Support Forums

Full Version: Used Microsoft Office Activator Beta 1,2 or 3+? VIRUS! AutoKMS.exe [Please Read]
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3
Thank you.
Thanks for the heads up man, but did you tried to check what that executable file is?(RAT, Keylogger, virus, worm)
(10-08-2010, 05:47 PM)GLO13AL_T3RROR Wrote: [ -> ]Thanks for the heads up man, but did you tried to check what that executable file is?(RAT, Keylogger, virus, worm)

I tried, I am not too sure but its a trojan. Not a Virus at all. 100% Sure about that one mate.
I honestly don't think it's anything to worry about at all. Anti-virus goes off just because when it executes it modifies the LMHOST file. If there were something in the file it would be deleted. It never is with Norton 2011. It just blocks the LMHOST mod. This mod is necessary during the authentication process to keep the data heading to the local KMS server that is used to perform the activation.

I've looked at the code and monitored data connections...not anything to be worried about. And it works great.

Peace out.
If anyone stumbles on this while using some google-fu, please let me clarify a few things with insights from an *actual* software developer.

OP:
*blah blah blah*
Then your safe, it wanted to access my system but strangely my anti-virus didn't detect it... But Visual Studio 2010 Ultimate DID.
It wanted to debug itself at startup, which is really fcked up.


When reading the above, you might feel compelled to believe the OP knows what he's talking about, but it actually demonstrates that he doesn't. (It also demonstrates that he has programming ambitions, but is actually too lazy to get serious about it, since he's confusing an intermediate topic such as a debugger, with him actually "decompiling code" and all that. Fascinating. Really.)

First of, when OP was installing Visual Studio with all bells and whistles, he automagically installed something called a "run-time debugger". Sh*t kicks in when a program crashes and fails to execute, and helps with "debugging" the problem --> it can show a bunch of data used by the program at the time of the crash. In order to do this, the regular "Error: sh*t is crashing!" window gets replaced by a fancy "would you like to debug this crash with Visual Studio?" window, for each and every program that crashes.

The fact that AutoKMS.exe crashed has nothing to do with it being dangerous or not. It crashed, and Visual Studio asked if it could help, and OP didn't know what was happening and assumed A) the program started to "debug itself"! B) it's a virus/spyware/trojan/whatever! C) My Visual Studio knows how to detect stuff! (<-- that one's quite funny, actually. ^^;)

Now, on to the fact whether AutoKMS.exe is dangerous or not:

- did you install an illegal copy of MS Office 2010?
If the answer is yes, then you're relying on AutoKMS.exe to extend your activation beyond 180 days. Without it, your illegal Office will start complaining about not being activated after 180 days.

- could it be dangerous nonetheless?
All software is potentially dangerous, but this particular item is created by someone with a pretty decent reputation (for a pirate). Since his/her (you can never be sure nowadays) motivation is "gain reputation" instead of "gain profit", you're pretty safe.

- my AV said it's dangerous
Where did you get your illegal Office? Some shady website or P2P network that you're not familiar with? Possibly, the file has been infected by someone who *is* out for profit, but chances of that happening are rather low (10% low, not 0.001% low). If your AV says it's a "keygen/hacktool", well.. it is. That's why you have it. To generate a key and hack MS Office every few days so it doesn't stop working after 180 days. If your AV says it's a trojan/backdoor/spyware etc., it could mean the file was modified to include such things. This would put you in the 10% category.

- so I'm in the 10% category, now what?
You have 3 tasks at hand:
1) your source of your software is tainted. Re-think how you obtain such things (the store is usually pretty straightforward and noob-friendly), and edu-ma-cate yourself by asking around on the interwebs.
2) check wikipedia for information about good and free virus scanners, get one or a few, and start scanning your computer. Chances are this isn't the only problem.
3) either obtain MS Office legally like the consumer wh*re you are, or break the law and search for a better source of this AutoKMS.exe file you were relying on (..without ever noticing it. Srsly, to me, that says "good software design").

