Author Topic: What the heck is kmsemulator.exe?  (Read 96365 times)

0 Members and 2 Guests are viewing this topic.

Offline NOLADaddy

  • Newbie
  • *
  • Posts: 5
What the heck is kmsemulator.exe?
« on: December 03, 2011, 12:41:28 AM »
Hello.

First off, I am a 40 year old man who is anything but computer savvy, so please refrain from mocking me. Second off, please understand that this situation is scary for me, so concise answers are greatly appreciated.

Here is the situation, my 12 year old son installed something with a virus today on our home computer. Something that has to do with Microsoft Office (which doesn't make sense, since our system came with Officer Starter).

Anyway, my Adaware and Avast blocked some virus program called kmsemulator.exe. When I go scan for it, Avast comes up with it being Malware. I deleted the file, but that can't be the end of it.

I've heard that these viruses take more to get rid of. So my questions are this: What kind of virus is kmsemulator.exe? What kind of damage can it do (I don't know the difference between a virus and malware)? And what is the best way to get rid of this virus?

Any candid and concise help will be appreciated!

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23552
  • malware fighter
Re: What the heck is kmsemulator.exe?
« Reply #1 on: December 03, 2011, 12:51:51 AM »
Hi NOLADaddy,

It is a potential threat and a variant of WIn32/HackKMS.A. Riskware and a PUP,
Also see this thread here on the forums: http://forum.avast.com/index.php?topic=71140.0
It is a keygen crack,
see: http://www.backgroundtask.eu/Systeemtaken/taakinfo/54010/KMSEmulator.exe/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline NOLADaddy

  • Newbie
  • *
  • Posts: 5
Re: What the heck is kmsemulator.exe?
« Reply #2 on: December 03, 2011, 12:56:44 AM »
Win32/HackKMS, what?

Riskware, what?

PUP, what?

Keygen crack, what?

None of that makes any sense! And those links just go to an article arguing about what to call it, and a chart or graph of sorts.

What is this thing? How do I get rid of it?

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26517
Re: What the heck is kmsemulator.exe?
« Reply #3 on: December 03, 2011, 01:06:06 AM »
what malware name did avast give it ?

you say you deleted it.....not smart...you have no options left....now we can not investigate on the exact file  :'(



Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline NOLADaddy

  • Newbie
  • *
  • Posts: 5
Re: What the heck is kmsemulator.exe?
« Reply #4 on: December 03, 2011, 01:10:25 AM »
I don't remember the name. But I do remember that it was actually Adaware that caught it. When my son came and got me, it showed that Adaware blocked kmsemulator.exe.

So I shouldn't have deleted it? How do I make sure now that my system is safe and clean?

Or am I just screwed?

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26517
Re: What the heck is kmsemulator.exe?
« Reply #5 on: December 03, 2011, 01:13:18 AM »
and what name did Ad-Aware give it.....there should be a detection logg 
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline NOLADaddy

  • Newbie
  • *
  • Posts: 5
Re: What the heck is kmsemulator.exe?
« Reply #6 on: December 03, 2011, 01:17:42 AM »
Adaware called it kmsemulator.exe and HackTool.Win32.Keygen

Offline Gargamel360

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2351
  • Memento Mori
Re: What the heck is kmsemulator.exe?
« Reply #7 on: December 03, 2011, 01:22:27 AM »
Keygen crack, what?
If it was indeed a keygen or crack, those are hack programs mainly designed to trick paid software into thinking you have paid for it (keygen is short for key generator).

That would definitely fit with the age group your son is in.....a very common thing to try dowloading for kids, they see FREE offered and jump on it without thought of consequence, having most often never worked for a dime in their life yet.

If you are worried you might still be infected, download, update and run a scan with this>>http://www.malwarebytes.org/products/malwarebytes_free then if it finds anything, post the logs it will produce back here.
Signature?  But I gots no pen....

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 65806
Re: What the heck is kmsemulator.exe?
« Reply #8 on: December 03, 2011, 01:22:38 AM »
Thanks for your head up Polonus. Good to see you round.
The best things in life are free.

Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26517
Re: What the heck is kmsemulator.exe?
« Reply #9 on: December 03, 2011, 01:24:18 AM »
« Last Edit: December 03, 2011, 01:28:44 AM by Pondus »
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 23552
  • malware fighter
Re: What the heck is kmsemulator.exe?
« Reply #10 on: December 03, 2011, 01:24:31 AM »
Hi NOLADaddy,

Nothing to worry about, this is am possibly unwanted program, riskware. This files most often belongs to product localhost. A hacktool is a way to launch some program without having to buy it, that is wgy you have to terns keygen, crack, warez. You have it no longer, so you are secure,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline NOLADaddy

  • Newbie
  • *
  • Posts: 5
Re: What the heck is kmsemulator.exe?
« Reply #11 on: December 03, 2011, 01:30:29 AM »
Thank you so much, every one, for jumping on this and helping me feel secure.

Yes, after having a talk with my son, he admitted he was trying to get a newer version of Office for free.

I will deal with that later. I'm just glad that our home computer is safe.

I'll trying running those scans suggested. If anything pops up, I'll post it here.

Again, thank you everyone, for setting my mind at ease.