Author Topic: What the heck is kmsemulator.exe?  (Read 151927 times)

0 Members and 1 Guest are viewing this topic.

NOLADaddy

  • Guest
What the heck is kmsemulator.exe?
« on: December 03, 2011, 12:41:28 AM »
Hello.

First off, I am a 40 year old man who is anything but computer savvy, so please refrain from mocking me. Second off, please understand that this situation is scary for me, so concise answers are greatly appreciated.

Here is the situation, my 12 year old son installed something with a virus today on our home computer. Something that has to do with Microsoft Office (which doesn't make sense, since our system came with Officer Starter).

Anyway, my Adaware and Avast blocked some virus program called kmsemulator.exe. When I go scan for it, Avast comes up with it being Malware. I deleted the file, but that can't be the end of it.

I've heard that these viruses take more to get rid of. So my questions are this: What kind of virus is kmsemulator.exe? What kind of damage can it do (I don't know the difference between a virus and malware)? And what is the best way to get rid of this virus?

Any candid and concise help will be appreciated!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: What the heck is kmsemulator.exe?
« Reply #1 on: December 03, 2011, 12:51:51 AM »
Hi NOLADaddy,

It is a potential threat and a variant of WIn32/HackKMS.A. Riskware and a PUP,
Also see this thread here on the forums: http://forum.avast.com/index.php?topic=71140.0
It is a keygen crack,
see: http://www.backgroundtask.eu/Systeemtaken/taakinfo/54010/KMSEmulator.exe/

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

NOLADaddy

  • Guest
Re: What the heck is kmsemulator.exe?
« Reply #2 on: December 03, 2011, 12:56:44 AM »
Win32/HackKMS, what?

Riskware, what?

PUP, what?

Keygen crack, what?

None of that makes any sense! And those links just go to an article arguing about what to call it, and a chart or graph of sorts.

What is this thing? How do I get rid of it?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: What the heck is kmsemulator.exe?
« Reply #3 on: December 03, 2011, 01:06:06 AM »
what malware name did avast give it ?

you say you deleted it.....not smart...you have no options left....now we can not investigate on the exact file  :'(



Clean, Quarantine, or Delete?
http://antivirus.about.com/b/2007/03/11/clean-quarantine-or-delete.htm

NOLADaddy

  • Guest
Re: What the heck is kmsemulator.exe?
« Reply #4 on: December 03, 2011, 01:10:25 AM »
I don't remember the name. But I do remember that it was actually Adaware that caught it. When my son came and got me, it showed that Adaware blocked kmsemulator.exe.

So I shouldn't have deleted it? How do I make sure now that my system is safe and clean?

Or am I just screwed?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: What the heck is kmsemulator.exe?
« Reply #5 on: December 03, 2011, 01:13:18 AM »
and what name did Ad-Aware give it.....there should be a detection logg 

NOLADaddy

  • Guest
Re: What the heck is kmsemulator.exe?
« Reply #6 on: December 03, 2011, 01:17:42 AM »
Adaware called it kmsemulator.exe and HackTool.Win32.Keygen

Gargamel360

  • Guest
Re: What the heck is kmsemulator.exe?
« Reply #7 on: December 03, 2011, 01:22:27 AM »
Keygen crack, what?
If it was indeed a keygen or crack, those are hack programs mainly designed to trick paid software into thinking you have paid for it (keygen is short for key generator).

That would definitely fit with the age group your son is in.....a very common thing to try dowloading for kids, they see FREE offered and jump on it without thought of consequence, having most often never worked for a dime in their life yet.

If you are worried you might still be infected, download, update and run a scan with this>>http://www.malwarebytes.org/products/malwarebytes_free then if it finds anything, post the logs it will produce back here.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: What the heck is kmsemulator.exe?
« Reply #8 on: December 03, 2011, 01:22:38 AM »
Thanks for your head up Polonus. Good to see you round.
The best things in life are free.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37504
  • Not a avast user
Re: What the heck is kmsemulator.exe?
« Reply #9 on: December 03, 2011, 01:24:18 AM »
« Last Edit: December 03, 2011, 01:28:44 AM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: What the heck is kmsemulator.exe?
« Reply #10 on: December 03, 2011, 01:24:31 AM »
Hi NOLADaddy,

Nothing to worry about, this is am possibly unwanted program, riskware. This files most often belongs to product localhost. A hacktool is a way to launch some program without having to buy it, that is wgy you have to terns keygen, crack, warez. You have it no longer, so you are secure,

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

NOLADaddy

  • Guest
Re: What the heck is kmsemulator.exe?
« Reply #11 on: December 03, 2011, 01:30:29 AM »
Thank you so much, every one, for jumping on this and helping me feel secure.

Yes, after having a talk with my son, he admitted he was trying to get a newer version of Office for free.

I will deal with that later. I'm just glad that our home computer is safe.

I'll trying running those scans suggested. If anything pops up, I'll post it here.

Again, thank you everyone, for setting my mind at ease.