive users into installing Matiex on their\r\ncomputers. I.e., they send emails that contain a malicious attachment, a Microsoft Office Excel document capable\r\nof installing Matiex, but only if users open it and enable editing/content (macros commands).\r\nMalicious documents opened with Microsoft Office versions that were released before 2010 infect computers\r\nautomatically without asking any permissions. Microsoft Office 2010 and newer versions include \"Protected\r\nView\" mode, which prevents malicious documents from installing malware automatically.\r\nHow to avoid installation of malware\r\nYou are strongly advised to ignore irrelevant emails that contain attachments or web links. Note that users often\r\nreceive malspam campaign emails from unknown, suspicious addresses. The emails are often disguised as\r\nimportant and official as if sent from legitimate companies/organizations.\r\nFurthermore, software and files should not be downloaded or installed via third party downloaders/installers, Peer-to-Peer networks, unofficial sites, unofficial pages, free file hosting sites, etc. Use official websites and direct\r\nlinks. It is also important to update and activate installed software only with tools or implemented functions that\r\nare designed by official software developers.\r\nIt is illegal to activate any licensed programs with 'cracking' tools. Finally, computers are safer when regularly\r\nscanned with reputable anti-spyware or antivirus software. If you believe that your computer is already infected,\r\nwe recommend running a scan with Combo Cleaner Antivirus for Windows to automatically eliminate infiltrated\r\nmalware.\r\nMalicious email used to distribute Matiex:\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 3 of 17\n\nText in this email:\r\nSubject: Invoice LPG81901- Confirm Bank Detail Ending with 692\r\nTO:\r\nFm: ClassNK Finance Department (PIC: T.Maezawa/Mr.)Our\r\nRef. No.: 20FC0507TM08\r\nDear Sir or Madam,\r\nWe have been giving two different account by your agent, based on high rate of fraud\r\nwe are suspicious. We decided to contact you directly to confirm which of the account mention on\r\nFreight Invoice as attached is your and also we will appreciate if you call to verify this by phone  +81-\r\n3-5226-2052  handle  this emails as urgent\r\nWe look forward to hearing from you.\r\nBest regards,\r\nS. HatogaiGeneralManager of Finance Department\r\n**************************************************\r\nNIPPON KAIJI KYOKAI (ClassNK)FINANCE DEPARTMENT4-7,\r\nKioi-Cho, Chiyoda-Ku, Tokyo 102-8567,\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 4 of 17\n\nJapanTEL: +81-3-5226-2052 FAX: +81-3-5226-2108\r\nE--mail: fnd@classnk.or.jp\r\n*************************************************\r\nMalicious MS Excel document designed to install Matiex:\r\nScreenshots of Matiex promotion page:\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 5 of 17\n\nScreenshots of Matiex administration panel:\r\n \r\nInstant automatic malware removal:\r\nManual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo\r\nCleaner is a professional automatic malware removal tool that is recommended to get rid of malware. Download it\r\nby clicking the button below:\r\n DOWNLOAD Combo Cleaner\r\nBy downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use\r\nfull-featured product, you have to purchase a license for Combo Cleaner. 7 days free trial available. Combo\r\nCleaner is owned and operated by RCS LT, the parent company of PCRisk.com.\r\nQuick menu:\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 6 of 17\n\nWhat is Matiex?\r\nSTEP 1. Manual removal of Matiex malware.\r\nSTEP 2. Check if your computer is clean.\r\nHow to remove malware manually?\r\nManual malware removal is a complicated task - usually it is best to allow antivirus or anti-malware programs to\r\ndo this automatically. To remove this malware we recommend using Combo Cleaner Antivirus for Windows.\r\nIf you wish to remove malware manually, the first step is to identify the name of the malware that you are trying\r\nto remove. Here is an example of a suspicious program running on a user's computer:\r\nIf you checked the list of programs running on your computer, for example, using task manager, and identified a\r\nprogram that looks suspicious, you should continue with these steps:\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 7 of 17\n\nDownload a program called Autoruns. This program shows auto-start applications, Registry, and file\r\nsystem locations:\r\nRestart your computer into Safe Mode:\r\nWindows XP and Windows 7 users: Start your computer in Safe Mode. Click Start, click Shut Down, click\r\nRestart, click OK. During your computer start process, press the F8 key on your keyboard multiple times until you\r\nsee the Windows Advanced Option menu, and then select Safe Mode with Networking from the list.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 8 of 17\n\nVideo showing how to start Windows 7 in \"Safe Mode with Networking\":\r\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nWindows 8 users: Start Windows 8 is Safe Mode with Networking - Go to Windows 8 Start Screen, type\r\nAdvanced, in the search results select Settings. Click Advanced startup options, in the opened \"General PC\r\nSettings\" window, select Advanced startup.\r\nClick the \"Restart now\" button. Your computer will now restart into the \"Advanced Startup options menu\". Click\r\nthe \"Troubleshoot\" button, and then click the \"Advanced options\" button. In the advanced option screen, click\r\n\"Startup settings\".