Laptop security advice needed - should I be worried?!

**Rocket Man** · 5th October 2015, 21:01

I took my laptop to a local repair shop to get the socket fixed. When I got it back the speakers no longer worked. So I asked the guy to fix the problem and I now have the laptop back but Windows Defender has detected some malware; HackTool:Win32/AutoKMS. I've deleted it but now I'm worried that the "repair" guy did something dodgy to my laptop. Should I be worried and if so what security steps should I take?

**Jubal** · 5th October 2015, 21:20

https://www.microsoft.com/security/p...:Win32/AutoKMS

I'm not insinuating anything but are you sure all your software is correctly registered etc?

**Rocket Man** · 5th October 2015, 22:21

Yep I have a legit version of microsoft office.

Why would the repair guy have tried to hack it?!

Norton has also just detected a trojan horse called SAPE.Installer.87 and a virus called PUA.Gen.3

Now I am really getting worried.

**Tony** · 5th October 2015, 22:59

My guess would be that the repair shop has used some cracked software on your machine. Why they'd want to do that when fixing a socket I can't imagine.

**Rocket Man** · 6th October 2015, 08:29

Originally Posted by Tony

My guess would be that the repair shop has used some cracked software on your machine. Why they'd want to do that when fixing a socket I can't imagine.

Thanks Tony, that makes sense. When they 'fixed' the socket the speakers stopped working so I took it back and asked them to sort it out - at some point during this process they must have used cracked software for some reason...

**soundood** · 6th October 2015, 08:32

they could also have taken your legit windows licence, re-cycled it and installed a cracked version of windows, autoKMS is used to crack Office and Windows itself, I wouldn't worry about the anti virus as its a false flag.

**Seamaster77** · 6th October 2015, 08:38

Yes auto kMs is used to bypass activation on both windows and office products the other one if not sure of without looking up, but could be they have virused your machine by using an infected drive or machine rather than malicious install

More worryingly you have Norton product protecting you and your information I'd change that straight away !

Honestly in 20 years of pc repair the two biggest products I'd avoid are Norton and mcafee

🏼

**Rocket Man** · 6th October 2015, 09:28

Originally Posted by soundood

they could also have taken your legit windows licence, re-cycled it and installed a cracked version of windows, autoKMS is used to crack Office and Windows itself, I wouldn't worry about the anti virus as its a false flag.

Do you know how I can check if my version of windows is legit or cracked?!

**Rocket Man** · 6th October 2015, 09:29

Originally Posted by Seamaster77

Yes auto kMs is used to bypass activation on both windows and office products the other one if not sure of without looking up, but could be they have virused your machine by using an infected drive or machine rather than malicious install

More worryingly you have Norton product protecting you and your information I'd change that straight away !

Honestly in 20 years of pc repair the two biggest products I'd avoid are Norton and mcafee



Thanks, I only have a free trial of Norton so may decide not to continue with it.

How worried should I be about the auto KMS issue? Is this evidence of the 'repair' guy having done something dodgy?!

**Brian** · 6th October 2015, 10:04

I wouldn't worry - Microsoft uses this file sometimes in its toolkitand it should have been cleaned off. The repair shop might have run some anti virus software and this file can be a by product of those runs just picking up as a trojan.

B

**Seamaster77** · 6th October 2015, 10:08

If you can find using start then search bar either mstoolkit.exe or microsoft toolkit.exe they are at least two programs that use the autokms installer

program itself i wouldn't worry about it could have been on a while

how old is the laptop, is it new ? have you have taken it to a shop and paid for a newer version of windows or microsoft office ?

all that would help point towards someone installing software and using autokms to bypass activation (ie not licenced software)

using toolkit file if its on your machien you can run it and check if its showing any activation for either windows or office

id also suggest running eset smart security and malwarebytes to run a comlpete scan on your system both products have a free trail and see if they flag up anything more

**asteclaru** · 6th October 2015, 13:21

Originally Posted by Rocket Man

Do you know how I can check if my version of windows is legit or cracked?!

Your laptop should have a tag with the Windows licence number on it (usually on the back). You can check if it matches the one on the Computer info screen (Right click on my computer - Properties). Although, it will probably have an OEM licence that has been used on the whole batch of laptops like yours

LE : This is what to look for :

Even if they installed a cracked one, as long as you have that serial number you can just re install it yourself and use the serial to activate it, so I wouldn't worry too much

**Layin_Cable** · 6th October 2015, 15:54

Try running windows updates from the control panel. I believe these become unavailable with cracked versions.

**Seamaster77** · 6th October 2015, 16:52

Originally Posted by Layin_Cable

Try running windows updates from the control panel. I believe these become unavailable with cracked versions.

with autokms all updates will still run

Thread: Laptop security advice needed - should I be worried?!

Thread Tools

Search Thread

Display

Laptop security advice needed - should I be worried?!

Laptop security advice needed - should I be worried?!

Posting Permissions