Jump to content

WIndows Defender finds HackTool:Win32/AutoKMS, MWB does not


GotBugz

Recommended Posts

I am a licensed user of MWB Premium Edition.

Firefox keeps bogging down my system.  I go to Task Manager and see that it consumes lots of resources.

I ran Windows Defender Offline Scan, and it detected HackTool:Win32/AutoKMS.

I have run (and ran again) MWB many times, and it does not detect this threat.  The engine is up to date.

Windows Defender gave me the following details:

Affected items

file: C:\Program Files\KMSpico\AutoPico.exe

file: C:\Program Files\KMSpico\Service_KMS.exe

file: C:\WINDOWS\System32\Tasks\AutoPico Daily Restart->(UTF-16LE)

regkey: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service KMSELDI

taskscheduler: C:\WINDOWS\System32\Tasks\AutoPico Daily Restart

 

How do I remove this?

Why does MWB not detect it?

 

Link to post
Share on other sites

Hello GotBugz and welcome to Malwarebytes,

AutoKMS is not an an infection per se, it is a tool designed to crack Windows OS and Microsoft Office. Hence Malwarebytes does not list it as a threat, yet Windows Defender does. AutoKMS is usually available at many P2P sites for the very purpose I have described, unfortunately Malware writers do see that tool as an ideal conduit to bundle there infections and unwanted misery...

Run the following and post the produced logs, we can easily create a fix to remove AutoKMS if that is what you want.

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....
Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.