I did a boot-time scan and came up with C:\windows\AutoKMS.exel>[Embedded_I#05c46] is infected by win32:PUP-gen[PUP]. I tried option 1 “Automatically fix” but then I got something like Windows - are you sure? Well, no, I’m not sure at all. Then I tried Repair and got Repair Error 42060 (the file was not repaired). I have learned that PUP is Potentially Unwanted–so question #1 is how do I tell if it is really virus/malware etc. Question #2 is, if it IS something harmful, how do I deal with it?

AutoKMS.exe is crack for MS office :-\

http://www.steves-digicams.com/knowledge-center/say-no-to-cracks.html#b

there are plenty of free alternatives
openOffice http://www.openoffice.org/no/
Libre Office http://www.openoffice.org/no/
Kingsoft http://www.kingsoftstore.com/kingsoft-office-freeware.html

google doc http://www.google.com/docs/about/
ms dock http://www.howtogeek.com/183299/a-free-microsoft-office-is-office-online-worth-using/

That’s a helpful start. No good reason for it, because I have a legal copy of Office. Can you tell me if it is the “crack” itself that is causing the boot-time problem, or do I actually have a virus/malware etc.?

PUP = not virus / Possible Unwanted Program / riskware

malwarebytes PUP info
https://www.malwarebytes.org/pup/

you can upload and test suspicious files at these places
www.virustotal.com / www.metascan-online.com / www.jotti.org

if you want a check, follow instructions and attach requested logs. https://forum.avast.com/index.php?topic=53253.0

I ended up with far too many files, but I think the ones attached are the correct ones.

Malwarebytes log you have attached is protection log …
we need the scan log… if nothing was detected no need for it

I hope this is the right file.

Hi,

Looks like MBAM has been remove the all bad thing. Let’s check if there is anything undetected …

Please download Farbar Recovery Scan Tool (
http://www.mcshield.net/personal/magna86/Images/FRST_canned.png
) by Farbar and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them.
Only one of them will run on your system, that will be the right version.

[*]Double-click to run it. When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
[*]The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Files attached as directed.

Did the previous logs tell you whether the “bad” file was actually infected, or if it was just suspicious? If it was actually a part of my Office program and wasn’t malware itself, or infected with malware, would it be okay to restore it?

My late husband was very good with computers and had set up a complex home network. I just don’t want to mess anything up until I can find out where he put my legit copy of Office and have it installed.

I really do appreciate all your help. My husband was a great geek, but a lousy teacher, so I’m having to figure out all of this stuff from the ground up.

Did the previous logs tell you whether the "bad" file was actually infected, or if it was just suspicious? If it was actually a part of my Office program and wasn't malware itself, or infected with malware, would it be okay to restore it?

riskware
http://en.m.wikipedia.org/wiki/Riskware
http://usa.kaspersky.com/internet-security-center/threats/riskware#.U7SUiF8aySM

Hi, Pondus: Googling the suspicious filename was the very first thing I did when it was detected. There was so much conflicting information that I gave up very quickly and turned to Avast! help and discovered these forums. The impression I get from what I have read so far is that it Auto.kms isn’t recommended, but isn’t necessarily unsafe, either. When I Googled the filename at first, I saw one post that said Office will run just fine without that file, but I wanted to confirm that with Avast! experts because I have no idea whether the person who posted that comment knows what they’re talking about.

AutoKMS.exe is a time reseter, and it is appear in the logs as it start with Windows in attempt to reset Office back to day 1 of usage with each start. A program allow up to 180 days of free usage without rebooting. I’m not sure how much days it allow, I didn’t check …

This file can not be measured as real malware threat but yet again, this program does fraud (pirate) something which requires some payment for someones hardwork. And M$ does not offer Office for free so … File is illegal by itself but not real malware threat.
Same goes for adobe programs. The adobe CS5 is not legal as well …
You need to think about further proceedings.

In addition to the above, FRST does not show any loaded malware. The DelFix tool shall remove malware rmeoval tool. MBAM shall stay installed.

• The following will implement some post-cleanup procedures:

=> Please download DelFix by Xplode to your Desktop.

Run the tool and check the following boxes below;
[i]
http://www.mcshield.net/personal/magna86/Images/checkmark.png
Remove disinfection tools

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Create registry backup

http://www.mcshield.net/personal/magna86/Images/checkmark.png
Purge System Restore [/i]
Click Run button and wait a few seconds for the programme completes his work.
At this point all the tools we used here should be gone. Tool will create an report for you (C:[b]DelFix.txt[/b])

The tool will also record healthy state of registry and make a backup using ERUNT program in %windir%\ERUNT\DelFix
Tool deletes old system restore points and create a fresh system restore point after cleaning.

Thank you Polonus, Pondus and magna86 for all your help! This has been a real learning experience. I don’t know why my legal copy of Office wasn’t installed, but I will attempt to find it and install it. The clear explanation of what the Auto.KMS is and what it does are very much appreciated!