Jump to content

Recommended Posts

Hello, i have a problem with my windows licence expiration, a message appears when i start my pc. i saw on internet that it comes from kms activator that i used to crack microsoft office and i accidently clicked on the button "activate windows". Can you help me please, Thanks

Addition.txt FRST.txt

Link to post
Share on other sites

Hi,     :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

 

Please know that I cannot be a party to evasion of licensing for Microsoft software or any other software.   What I can do is guide you to look for malware & to remove it when found.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 
  
Please only just attach   all report files, etc  that I ask for as we go along.

 

What is the name of the latest files you downloaded & where are they ?   what were they ?

 

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system. 
The download links & the how-to-run-the tool are at this link at Microsoft 
https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download 
  
Let me know the result of this.
The log is named MSERT.log  
the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is
C:\Windows\debug\msert.log

Please attach that log with your reply.
 

Link to post
Share on other sites

Hi Maurice, thank you to helping me, you can call me Larry.

-What is the name of the latest files you downloaded & where are they ?   what were they ?

I downloaded games on steam and KMSAuto Net 2015 v1.3.8 Portable to crack microsoft office but it contains windows activator too so i deleted it, not sure if i deleted it completely that's why i have the message of windows licence expiration. When i go to settings, it shows that windows is activated using your organization's service.

 

msert.log

Link to post
Share on other sites

Thanks for the log from the Safety Scanner.   It found & removed the "autokms"  & also found a couple of other malware.

Found HackTool:Win32/AutoKMS, partially removed.
Found HackTool:MSIL/AutoKMS and Removed!
Found HackTool:MSIL/AutoKMS.I!MTB and Removed!
Found Trojan:VBS/Miner and Removed!
Found Trojan:Win32/Vigorf.A and Removed!

 

Some other follow-ups.   The Version of Malwarebytes for Windows on this pc is old.   I would like for you to get and apply the latest release version 4.1.0

Start Malwarebytes for Windows.

Start Malwarebytes.  Click the Settings icon at the top.  Look on the General tab.

Find & click the button marked "Check for Updates".

Have lots of patience  /  Follow all the prompts /   we need to be sure your Malwarebytes is the latest release.

Report to me the results, please.

Click on the About tab.

Do you see on there  "COMPONENT Package"    1.0.896

 

NEXT

 

Run a scan with Malwarebytes.
Start Malwarebytes from the Windows  Start menu.
Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.
Then click the SECURITY  tab.
Scroll down and lets be sure the line in SCAN OPTIONs for "Scan for rootkits" is ON
Click it to get it ON  if it does not show a blue-color
Now click the small X  to get back to the main menu window.

Click the SCAN button.
Select a Threat Scan ( which should be the default).
When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.
Then click on Quarantine selected.

Be sure all items were removed. Then too, Repeat the scan one more time. It does not take long.
and again, be sure all detected items are removed.

Let it remove what it has detected.
Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.
See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4
 

Link to post
Share on other sites

thank you to show me what i have to do👍

-i have the latest version now

 

version.png.aa8574bd2b5dafcfadb87b22d017b8bc.png

-i activated the rootkits

 

rootkit.png.b1f3db1f8fe2736358d554a396c2089f.png

 

and scanned 4 times then restarted my pc but the licence message shows again.

the virus is always there?  or i have to find a way to disable the message maybe?

 

latest report.txt old report.txt

Link to post
Share on other sites
Posted (edited)

Thank you for the latest Scan report by Malwarebytes for Windows.   You did very well.

This result is excellent.   No malware / no P U P

 

I would suggest a free scan with the ESET Online Scanner
Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now

It will start a download of "esetonlinescanner_enu.exe"

Save the file to your system, such as the Downloads folder, or else to the Desktop.
Go to the saved file, and double click it to get it started.

When presented with the initial ESET options, click on "Computer Scan".
Next, when prompted by Windows, allow it to start by clicking Yes
When prompted for scan type, Click on Full scan

Look at & tick  ( select )   the radio selection "Enable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.
You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.
When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.
Click The blue “Save scan log” to save the log.

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).
Press Continue when all done.  You should click to off the offer for “periodic scanning”.

Edited by AdvancedSetup
corrected font issue
Link to post
Share on other sites
Posted (edited)

The ESET scan found & removed 4   potentially unwanted applications.   Take lots of care if you download anything.

Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

.

As far as any message about the Windows operating system license you will need to go to another venue.

Here, I can help you on looking for malware & if found to remove it.

.

Please download RogueKiller (x64) using the link below.
→ http://download.adlice.com/api?action=download&app=roguekiller&type=x64
⦁    
⦁    Save the file first,
⦁    Close any running programs that you started on your own ( if any).
⦁    Please disconnect any USB or external drives from the computer before you run this scan!

Double-click  RogueKillerx64.exe to run the program.
Follow the prompts. If a browser window opens, close the window.