As you might be able to tell, I'm not interested in the moral side of it all. People do what whatever they feel like and I feel like spreading useful and unbiased information atm. (well, I definitly *don't* feel like working, so that might be a better reason..)
(08-05-2011, 05:09 AM)icecubemachines Wrote: [ -> ]If anyone stumbles on this while using some google-fu, please let me clarify a few things with insights from an *actual* software developer.

OP:
*blah blah blah*
Then your safe, it wanted to access my system but strangely my anti-virus didn't detect it... But Visual Studio 2010 Ultimate DID.
It wanted to debug itself at startup, which is really fcked up.


When reading the above, you might feel compelled to believe the OP knows what he's talking about, but it actually demonstrates that he doesn't. (It also demonstrates that he has programming ambitions, but is actually too lazy to get serious about it, since he's confusing an intermediate topic such as a debugger, with him actually "decompiling code" and all that. Fascinating. Really.)

First of, when OP was installing Visual Studio with all bells and whistles, he automagically installed something called a "run-time debugger". Sh*t kicks in when a program crashes and fails to execute, and helps with "debugging" the problem --> it can show a bunch of data used by the program at the time of the crash. In order to do this, the regular "Error: sh*t is crashing!" window gets replaced by a fancy "would you like to debug this crash with Visual Studio?" window, for each and every program that crashes.

The fact that AutoKMS.exe crashed has nothing to do with it being dangerous or not. It crashed, and Visual Studio asked if it could help, and OP didn't know what was happening and assumed A) the program started to "debug itself"! B) it's a virus/spyware/trojan/whatever! C) My Visual Studio knows how to detect stuff! (<-- that one's quite funny, actually. ^^;)

Now, on to the fact whether AutoKMS.exe is dangerous or not:

- did you install an illegal copy of MS Office 2010?
If the answer is yes, then you're relying on AutoKMS.exe to extend your activation beyond 180 days. Without it, your illegal Office will start complaining about not being activated after 180 days.

- could it be dangerous nonetheless?
All software is potentially dangerous, but this particular item is created by someone with a pretty decent reputation (for a pirate). Since his/her (you can never be sure nowadays) motivation is "gain reputation" instead of "gain profit", you're pretty safe.

- my AV said it's dangerous
Where did you get your illegal Office? Some shady website or P2P network that you're not familiar with? Possibly, the file has been infected by someone who *is* out for profit, but chances of that happening are rather low (10% low, not 0.001% low). If your AV says it's a "keygen/hacktool", well.. it is. That's why you have it. To generate a key and hack MS Office every few days so it doesn't stop working after 180 days. If your AV says it's a trojan/backdoor/spyware etc., it could mean the file was modified to include such things. This would put you in the 10% category.

- so I'm in the 10% category, now what?
You have 3 tasks at hand:
1) your source of your software is tainted. Re-think how you obtain such things (the store is usually pretty straightforward and noob-friendly), and edu-ma-cate yourself by asking around on the interwebs.
2) check wikipedia for information about good and free virus scanners, get one or a few, and start scanning your computer. Chances are this isn't the only problem.
3) either obtain MS Office legally like the consumer wh*re you are, or break the law and search for a better source of this AutoKMS.exe file you were relying on (..without ever noticing it. Srsly, to me, that says "good software design").

As you might be able to tell, I'm not interested in the moral side of it all. People do what whatever they feel like and I feel like spreading useful and unbiased information atm. (well, I definitly *don't* feel like working, so that might be a better reason..)

Off subj, perhaps? That rather large phrase you posted up there seems to be able to judge any piece of software on a warez site, but I did not visit any wares site. It had been hack forums x-.-

It had been a malicious file. Why crack something then create files in a windows directory?... And since that darn download my computer was slow as hell. Sure seems you like defending this hacker, maybe you are affiliated with AutoKMS.exe? Not pointing any fingers though.
If this is true, then he'll have way too much infections by now. However, I am happy I never used KMS.
I'm a little confused now... Is this file safe or not? I have the AutoKMS.exe on my system to activate Office 2010, but a really don't want an infected pc.

