dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
127296
share rss forum feed

cerdan

join:2008-01-02

C:\Windows\AutoKMS.exe a real threat?

Malwarebytes found the file and said it's a threat. Ran the file through Jotti's and 7 out of 19 scanners said it's a threat. Any thoughts? Thanks!



trparky
Apple... YUM
Premium,MVM
join:2000-05-24
Cleveland, OH
kudos:2

1 recommendation

From a quick Google search I'd say... REMOVE IT!
--
Tom



Name Game
Premium
join:2002-07-07
Grand Rapids, MI
kudos:7
reply to cerdan

YUp..remove it then scan your PC again with malwarebytes.

Most likely your's is this one..

File Name : AutoKMS.exe
File Size : 416522 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : cad828e8083941389e86f5b791b9031d
SHA1 : 6d215f0b8d8cd77007947c447f58a952b931ed45

See also
»forums.mydigitallife.info/thread···./page68

--
Gladiator Security Forum
»www.gladiator-antivirus.com/


cerdan

join:2008-01-02

I have this:

Filename: AutoKMS.exe
File size: 446258 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: a351f99236a011d4027886215b843317
SHA1: 03cac73f60187df5fef3aa71414e3221d65c1892
Packer (Drweb): UPX
Packer (Kaspersky): PE_Patch.Upolyx, UPX


cerdan

join:2008-01-02

I cleaned it up, rebooted and then rescan. Malwarebytes found 2 more. Are these false alarms?

Filename: Msvcrt.dll
File size: 116224 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: b0733802ac603fd955259f42fcb24207
SHA1: a966bf7962f7874ea9892ee9bb9ed334c54276b7
Packer (Drweb): UPX
Packer (Kaspersky): UPX

Filename: Shfolder.dll
File size: 11776 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 30a64194e2e4aa356803bc0686aa5463
SHA1: dcb76a28fdcb7a3d88c0e609359d23e6e351acce
Packer (Drweb): UPX
Packer (Kaspersky): UPX



dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
kudos:5
Reviews:
·Comcast
reply to cerdan

It wouldn't hurt at all just to make sure no other problems with your computer to go through these steps, then post in the forum for further advise.

»Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance



autokms

@arcor-ip.net
reply to cerdan

This is an Office activation crack. All of the viruses report it as a keygen - it's "antipiracy" detection, not malware detection.

That's AVs doing the dirty work for Microsoft - that's not security protection. That's why it's detected as a hacktool/keygen and not as a malware (from the horse's mouth).



Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:12
reply to cerdan

Filename: Msvcrt.dll (280k)
Filename: Shfolder.dll (22k)

Those are valid system files! (I have both)

I dont know what would happen if ya remove them!