Jump to content
MarioF3

I need help with R@1n-KMS removal...

Recommended Posts

So I have seen similar other topics with same issue, and decided to try to ask you here for help since all the topics I have seen went great.
I got a PC that with Windows 10 that was never activated, at one point my PC was borrowed for some time, friend needed It for college.
He saw that my win version is not activated and thought he'd be doing me a favor by activating it with pirated software... 😑
And no he did not, I don't care about the activation, at least not now, It is just not needed for me, and if I would need it I would much rather buy the legitimate version instead of having to deal viruses, slow boot up times, constant fear of losing my data or having it stolen like I have to now.

So long story short, I have downloaded "Farbar Recovery Scan Tool (FRST) - Fix mode" like it was recommended it most other topics and ran the scan.
But I don't really understand or know the next steps, I know I need to read those txt files and find all the things that are connected with that KMS activation tool but I really don't know which files are clean, or good, and which are not or need fixing. 
And I don't want to screw up my OS or anything installed or any data that I have.

So I would be really grateful for some help with my issue.
Thanks!

Share this post


Link to post
Share on other sites

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please post the FRST.TXT and the Addition.txt logs that were created by running the Farbar program.

Wait for further instructions.

Share this post


Link to post
Share on other sites

Hi,

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Share this post


Link to post
Share on other sites

Okay, here it is.

 Fixlog.txt


During reboot I noticed the boot time is still very long, it lasted about 3 minutes and 50 seconds.
And it seems that it gets few seconds longer at each new boot/reboot, either from shutdown or restart, it makes no difference.
At the beginning of using it the boot time was 5-10 seconds, and after some time it just started to steadily get longer and longer.


I have Samsung M.2 SSD 970EVO for Windows Os, and its not even half a year old, and I have checked it with official "Samsung Magician" software and there are no problems with it.
And I know the problem is not in other hard drives or any of the peripherals, because I tried to boot it without any of it and the boot time stays the same.
I also googled form months for fix and tried many different "fixes" (Malware or Virus Problems, Windows Fast Start, Uninstalling Programs, Updating/uninstalling Drivers, Tons of different Tweaks, Checking Registry Stuff and Services, I have tried everything that I could find), unfortunately none of them helped...and my boot time is just getting longer each time.

My system specs are:

OS
    Windows 10 Pro 64-bit
CPU
    Intel Core i5 7600K 3.80GHz   
RAM
    16,0GB (2x8 Gb) Dual-Channel 2400MHz (14-CL)
Motherboard
    Gigabyte Z270-HD3P
Graphics
    (1920x1080@60Hz)
    NVIDIA GeForce GTX 1060 6GB (EVGA-Superclocked)
Storage
    240GB NVMe Samsung M.2 SSD 970 EVO  <---(Windows)
    240GB KINGSTON SA400S37240G SSD
    1000GB Western Digital WDC 

So I really think there is something wrong going on...

And the other thing, after the reboot I didn't get the watermark back on my desktop, so I'm not sure if that activation tool virus was removed...

Share this post


Link to post
Share on other sites

Hi,

Run the Farbar program one more time.

Post the FRST.TXT and Addition.txt logs for my review.

Make sure the box to create a fresh Addition.txt log is checked.

Share this post


Link to post
Share on other sites

Hi SPDIF

I am aware about that update and it's problems, and my problem is not related to that.
I have been having my boot time issue long before that update, and I didn't even ever used any of those antiviruses.
And even on my Win 10 Install (On my other SSD-Kingston A400 240 Gb) that I had from the beginning of last year I had the same slow boot problem.
That was actually the main reason why I bought the Samsung M.2 SSD 970 EVO and made a new fresh Win 10 install not even half a year ago...and now its happening again. 😕


Hi nasdaq
Here are my latest Farbar files.
And thank you for taking the time to try to help me.

FRST.txt

Addition.txt

Share this post


Link to post
Share on other sites

Hello
Thanks for the recommendations.
These are the results:

1.Disable Fast Boot.
It was always disabled, and that option is not available anymore for me, I noticed it was not there for me since the last Windows update.

ScreenShot005.jpg.fd293b1b4842c919061d98ccd1a7d329.jpg

 

2. Adjust Virtual Memory Settings.
Now this is weird...Could this be the culprit of slow boot?
If I leave it at "System Managed Size" it sets a very low amount of Virtual Memory (1024 MB) and every time I go into the Performance Options>Virtual Memory and click on "Change" I get this pop up window. 

