Trojan.AutoKMS

Logo_Malware
AutoKMS is a Key Management Service (KMS) activation tool. Based on the volume license activation policy, AutoKMS is a utility of cracking of Microsoft products. Based on volume license activation policy, AutoKMS is a utility to cracking of Microsoft products. Curiously it is often used to hack Microsoft Office even though there is a free Open-Office suite. Find on 11/24/2010.

Features:

-It belongs to a family of trojans with feature of hijacker.
-A Trojan horse is an unwanted program that installs without the knowledge of the user.

Main actions :

– It installs as a process launched at startup of the system (RP),
– It installs as a service to be launched each time the system (O23),(SS/SR).
– It starts a task planned in automatic (O39),
– It installs a process of variable size to the level of the root system (O44)
– It creates a legacy key (O64),
– It creates an active incoming connection in the application of the firewall Windows exceptions (O87),

ZHPDiag report:

– (.. – AutoKMS.) — C:WINDOWSAutoKMS.exe
– (…) — C:WINDOWSKMService.exe
O23 – Service: (KMService) . (…) – C:WINDOWSsystem32srvany.exe
O39 – APT:Automatic Planified Task – C:WINDOWSTasksAutoKMS.job
O39 – APT:Automatic Planified Task – F:WindowsTasksAutoKMSDaily.job
(…) — C:WindowsAutoKMSAutoKMS.exe
(…) — C:WindowsAutoKMSAutoKMS.exe
O44 – LFC: – 08/11/2010 – 20:34:34 —A- . (…) — C:WINDOWSAutoKMS.ini
O44 – LFC: – 08/11/2010 – 20:32:28 —A- . (.. – AutoKMS.) — C:WINDOWSAutoKMS.exe
O44 – LFC: – 27/05/2013 – 21:57:01 —A- . (…) — C:WindowsKMSEmulator.exe
O64 – Services: CurCS – C:WINDOWSsystem32srvany.exe – KMService (KMService) .(…) – LEGACY_KMSERVICE
O87 – FAEL: “TCP Query User{E3244365-7AC4-42B5-B1E3-7CF124A36877}C:windowskmsemulator.exe” | In – Public – P6 – TRUE | .(…) — C:windowskmsemulator.exe
O87 – FAEL: “UDP Query User{0DABD561-7555-4CB0-9A97-3E61FB221174}C:windowskmsemulator.exe” | In – Public – P17 – TRUE | .(…) — C:windowskmsemulator.exe
SR – | Auto 06/10/2010 8192 | C:WINDOWSsystem32srvany.exe (KMService) . (…) – C:WINDOWSsystem32srvany.exe

C:WindowsKMSEmulator.exe

Documentation:

KMS (Key Management Service) – Déploiement & Configuration

Alias:

RiskWare.Tool.CK
HKTL_KEYGEN
Hijacker.Office
TR/Dropper.Gen
a variant of Win32/HackKMS.B
Trojan.Click2

Remove:

Remove with ZHPcleaner

Diagnose with ZHPDiag

1 Vote2 Votes3 Votes4 Votes5 Votes (No Ratings Yet)
SOSVirusLoading...

Leave a Comment