In the HOME tab, click Scan button
Next, on the Quick scan pane, click om the Start button to proceed.
.
Upon completion, a browser window may open. Close this window.
 Important: Please do not have RogueKiller remove any detected items.
Click the HISTORY tab followed by Scan Reports.
Double-click the scan log. Click Export TXT, enter a filename and save the file to your Desktop.
Please attach the file in your next reply.
 

Edited by Maurice Naggar
Link to post
Share on other sites

Thank you for the report from RogueKiller tool.

Please disconnect any USB or external drives from the computer before you run this scan!
Find where you saved the Roguekiller_portable64.exe

That is on the D drive   _  _  _      D:\idm\Programs


Do a Right-click with your mouse on  RogueKiller_portable64.exe   and select Run as Administrator.

If prompted by Windows, reply Yes to have it proceed.
From the left-side list of options , click the Scan icon.

Next, look on the left-side pane “Advanced Scan”   & then click the Scan button.
The advanced scan should take something like under 30 minutes to run.

After the scan finished,   then click the Results button.


press the “Removal” button to start removal.
We want it to remove all items it tagged.

Have the app remove all that it has found.
Click the Removal button.

After a removal, only selected items are displayed and their status is updated with what the engine did with them.
 

The Removal report is  made available with the “Report” button.
Please use the Report function.  Save a copy of it and attach with your next reply.
When done, click the Finish button and exit the tool.
 

Link to post
Share on other sites

Allright.   Thanks for the report from Roguekiller.   That should has removed the threats found by it.  The situation ought to be better.

 

As to "windows license"  & activation, there is very little we can do about that.  Except to point you to outside venues, like Microsoft.

Look around the case of your computer hardware.  Do you see a sticker "Certificate of Authenticity" ?   with the Windows License key.

( just do not write that here ).

.

TrendMicro HouseCall scan
https://www.trendmicro.com/en_us/forHome/products/housecall.html


First, Download & Save to your Downloads folder the appropriate HouseCallLauncher

Once the download is complete, go to where the Housecalllauncher is saved & double-click it to start it.
The program will check with TrendMicro & do a update run.

Next it will show the Disclosure window.
Click Next to proceed.

The end user license agreement is presented.   Click the Accept radio button & click Next to proceed.

IF you wish a Full scan or a Custom scan, first click on the Settings
then you can select which drives you want to include in the scan.
The default is a Quick scan.
Click Scan now when ready.

The scan progress will then be displayed.   Monitor the progress or just leave it alone until it finishes this phase.

When the scan phase has completed, if any items are tagged, you will see a list, showing  the file & its location, the classification of the threat, the type, risk, and Action option.
If you see an item that you know is safe, you can click the Action  , and select Ignore.
When all done & ready, click the Fix now button.

Link to post
Share on other sites

i did the scan, there is 0 detection,  i found my windows licence key and reactivated it and the message doesn't appear now. My pc works no problem now, thank you very much👍

Link to post
Share on other sites

I appreciate the good news.   I will mark this case for closure.

You may delete  RogueKiller_portable64.exe

You may delete the ESET download file    esetonlinescanner_enu.exe

You may delete msert.exe

To remove the FRST64 tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

.

Backup is your best friend.  Keep backups of your system on a regular basis to offline storage & keep those safe. https://forums.malwarebytes.com/topic/136226-backup-software/

It is not enough to just have a security program installed. Each pc user needs to practice daily safe computer and internet use.

Best  practices & malware prevention:
Follow best practices when browsing the Internet, especially on opening links coming from untrusted sources.
First rule of internet safety: slow down & think before you "click".
Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Free games & free programs are like "candy". We do not accept them from "strangers".

Never open attachments that come with unexpected ( out of the blue ) email no matter how enticing.
Never open attachments from the email itself. Do not double click in the email. Always Save first and then scan with antivirus program.

Pay close attention when installing 3rd-party programs. It is important that you pay attention to the license agreements and installation screens when installing anything off of the Internet. If an installation screen offers you Custom or Advanced installation options, it is a good idea to select these as they will typically disclose what other 3rd party software will also be installed.
Take great care in every stage of the process and every offer screen, and make sure you know what it is you're agreeing to before you click "Next".

Use a Standard user account rather than an administrator-rights account when "surfing" the web.
See more info on Corrine's SecurityGarden Blog http://securitygarden.blogspot.com/p/blog-page_7.html
Dont remove your current login. Just use the new Standard-user-level one for everyday use while on the internet.

 
Do a Windows Update.

Make certain that Automatic Updates is enabled.
https://support.microsoft.com/en-us/help/12373/windows-update-faq

 

Keep your system and programs up to date. Several programs release security updates on a regular basis to patch vulnerabilities. Keeping your software patched up prevents attackers from being able to exploit them to drop malware.

For other added tips, read "10 easy ways to prevent malware infection"

.
I wish you all the best.

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.