Follow:

 

HackTool:Win32/AutoKMS


Microsoft security software detects and removes this threat.

It can be used to "crack" or patch unregistered copies of Microsoft Office.

We recommend you don't use hacktools as they can be associated with malware or potentially unwanted software. We have seen malware distributed with these tools.



What to do now

Use the following free Microsoft software to detect and remove this threat:

You should also run a full scan. A full scan might find other, hidden malware.

Get more help

You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.

If you’re using Windows XP, see our Windows XP end of support page.

Hacktools are often installed intentionally. Deleting their installed components will remove them.

Threat behavior

This tool tries to activate an unregistered copy of Microsoft Office

It shows the following message:

 

It drops AutoKMS.log into your PC. This file contains the following text:

----------------------------------------
AutoKMS 2.4.3.0 Ran At<date run>.
Attempting To Activate Microsoft Office
Attempting to Activate OfficeProPlus-KMS_Client
<Product activation successful>
----------------------------------------

It also creates a task so that the tool is run everyday at the same time.

Analysis by Ferdinand Plazo


Symptoms

You might see a message box that looks like this:


Prevention


Alert level: Medium
First detected by definition: 1.165.2765.0
Latest detected by definition: 1.179.1164.0 and higher
First detected on: Jan 28, 2014
This entry was first published on: Feb 04, 2014
This entry was updated on: Aug 21, 2014

This threat is also detected as:
No known aliases