Jump to content
kirazirk

Removal of KMS-R@1n from Windows 10

Recommended Posts

I've had a non legit copy of Windows10 with the KMS-R@1n activator. It's chewing up most of my CPU with the Windows Software Protection Program going at it trying to remove it?  I went about deleting some of reg entries I could find with KMS-R@1n in them manually. I also deleted some files. Still, it, or perhaps something else is causing the Windows Software Protection to use a ton of CPU. I've included logs below. I greatly, greatly, appreciate any help provided on this issue.

 

I also ran some of the fixes posted in other threads for people with similar issues but it appears like it didn't work properly. i'm including a log for that too.

 

Please help me.

Addition.txt FRST.txt AdwCleaner[C00].txt current malwarebyte2.txt

Share this post


Link to post
Share on other sites

Hi,    @kirazirk      :welcome:
My name is Maurice. I will be helping and guiding you, going forward on this case.
Let me know what first name you prefer to go by.

Please follow my directions as we go along.  Please do not do any changes on your own without first checking with me. 
If you will be away for more than 3 consecutive days,  do try to let me know ahead of time, as much as possible. 

Please know that I cannot help you circumvent any software licensing.

 

I notice by the scan report from Malwarebytes for Windows that not all items were check-marked  ( ticked) by yoy so that they can be removed.

Lets do a brand new scan.      One of the major goals here is to have it remove all that it detects.  If it finds anything that is.

Start Malwarebytes from the Windows  Start menu.

Click Settings ( gear icon)   at the top right of Malwarebytes window.   We want to see the SETTINGS window.

Then click the Security tab.   Look for the section "Automatic Quarantine".   Be sure it is clicked On   ( to the far right side)

 

Then scroll down to the section Potentially Unwanted items.   We need the next 2 lines   ( for P U P  & for P U  M)  to be set to "Always ( Recommended) ".

You can make the change by clicking on the down-arrow selection list-control.   We want all P U P  &  P U M to be marked for removal.

 

Next, click the small x on the Settings line   to go to the main Malwarebytes Window.

Next click the blue button marked Scan.

When the scan phase is done, be real sure you Review and have all detected lines items check-marked on each line on the left. That too is very critical.

You can actualy click the topmost left  check-box  on the very top line to get ALL lines  ticked   ( all selected).

 

Then click on Quarantine selected.

Then, locate the Scan run report;  export out a copy;  & then attach in with your  reply.

See https://support.malwarebytes.com/hc/en-us/articles/360038479194-View-Reports-and-History-in-Malwarebytes-for-Windows-v4

.

NEXT   keep going and do this too.

[   2   ]

The Microsoft Safety Scanner  is a free Microsoft stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

Let me know the result of this.

The log is named MSERT.log 

the log will be at  %SYSTEMROOT%\debug\msert.log   which in most cases is

C:\Windows\debug\msert.log

Please attach that log with your reply.

 

 

Share this post


Link to post
Share on other sites

I intentionally omitted them my apologies but can you point any omitted ones you dislike?

Share this post


Link to post
Share on other sites

You need to have the Malwarebytes program remove ALL that it tags !

RiskWare.KMS, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\R@1n-KMS\Office14ProPlus, No Action By User

 

That is riskware

Share this post


Link to post
Share on other sites

These 2 scan reports are good.

I would suggest that you do a scan with a scan tool from ESET  to just only scan the C drive.

scan with the ESET Online Scanner

Go to https://www.eset.com/us/home/online-scanner/

Look on the right side of the page.  Click Scan Now

 

It will start a download of "esetonlinescanner_enu.exe"

 

Save the file to your system, such as the Downloads folder, or else to the Desktop.

 

Go to the saved file, and double click it to get it started.

 

When presented with the initial ESET options, click on "Computer Scan".

Next, when prompted by Windows, allow it to start by clicking Yes

 

When prompted for scan type, Click on Custom scan    ( the choice on far-right side)

 

We want just the C drive to be scanned.

 

In the display "Select custom scan targets"  keep the top 3 lines ticked,  plus the one for the C drive   ( which should be your Windows drive)

 

UN-tick the other drives   ( D, E, F,   etc...)

 

Then click on the blue button "Save and continue"

 

Leave as is   the radio selection "Disable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

 

 

Have patience.  The entire process may take an hour or more. There is an initial update download.

There is a progress window display.

You should ignore all prompts to get the ESET antivirus software program.   ( e.g.  their standard program).   You do not need to buy or get or install anything else.

When the scan is completed, if something was found, it will show a screen with the number of detected items.  If so, click the button marked “View detected results”.

Click The blue “Save scan log” to save the log.  Look for it on the bottom left, in bleu.

 

If something was removed and you know it is a false finding, you may click on the blue ”Restore cleaned files”  ( in blue, at bottom).

Press Continue when all done.  You should click to off the offer for “periodic scanning”.

 

 

 

The goal here is to see if there are suspicious or actual threats on the C drive.

 

 

 

 

Share this post


Link to post
Share on other sites

uhh on the point of 

Quote

Leave as is   the radio selection "Disable ESET to detect and quarantine potentially unwanted applications"   and click on Start scan button.

do I disable eset or enable?

Share this post


Link to post
Share on other sites

I meant to keep it  like it is.    But you may if you want select Enable.

Share this post


Link to post
Share on other sites

I clicked disable, "MsMpEng.exe Antimalware Service Executable" Spikes up when I am scanning right now. maybe windows is doing it in the background but it spikes up to 20% or so cpu usage.

in separate note unrelated to the scanning I found when I click these(attached) when I search activation in windows settings, Windows Software Protection Program(sppsvc) spikes up alot and freezes (doesnt load the activation settings and doesnt check windows license).

