Ok, there is this virus that I have used malwarebytes, avast, & SpyHunter to get rid of & protect myself from malware, but even with using all these programs to get rid of it, it keeps coming back, to be honest I don’t even know if it is dangerous, all I know is that no matter how many times I get rid of it, it always comes back, here is picture of the malware that keeps coming back no matter how many times I get rid of it, please help. The name of the virus is HackTool.IdleKMS, & is a file type, & it’s location is C:/-this dash is supposed to be the other way around Windows/-this dash is supposed to be the other way around/-same with this one SECOH-QAD.exe. Basically it’s this, C:/Windows/SECOH-QAD.exe. So please help.
Are you running cracked windows OS or office?
If you want to use Windows, you will have to pay for it.
If you don’t want to pay for a OS, use one of the many free ones (Linux, FreeBSD etc).
I don’t know what your talking about my computer came with a free update to windows 10, I got the download from the microsoft store for free, after i had to reset my computer, & had to re-download windows 10, so I’m very confused by these replys, does this malware have something to do with me getting windows 10, because I got that completely legally, & my computer came with the download, also malwarebytes detected it again, I have to get rid of it once again, what I’m doing wrong, how do I completely get rid of it, I got windows 10 properly & shouldn’t be having this issue. I have also been using SpyHunter, AdwCleaner, avast, & malwarebytes to keep my computer clean, but I still can’t permantly get rid of it, also can someone tell me if it’s dangerous, because I can’t seem to get rid of it, & again I say i got windows 10 properly so these shouldn’t be any problem with that. Also can some tell me what exactly this HackTool thing is & whether its dangerous? I can’t get rid of it, & I got windows 10 properly, please help?
It is a hacktool used to bypass microsoft license, and that is considerd stealing
Those nice guys that give this away for free may also bundle it with some extra programs they dont tell you about :o
SpyHunter will only remove what it find in payed version
follow instructions here https://forum.avast.com/index.php?topic=53253.0
we need Malwarebytes and Farbar Recovery Scan Tool logs, attach the logs, 3 logs total
see below the box you write in … Attachments and other options
When done a expert will check logs and assist you
Here’s one file, FRST.txt
Here’s Addition Log.
Here’s my malwarebytes log.
It may take some hours before the malware expert is online
That’s fine, HackTool isn’t dangerous right, I can still do stuff on my computer right, also thanks for the help, I just find it weird that this happening, because I got the upgrade from the microsoft store, which was free till July since my computer qualified, & was a windows 8, so Im very confused by this whole thing, since I’m pretty sure I got it legally from the microsoft store, also thanks for the help? Also I have one more attachment I should be posting later once the scan is done from aswMBR.
Let me know how the computer is after this
CAUTION : This fix is only valid for this specific machine, using it on another may break your computer
Open notepad and copy/paste the text in the quotebox below into it:
CreateRestorePoint: SearchScopes: HKLM -> DefaultScope {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL = hxxp://www.exlee.com/results.php?f=4&a=xle_installertech_16_19&cd=2XzuyEtN2Y1L1QzuyDyCtAyDtAtDzzzztA0C0FyE0D0EyCyBtN0D0Tzu0StCyDzyyEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StCyC0A0B0CtC0F0FtGtC0A0F0CtGtCtDtByCtGtA0EtDzytGzyzztDtBtDtD0AzyzzyEtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0D0FyB0F0D0CtG0Bzy0FtCtGyEyBtByCtGzzyBtA0EtG0EyEtAzzyBzz0CzytCtB0D0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzyyB&cr=2049894186&q={searchTerms} SearchScopes: HKLM -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL = hxxp://www.exlee.com/results.php?f=4&a=xle_installertech_16_19&cd=2XzuyEtN2Y1L1QzuyDyCtAyDtAtDzzzztA0C0FyE0D0EyCyBtN0D0Tzu0StCyDzyyEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StCyC0A0B0CtC0F0FtGtC0A0F0CtGtCtDtByCtGtA0EtDzytGzyzztDtBtDtD0AzyzzyEtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0D0FyB0F0D0CtG0Bzy0FtCtGyEyBtByCtGzzyBtA0EtG0EyEtAzzyBzz0CzytCtB0D0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzyyB&cr=2049894186&q={searchTerms} SearchScopes: HKU\S-1-5-21-3415079645-692837945-3987682919-1001 -> DefaultScope {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL = hxxp://www.exlee.com/results.php?f=4&a=xle_installertech_16_19&cd=2XzuyEtN2Y1L1QzuyDyCtAyDtAtDzzzztA0C0FyE0D0EyCyBtN0D0Tzu0StCyDzyyEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StCyC0A0B0CtC0F0FtGtC0A0F0CtGtCtDtByCtGtA0EtDzytGzyzztDtBtDtD0AzyzzyEtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0D0FyB0F0D0CtG0Bzy0FtCtGyEyBtByCtGzzyBtA0EtG0EyEtAzzyBzz0CzytCtB0D0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzyyB&cr=2049894186&q={searchTerms} SearchScopes: HKU\S-1-5-21-3415079645-692837945-3987682919-1001 -> {53e2f62a-3083-46e6-8527-cf89e4acb4ae} URL = hxxp://www.exlee.com/results.php?f=4&a=xle_installertech_16_19&cd=2XzuyEtN2Y1L1QzuyDyCtAyDtAtDzzzztA0C0FyE0D0EyCyBtN0D0Tzu0StCyDzyyEtN1L2XzutAtFtCzytFtCtFtDtN1L1Czu2V1I1P1V1L1G1B2Z1T1I1I1P1C2Z1P1R1MtN1L1G1B1V1N2Y1L1Qzu2StCyC0A0B0CtC0F0FtGtC0A0F0CtGtCtDtByCtGtA0EtDzytGzyzztDtBtDtD0AzyzzyEtD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0Ezz0D0FyB0F0D0CtG0Bzy0FtCtGyEyBtByCtGzzyBtA0EtG0EyEtAzzyBzz0CzytCtB0D0F2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCzzzyyB&cr=2049894186&q={searchTerms} R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-25] (@ByELDI) [File not signed] 2016-05-21 09:24 - 2016-05-21 09:24 - 00004096 _____ C:\WINDOWS\SECOH-QAD.exe 2016-05-12 23:37 - 2016-05-19 08:38 - 00000000 ____D C:\Users\Bridget\AppData\Local\{38290E75-1C81-62CD-7119-47255571BBBD} Task: {D9829C5F-1708-45D0-A090-530459019EB3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-25] (@ByELDI) C:\Program Files\KMSpico Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers
Save this as fixlist.txt, in the same location as FRST.exe
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
THEN
Please download AdwCleaner by Xplode onto your desktop.
[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.
Hacktool (as well as KMSPico) are dangerous.
Dangerous is also downloading illegal things, visiting dubious/malicious websites.
Here’s my last log.
essexboy, I ran FRST with the fixlist hit fix, it finished, it then restarted but I don’t think it genereated a log, a may have done something wrong, but I don’t think so.
but I don't think it genereated a logIf not, run a new frst scan, like the first one you did and attach a fresh frst.txt log
Wait nevermind, I think this the log for the fix result.
Are the ADW logfiles from the most recent scans, the (S3), are the most recent ones.
Wait meant to say the (C3) ones are from the most recent scan(s).
Please only do what you are ask to do.