ScreenShot004.jpg.4b3cffa86de10162c5b74ac3e4c023b4.jpg

If I set it to "Automatically manage paging file size for all drives" Windows creates paging file on my C (SSD) drive instead B (M.2-SSD, My windows drive)

ScreenShot007.jpg.66474da35d79316b1b1ebae4db0522ca.jpg

And if I try to choose the custom size (which I would prefer), and put the recommended size, after restart, and at every log on I get that same pop up windows saying that Windows created temporary paging file because of some problem, and then it switches to system managed automatically.
I also get the same result with putting any other size, like in example 16384, 8192, 4096, 2048.
And also, any of these options does not change the boot time, it is slow in any of these ways.
So as I see it there is something wrong with the paging file/virtual memory, be it connected to the slow boot or not.


3. Turn Off the Linux Terminal.
It was off already.

4. Update Graphics Drivers.
Always have latest graphics updates.

5. Remove Some Startup Programs.

I am always checking that at install of any new software, there are always only essential programs enabled at startup.

6. If All Else Fails, Perform a Reset.
Really not an option right now since I cannot clone my Windows drive to another to have a identically working backup if I lose all my work.

I am really getting desperate, it seems more and more like it is impossible to find why is slow boot happening... 😕

Share this post


Link to post
Share on other sites

Hi,

5. Remove Some Startup Programs.

I am always checking that at install of any new software, there are always only essential programs enabled at startup.

Boot in Safe Mode with Networking. Only the Operating system file will be started.
Is the boot time better?

Share this post


Link to post
Share on other sites

Hi,

This topic has just been published.

https://www.bleepingcomputer.com/news/microsoft/windows-april-updates-also-have-problems-with-mcafee-software/

It may not be the reason for your slow boot but who knows.
===

Check to see if you have received this Windows Update KB91465

Just let me know. It may not apply to you but I just taught I would mention it.

p.s.
Was McAfee or Avast previously installed on this computer?
===

Lets check your Master Root Record.

Read carefully and follow these steps.
TDSS

  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

  • If an infected file is detected, the default action will be Cure, click on Continue.

  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.

  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


===

Share this post


Link to post
Share on other sites

Hello
I have checked the topic and I don't think it is the reason since I never had any of those Antiviruses (Sophos, Avast, AVG, McAfee).
I also checked my Windows 10 update history and did not find the KB91465 update.   Should I have it?   When I click "Check For Updates" it seas I'm up to date.

Since the new fresh install of Windows 10 I have had only Windows Defender for protection and Malwarebytes-Free Version for additional malware and other stuff protection and cleaning that may slip pass by defender.
About two weeks ago I have also installed Total AV, and Bitdefender Antivirus (both free versions, and NOT both at the same time) to see if those programs can fix my KMS malware problem and maybe also fix my slow boot time but with no luck, so I uninstalled them.
My slow boot problem is present for over 4 months now and, as I said, I only had Win Defender and Malwarebytes from the fresh Win install to a few weeks ago. 😕

I have scanned with TDSSKiller and these are the results:

ScreenShot001.jpg.c95e79058142945ee9e41cbc321ec21b.jpg

The log is quite long so I pasted it in txt file, but if you still want me to paste it here as text let me know.
TDSSKiller Log.txt

Share this post


Link to post
Share on other sites

Hi,

Download the Systemlook appropriate for you system.

SystemLook (32-Bit Version) or SystemLook (64-Bit Version)

  • Double-click SystemLook.exe/SystemLook_x64.exe
  • to run it.
  • Copy and paste the content of the following bold text into the main textfield:
    :regfind 
    R@1n-KMS;KMS
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


===

These Security program do not give easy.

Bitdefender
Download and run their uninstaller tool from this site.
This will remove all traces of the program.
https://www.bitdefender.com/uninstall/

Restart the computer when the removal is completed.
===

I cannot find an uninstaller for Total AV

Use this program to remove all traces.

Please download the free version of Revo Uninstaller Portable from here and save the compressed file to your computer's Desktop.

  • Double-click the compressed file RevoUninstaller_Portable and extract the files within it (it will be created a folder with the same name);
  • Within that folder, right-click the file RevoUPort and select Run as administrator to open the tool;
  • Click Yes to accept the UAC security warning that may appear;
  • Click OK to accept the License Agreement and Copyright;
  • Select 'The Program to Remove' and click Uninstall. Follow the instructions to complete the removal process;
  • In 'Search Mode' set it to 'Advanced' and click on the Scan button. The tool will search for leftovers;
  • Click on Select All and then on Delete and then Yes to delete the selected items;
    Note: You may have to repeat this step to delete all the leftovers (Registry items, files and folders);
  • Click the Finish button and restart the computer to complete the removal process.

After a restart of the computer let me know if the problem persists.

 

p.s.

All files reported by the TDSSKiller are good.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.