39268b28469dfece72aa6f7e712b8b9d.png

Share this post


Link to post
Share on other sites

Msmpeng is Windows Defender.   Lets ignore any spikes if you are looking at Task Manager.

Anything related to the Windows license activation  I will need to refer you to the resources at Microsoft.

Share this post


Link to post
Share on other sites

I am asking about the license cause I just want to remove the pirated activation from my pc (cause It says to me its activated RN,) and use my legit key cause you know.

Share this post


Link to post
Share on other sites

I can help on looking for malware & removing malware if found.   Therefore my view is to do & finish the ESET scan , which will likely help.

If you only have a license issue then use the more appropriate resources at Microsoft Answers forums

https://answers.microsoft.com/en-us/windows/forum/all/windows-10-activation-issue/

Share this post


Link to post
Share on other sites

nope no activation issues just that I noticed that the malware is still running somehow and spiking sppsvc to 35% usage and hogging my pc. therefore making it something I need to remove. scan is almost over. thanks alot for the guiding btw.

Share this post


Link to post
Share on other sites

If you ssert ( think ) there is a malware ....then kindly do like I suggested in my prior reply.   Lets get that done.   We can do other scans later.

This forum is for malware removal help.

also,  as I suggested, do not glom on to a display in Task Manager.

I suggested  the ESET scan.

Share this post


Link to post
Share on other sites

Thanks for the ESET report.   That cleaned up one file.

Let's go forward and run this, next.

Check this system using another free tool at Microsoft.  For another opinion.

The Microsoft Safety Scanner is a free stand-alone virus scanner that  can be used to scan for & remove malware or potentially unwanted software from a system.

The download links & the how-to-run-the tool are at this link at Microsoft

https://docs.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download

 

take a minute to locate & then send the log that it made, named msert.log

It should be at C:\Windows\debug\msert.log

 

[    2    ]

After that,  a scan with the Windows Microsoft Defender antivirus.

This is one way to do a manual scan using the Microsoft Windows Defender antivirus.

From the Start menu, select Settings, then select Update and Security.

Next, look at the left-side menu & select Windows Security

image.png.53b8290f51fb52ad1f67f2be5d1a7198.png

 

Next, In Windows Security section:  Click on the grey button Open Windows Security

 

image.thumb.png.770ff10e37da546f33963da571bd3378.png

.

Now, click on the shield Virus and threat protection

By the way, when you see a green check-mark on your display, it means a good status  and that  protection is on.

 

 

 

image.thumb.png.d3c40d161bda6630f463e83ce53f9782.png

 On the next display,  look at all the options.   Look down the list and see "Check for Updates" which I have highlighted with a blue icon.

You can click on that to have the system check for updates for Windows Defender.

Please also note that the Scan options (all) can be displayed by clicking on Scan options.  ( You can do Quick, Full, or Custom).

 

image.thumb.png.1bfbd5b3023eeabe0dbea2025a5fa556.png

 

Share this post


Link to post
Share on other sites

The MSERT is from the Safety Scanner.   That report is all good.   No infection, no virus.

The Offline scan for Windows Defender is just a scan done in a special mode.

See https://support.microsoft.com/en-us/help/17466/windows-microsoft-defender-offline-help-protect-my-pc

Share this post


Link to post
Share on other sites

Good afternoon.   Is there something that you need help with at this point ?

Share this post


Link to post
Share on other sites

Help plz I have internet and its stopping the server communication.

98c289403008b02170ec57acf78f263d.png

Share this post


Link to post
Share on other sites

We here do not have any "fixes" on a situation like this that involves the Windows license.

We here can help on hunting and looking for malware & removing malware if found.

The last scan with the Microsoft Safety scanner did not show any virus or infection.

Plus you just reported 

Quote

windows didnt detect any threats with its scanning

.

These are some other diagnostic  report tools.

 

MGADiag.
Please download from HERE and save to the desktop.

Right click on MGADiag.exe > Run as Administrator to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file MGADiag.txt and post it in your next reply.


[      2      ]
CKScanner by askey 127.
Please download from HERE and save to the desktop.

Right click on CKScanner.exe > Run as Administrator to run it and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

By the way,  Look to see if there is a Windows System restore point from before when this current trouble first started.

If there is such a saved Restore point,  you may consider restoring back to it.

Other questions:

Did this machine come pre-loaded with Windows 10 ?

and

Look all around the machine's case.  Is there a sticker from the manufacturer with a Certficate of Authenticity ?   if so, look for the Windows License Key.

Just please do not make mention of that license key here.

Share this post


Link to post
Share on other sites

this is not a prebuilt its a used pc that used to have windows 10 but I reinstalled with the kms r@in thingy, theres no restore point this problem is from the start I just decided to try to solve it now.

Share this post


Link to post
Share on other sites

I very much regret to read all of that.   Needless to remark, one wished you never ever got the kms r@in thingy.

The latter overlayed whatever prior trace of a license there was.   ☹️

If you do not find a Certificate of Authenticity with the license key,   then only thing left is for you to purchase a Windows license.

Or else,   see if there is a manufacturer's  System restore partition on the hard drive.   If so, it may be possible to restore the machine to day 1  state as it came out of the factory.

Check with Asus support about possibility of Factory Restore on their Z170  machine.

Of course, you would want to first save all your personal files & documents before any factory restore.

After any such factory restore, then if the machine reverts to Windows 7 or 8.1   ( with a valid Microsoft license)   then later it can be upgraded / updated to Windows 10.

These are possibilities.   But I thought you were going to run the 2 tool-reports I listed earlier this afternoon.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.