https://www.microsoft.com/security/p...:Win32/AutoKMS
I'm not insinuating anything but are you sure all your software is correctly registered etc?
I took my laptop to a local repair shop to get the socket fixed. When I got it back the speakers no longer worked. So I asked the guy to fix the problem and I now have the laptop back but Windows Defender has detected some malware; HackTool:Win32/AutoKMS. I've deleted it but now I'm worried that the "repair" guy did something dodgy to my laptop. Should I be worried and if so what security steps should I take?
Last edited by Rocket Man; 5th October 2015 at 21:10.
https://www.microsoft.com/security/p...:Win32/AutoKMS
I'm not insinuating anything but are you sure all your software is correctly registered etc?
Yep I have a legit version of microsoft office.
Why would the repair guy have tried to hack it?!
Norton has also just detected a trojan horse called SAPE.Installer.87 and a virus called PUA.Gen.3
Now I am really getting worried.
Last edited by Rocket Man; 5th October 2015 at 22:27.
My guess would be that the repair shop has used some cracked software on your machine. Why they'd want to do that when fixing a socket I can't imagine.
they could also have taken your legit windows licence, re-cycled it and installed a cracked version of windows, autoKMS is used to crack Office and Windows itself, I wouldn't worry about the anti virus as its a false flag.
Yes auto kMs is used to bypass activation on both windows and office products the other one if not sure of without looking up, but could be they have virused your machine by using an infected drive or machine rather than malicious install
More worryingly you have Norton product protecting you and your information I'd change that straight away !
Honestly in 20 years of pc repair the two biggest products I'd avoid are Norton and mcafee 🏼
Last edited by Seamaster77; 6th October 2015 at 08:43.
I wouldn't worry - Microsoft uses this file sometimes in its toolkitand it should have been cleaned off. The repair shop might have run some anti virus software and this file can be a by product of those runs just picking up as a trojan.
B
If you can find using start then search bar either mstoolkit.exe or microsoft toolkit.exe they are at least two programs that use the autokms installer
program itself i wouldn't worry about it could have been on a while
how old is the laptop, is it new ? have you have taken it to a shop and paid for a newer version of windows or microsoft office ?
all that would help point towards someone installing software and using autokms to bypass activation (ie not licenced software)
using toolkit file if its on your machien you can run it and check if its showing any activation for either windows or office
id also suggest running eset smart security and malwarebytes to run a comlpete scan on your system both products have a free trail and see if they flag up anything more
Your laptop should have a tag with the Windows licence number on it (usually on the back). You can check if it matches the one on the Computer info screen (Right click on my computer - Properties). Although, it will probably have an OEM licence that has been used on the whole batch of laptops like yours
LE : This is what to look for :
Even if they installed a cracked one, as long as you have that serial number you can just re install it yourself and use the serial to activate it, so I wouldn't worry too much
Last edited by asteclaru; 6th October 2015 at 13:29.
Try running windows updates from the control panel. I believe these become unavailable with cracked versions.