Jump to content

SPPEXTCOMOBJHOOK.DLL - KMS Virus years after installing windows?


Go to solution Solved by kevinf80,

Recommended Posts

Hello,

I have had Malwarebytes premium since February 2020 and I built this computer in 2015.

Today when running the scan at windows start, Malwarebytes found a threat (see attached log). Looking this up on Google/Reddit/this forum it appears to relate to some AUTOKMS program to activate windows. I'm not sure why this was found now but I recall downloading the iso for Windows 7 from Microsoft and buying a key through my university (I upgraded to windows 10 when it was free to do so from Microsoft). I'm also puzzled why it was found today but never before since February 2020.

I appreciate any advice to ensure this problem is removed from the computer.

I've attached a subsequent scan (attachment #2) showing the results after moving the detection to quarantine. 

Unfortunately, I can't run Farbar Recovery Tool as Windows prevents it from running (see attached screenshot).

Thank you in advance.

Screenshot - FBAR.png

Malwarebytes threatscan 2021-12-07.txt Malwarebytes threatscan 2021-12-07 #2.txt

Link to post
Share on other sites

  • Solution
Hello Raptor021 and welcome to Malwarebytes,

Run the following scan, lets see if anything shows up:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The tool will also make a log named (Addition.txt) Please also attach that log to your reply.


If necessary:

Disable smart screen ONLY if it interferes with software we may have to use:

https://support.microsoft.com/en-us/microsoft-edge/what-is-smartscreen-and-how-can-it-help-protect-me-1c9a874a-6826-be5e-45b1-67fa445a74c8

Please remember to enable when we are finished....

Next,

Disable any Anti-virus software you have installed ONLY if it stops software we may use from working:

https://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Please remember to enable AV software when we are finished running scans....


Thank you,

Kevin
Link to post
Share on other sites

Hiya Raptor021,

I do not see any reference to any entries related to any form of AutoKMS in your logs.

Sppextcomobjhook.dll is a file that is installed on a system when the user runs software crack tools (AutoKMS) and other license activators intended to crack MS Windows and/or MS Office. Due to this reason, a lot of security software providers flag Sppextcomobjhook.dll file as malware.

Yours may have been a remnant from the past, Malwarebytes has flagged and subsequently removed it. Why it waited so long I`m not really sure. regardless of that fact your system is clean, no need to be concerned...

Unless you have any remaining issues or concerns continue to finish up:

Right click on FRST here: C:\Users\Lucas\Downloads\FRST.exe and rename uninstall.exe when complete right click on uninstall.exe and select "Run as Administrator"

If you do not see the .exe appended that is because file extensions are hidden, in that case just rename FRST to uninstall

That action will remove FRST and all created files and folders...

Next,

Condsider the following:

Disable Remote Desktop: https://www.tenforums.com/tutorials/92433-enable-disable-remote-desktop-connections-windows-10-pc.html

Disable Windows Telemetry: https://helpdeskgeek.com/windows-10/how-to-disable-windows-10-telemetry/

Malwarebytes Browser Guard (Free) for Firefox: https://addons.mozilla.org/en-GB/firefox/addon/malwarebytes/

Malwarebytes Browser Guard (Free) for Chrome: https://chrome.google.com/webstore/detail/malwarebytes-browser-guar/ihcjicgdanjaechkgeegckofjjedodee Will also work for Opera and Edge..

PatchMyPC, keep all your software upto date - https://patchmypc.com/home-updater#download

From there you should be good to go...

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.