Jump to content

KMS-R@1n process not detected as suspicious


Recommended Posts

hi all,i hope this is the right place:

 my windows 10 is original, i have Kaspersky internet security 2017 and malwarebytes premium.

i randomly found a process running background called

KMS-R@1n

KMS-R@1nhook

KMS Connection Broker

i know these processes are usually related to windows cracks etc., but 

both malwarebytes or Kaspersky NEVER detected anything on my system or detected these as suspicious, (and i'm pretty sure my w10 license is original), so... explain me please..

i can't bring logs atm

Link to post
Share on other sites

Hello ParanoiaKid and welcome to Malwarebytes..

KMS-R@1n and KMS-R@1nhook are part of a software package designed to manipulate Microsoft software for illegal actions. If those entries are found on your system then they maybe there as part of that descibed package.. Not all security programs will flag those entries, just because they are there does not necessarily mean they are being used. if you have a licenced loaded gun it does not mean you will shoot anyone...

KMS Connection Broker is not part of the package I just describe, that entry is part of Microsoft Windows Operating System. The SppExtComObj.Exe is KMS Connection Broker and is developed by Microsoft Corporation. It’s a system file and usually hidden file. SppExtComObj.Exe is usually located in the %SYSTEM% folder and its size usually approximately 76,800 bytes.

Run the following and post the two produced logs..

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Next,

Select the Windows key and X key together, from the menu select "Command prompt (Admin)"

Copy the following command at the prompt:

Licensingdiag.exe -report %userprofile%\desktop\report.txt -log %userprofile%\desktop\repfiles.cab

put cursor at the command prompt then Right click and select paste, hit enter. Two files will be saved to your Desktop.

Attach the "report.txt" file to your reply. - you can ignore the repfiles.cab file, it's only backup data

Let me see those logs....

Thank you,

Kevin..
Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.