\r\nClick the \"Restart\" button. Your PC will restart into the Startup Settings screen. Press F5 to boot in Safe Mode\r\nwith Networking.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 9 of 17\n\nVideo showing how to start Windows 8 in \"Safe Mode with Networking\":\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 10 of 17\n\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nWindows 10 users: Click the Windows logo and select the Power icon. In the opened menu click \"Restart\" while\r\nholding \"Shift\" button on your keyboard. In the \"choose an option\" window click on the \"Troubleshoot\", next\r\nselect \"Advanced options\".\r\nIn the advanced options menu select \"Startup Settings\" and click on the \"Restart\" button. In the following window\r\nyou should click the \"F5\" button on your keyboard. This will restart your operating system in safe mode with\r\nnetworking.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 11 of 17\n\nVideo showing how to start Windows 10 in \"Safe Mode with Networking\":\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 12 of 17\n\nEtt fel inträffade.\r\nDet går inte att köra JavaScript.\r\nExtract the downloaded archive and run the Autoruns.exe file.\r\nIn the Autoruns application, click \"Options\" at the top and uncheck \"Hide Empty Locations\" and \"Hide\r\nWindows Entries\" options. After this procedure, click the \"Refresh\" icon.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 13 of 17\n\nCheck the list provided by the Autoruns application and locate the malware file that you want to\r\neliminate.\r\nYou should write down its full path and name. Note that some malware hides process names under legitimate\r\nWindows process names. At this stage, it is very important to avoid removing system files. After you locate the\r\nsuspicious program you wish to remove, right click your mouse over its name and choose \"Delete\".\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 14 of 17\n\nAfter removing the malware through the Autoruns application (this ensures that the malware will not run\r\nautomatically on the next system startup), you should search for the malware name on your computer. Be sure to\r\nenable hidden files and folders before proceeding. If you find the filename of the malware, be sure to remove it.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 15 of 17\n\nReboot your computer in normal mode. Following these steps should remove any malware from your computer.\r\nNote that manual threat removal requires advanced computer skills. If you do not have these skills, leave malware\r\nremoval to antivirus and anti-malware programs.\r\nThese steps might not work with advanced malware infections. As always it is best to prevent infection than try to\r\nremove malware later. To keep your computer safe, install the latest operating system updates and use antivirus\r\nsoftware. To be sure your computer is free of malware infections, we recommend scanning it with Combo Cleaner\r\nAntivirus for Windows.\r\nFrequently Asked Questions (FAQ)\r\nMy computer is infected with Matiex malware, should I format my storage device to get rid of it?\r\nNo, Matiex's removal does not need formatting.\r\nWhat are the biggest issues that Matiex malware can cause?\r\nMatiex is a keylogger - a type of malware capable of recording keystrokes. However, this malware has other\r\ninformation-stealing abilities, such as password extraction, audio recording via device microphones, etc.\r\nTherefore, Matiex infections can lead to severe privacy issues, financial losses, and even identity theft.\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 16 of 17\n\nWhat is the purpose of Matiex malware?\r\nMost malicious programs are used for profit. However, cyber criminals can also use malware to amuse\r\nthemselves, carry out personal grudges, disrupt processes (e.g., websites, services, companies, etc.), and even\r\nlaunch politically/geopolitically motivated attacks.\r\nHow did Matiex malware infiltrate my computer?\r\nMalware is mainly distributed through drive-by downloads, spam emails and messages, untrustworthy download\r\nchannels (e.g., unofficial and freeware sites, Peer-to-Peer sharing networks, etc.), illegal software activation tools\r\n(\"cracks\"), and fake updates. Furthermore, some malicious programs can self-proliferate via local networks and\r\nremovable storage devices (e.g., external hard drives, USB flash drives, etc.).\r\nWill Combo Cleaner protect me from malware?\r\nYes, Combo Cleaner can detect and eliminate almost all known malware infections. It must be mentioned that\r\nrunning a complete system scan is crucial - since high-end malicious software typically hides deep within systems.\r\nSource: https://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nhttps://www.pcrisk.com/removal-guides/18433-matiex-keylogger\r\nPage 17 of 17",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.pcrisk.com/removal-guides/18433-matiex-keylogger"
	],
	"report_names": [
		"18433-matiex-keylogger"
	],
	"threat_actors": [],
	"ts_created_at": 1775434929,
	"ts_updated_at": 1775791200,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/080d943733811dbc368215ae489b05bfcfe95c79.pdf",
		"text": "https://archive.orkl.eu/080d943733811dbc368215ae489b05bfcfe95c79.txt",
		"img": "https://archive.orkl.eu/080d943733811dbc368215ae489b05bfcfe95c79.jpg"
	}
}