If it really isn't safe: should I format my pc and re-install windows?
Hahaha
you make me laugh resistance.

You're clearly an idiot.


Its a false positive.

if you're a real hacker you would know that.

But you're not as you claim to be. Mr. Resistance-hacker-wannabe

STFU before your stupidy spreads
@icecubemachines

don't bash him

hes an idiot

hes doesn't even know how KMS activation works thats why he doesnt understand why kms is stored in windows directory (simply to say it needs to be safe because if a user deletes it, when your office 2k10 expires you gotta have the fix again) and he doesnt understand why it needs to be on startup (wait, how would a program know if the license was expired? the program must have a frequency on checking and the easiest way for this is either on task scheduler or on every os boot which is the startup)

and what's his reason why this program is a trojan?

THE AV's report.

quoting...
ost likely a Trojan because my AV's didn't detect any threats till it was finally ran until I rebooted my computer for that crappy activation, so it planned on being a destructive little bitch.


WHAT A freakin IDIOT.

HAHAHA
EVERYONE. AutoKMS is safe. 100% false positive.

AV's tag it as potentially unsafe due to the fact that it came from WAREZ sites...its hard to know what's legit crack and whats a crack with a trojan/virus in it. but if youre an expert like me or you understand how things work in the warez world..you'll know

plus the fact that AVs themselve tag KEYGENS/CRACKS/FIX related to the AV as potentially unsafe is because these program modify parts of the AV so that you would have 1million days of trial, instant activation without even paying for it, unlocked features.

you get what i mean?

they wanted to protect their software or the business


its like media and medicine saying..oohhh you should buy and take daily fish oil so you reduce the risk of having a heart attack etc.etc all the bullshit. which scares you so that you buy their products that you dont actually have to
(08-06-2011, 06:12 PM)Resistance Wrote: [ -> ]Off subj, perhaps? That rather large phrase you posted up there seems to be able to judge any piece of software on a warez site, but I did not visit any wares site. It had been hack forums x-.-

It had been a malicious file. Why crack something then create files in a windows directory?... And since that darn download my computer was slow as hell. Sure seems you like defending this hacker, maybe you are affiliated with AutoKMS.exe? Not pointing any fingers though.

Hahaha
you make me laugh resistance.

You're clearly an idiot.


Its a false positive.

if you're a real hacker you would know that.

But you're not as you claim to be. Mr. Resistance-hacker-wannabe

STFU before your stupidy spreads
@icecubemachines

don't bash him

hes an idiot

hes doesn't even know how KMS activation works thats why he doesnt understand why kms is stored in windows directory (simply to say it needs to be safe because if a user deletes it, when your office 2k10 expires you gotta have the fix again) and he doesnt understand why it needs to be on startup (wait, how would a program know if the license was expired? the program must have a frequency on checking and the easiest way for this is either on task scheduler or on every os boot which is the startup)

and what's his reason why this program is a trojan?

THE AV's report.

quoting...
ost likely a Trojan because my AV's didn't detect any threats till it was finally ran until I rebooted my computer for that crappy activation, so it planned on being a destructive little bitch.


WHAT A freakin IDIOT.

HAHAHA
EVERYONE. AutoKMS is safe. 100% false positive.

AV's tag it as potentially unsafe due to the fact that it came from WAREZ sites...its hard to know what's legit crack and whats a crack with a trojan/virus in it. but if youre an expert like me or you understand how things work in the warez world..you'll know

plus the fact that AVs themselve tag KEYGENS/CRACKS/FIX related to the AV as potentially unsafe is because these program modify parts of the AV so that you would have 1million days of trial, instant activation without even paying for it, unlocked features.

you get what i mean?

they wanted to protect their software or the business


its like media and medicine saying..oohhh you should buy and take daily fish oil so you reduce the risk of having a heart attack etc.etc all the bullshit. which scares you so that you buy their products that you dont actually have to
The above new user makes me laugh. I don't take anybody seriously on the internet without proper grammar. If you want anyone to listen to that you'll convince a goon kid. Go back to batch programming.
Pages: 1 2 3