Jump to content

KMSpico


Go to solution Solved by Maurice Naggar,

Recommended Posts

  • Solution

Hello.    Yes, we can wrap this case up / close the case.

To remove the FRST  tool & its work files, do this.  Go to your Desktop folder.  Do a RIGHT-click on FRST64.exe & select RENAME & then change it to UNINSTALL.exe .
Then run that ( double click on it)  to begin the cleanup process.

Delete msert.exe

Delete Securitycheck.exe

Any other download file I had you download, you may delete.

I wish you all the best.  Stay safe.

Sincerely,

Maurice

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Hello.  I have re-opened this thread.  You wrote to say that somehow you see a folder c:\program files\kmspico

You should be able to delete it by navigating to that location, using Windows File Explorer, then selecting that folder, and Delete it.

Another way is thru a Command prompt.

Using a Command prompt.   

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe


and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.

del /s /q "C:\program files\kmspico"

then tap Enter-key to run this command to delete that folder.

Link to post
Share on other sites

You are indicating that the c:\program files\kmspico was deleted.

Question :   Is BITDEFENDER Antivirus Free the installed antivirus ?   if so, have you done a scan with it ?

Question 2 :  Are you logged in to Windows with a login-account that has Administrator-level rights ?

In any event, do all that follows, as much as possible.

We can run a couple of report sets and get information about the  current status  Windows.

This tool will run in Windows , even if you have to do it through an elevated command prompt.

 

1: Please download & Save DDS from this link  and save it to your desktop:

Don't click any flashing ads  ( if any show up).   The download will begin on its own thru your browser.

 

2: Before running DDS, please disable any security software (excluding Malwarebytes ). If you are unsure of how to disable your security software, please skip this step and continue without doing so.

 

3: RIGHT-click dds.com and select OPEN.  (If prompted,  reply YES and allow the tool to run.)

Next click the Start button.

 

This scan will produce 2 logs, DDS.txt and Attach.txt, and save them to your desktop.

When the report has finished, the 2 report files will show in your default text application.

Just Close those 2 windows.

Link to post
Share on other sites

Next suggestion.      

download VEW  by Vino Rosso and save it to your desktop >> from here <<.

Double click on VEW.exe to start the program.

In the Select log to query section, check (tick):

  • Application    
  • System

In the Select type to list section, check:   

  • Critical (not XP)
  • Error
  • Information
  • Warning


In the Number or date of events section, check:
Number of events... then enter 20 in the entry box beside it.

Press the Run button.    After you click that, have lots of patience while it does its run.   It may take several minutes.
A Notepad report will open when done, please save the report.    Then ATTACH it with the next reply.
It is located at %systemdrive%\VEW.txt, usually C:\VEW.txt.

Edited by Maurice Naggar
corrected typo
Link to post
Share on other sites

Thanks for those reports.  I will be getting back to you about them,  For now, a new task.   We really need to do a new run of the System File Checker.

Using a Command prompt.   

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe


and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.

sfc /scannow

press Enter-key to start the run.  Have much patience.   I need to know the bottom line result.

NEXT a set of commands to do a new Search at the command prompt.  COPY & Paste for the following  on the Command prompt

C:

tap Enter-key

COPY & Paste for the following  on the Command prompt

CD \

tap Enter-key

COPY & Paste for the following  on the Command prompt

dir /s kms*.*

tap Enter-key.   This search will take several minutes.   Let me know the bottom line result.

Link to post
Share on other sites

On the result of the DIR search, notice that the first file is in a QUARANTINE folder.   It no longer poses any sort of potential threat.  It will be permanently gone at the point when we do the final cleanups just before closing this case.

The 2nd file is in a sub-folder under the User appdata.    It can be deleted.  This takes a bit of extra work. You need to do all that follows.

What follows is a first step to have Windows 10 show all files and folder. Do not let this spook you out.

There is a how-to at Tenforums. Use either option one or two or three

https://www.tenforums.com/tutorials/7078-turn-off-show-all-folders-windows-10-navigation-pane.html

 

Using a Command prompt.   

On the Windows taskbar ,  on the Windows search box,  type in

cmd.exe


and then look at the entire list of choices, and click on Run as Administrator.

 

It is best to  use COPY & Paste for the following.   paste into the Command prompt window

del /s /q "c:\users\pc\appdata\local\virtualstore\program files\kmspico"

press Enter-key to proceeed.

Link to post
Share on other sites

OK. That folder and its sub-folders should be all gone at this point.

I had you run before a few different scans to check for malware infections.  I believed since a few days ago & still do now believe, that there is no malware at this point.

What seems to me that thare is at this point  ( after you had last run the System File Checker ) are some sort of glitches on Windows.

.

Here is what I suggest to do next.

Open administrative command prompt and type or copy and paste each one of the following command lines  ( one at a time & wait for each to finish before doing the next one:
1)   

sfc /scannow

tap Enter-key to run

2)

dism /online /cleanup-image /scanhealth

tap ENTER-key to run


3)

dism /online /cleanup-image /restorehealth

tap Enter=key to run
4)

sfc /scannow

tap Enter-key to run


5)

findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

tap Enter-key to run


6) When these have completed > right click on the top bar or title bar of the administrative command prompt box > left click on edit then select all > right click on the top bar again > left click on edit then copy > paste into this forum topic   in a reply 


7) Find the new text file on the desktop named SFCDETAILS.txt   and attach that in your reply.

Link to post
Share on other sites

Microsoft Windows [Version 10.0.19041.746]
(c) 2020 Microsoft Corporation. All rights reserved.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>dism /online /cleanup-image /scanhealth

Deployment Image Servicing and Management tool
Version: 10.0.19041.746

Image Version: 10.0.19041.746

[==========================100.0%==========================] No component store corruption detected.
The operation completed successfully.

C:\Windows\system32>dism /online /cleanup-image /restorehealth

Deployment Image Servicing and Management tool
Version: 10.0.19041.746

Image Version: 10.0.19041.746

[==========================100.0%==========================] The restore operation completed successfully.
The operation completed successfully.

C:\Windows\system32>sfc /scannow

Beginning system scan.  This process will take some time.

Beginning verification phase of system scan.
Verification 100% complete.

Windows Resource Protection did not find any integrity violations.

C:\Windows\system32>
C:\Windows\system32>findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt

C:\Windows\system32>
C:\Windows\system32>

sfcdetails.txt

Link to post
Share on other sites

Very good.   Bravo.  This is very good.

Here is what I suggest to do next.

Open administrative command prompt and type or copy and paste the following command line
1)   

winmgmt /verifyrepository 

 into the Command Prompt 

and press the Enter key to perform a consistency check of the WMI Repository.

 

If you see a message message WMI repository is consistent    then  we can stop.

Please advise me of this result.   Also, let me know about the overall situation.

Link to post
Share on other sites

I believe this completes all things that needed to be addressed.  I would urge you to do a new run to Microsoft Windows Update by going into Windows Settings >>>Update & Security >>>  Check for Updates.

I would emphasize that you always make a periodic Backup of your system to offline storage.   Backup is your best friend.

My best to you.

 

Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following for Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.