Share via

hacktool

Anonymous
2017-10-31T08:05:41+00:00

i probably installed this as a virus 

HackTool:Win32/AutoKMS

and defender can't delete it completely anyone can help please?

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2017-11-01T05:07:17+00:00

    Since that**.DLL** file is in a temp folder, run Disk Cleanup to clear those folders out. Press Windows + R. Type Cleanmgr to openDisk Cleanup.

    That's in addition to following ALL of the steps at that link to Malware Tips José linked you to, which is at the very bottom of his first post. One user finally got rid of that hack tool after running Hitman Pro, but follow the other steps too, regardless. Every case isn't necessarily exactly the same.

    Edited to note there's usually more to an infection than one file, so clearing out that temp folder won't get rid of the hack tool.

    1 person found this answer helpful.
    0 comments
  2. Anonymous
    2017-10-31T08:50:43+00:00

    What is the complete full path (location) where Windows Defender indicates that the threat resides?

    Have a look where the file is located:

    QUOTE

    Scan results can be viewed by opening Windows Defender and looking at the last scan details. If anything was detected, it will show in the 'History' tab. If you want to see more detailed logs, you can view them in Event Viewer > Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational. If malware was detected malware, it will show as a 'Warning' with a yellow warning sign and details.

    UNQUOTE

    -=-

    Look for someting like this:

    file*:F:\New folder (5)\Office 2016 VL ProPlus English (x86-x64) 6 Dec 2016\Office_ProPlus_2016_64Bit_EN_2016.12.06.iso->\bonus\Microsoft Toolkit 2.6.1\MTKV261.zip->Microsoft Toolkit.exe*

    :F:\New folder (5)\Office 2016 VL ProPlus English (x86-x64) 6 Dec 2016\Office_ProPlus_2016_64Bit_EN_2016.12.06.iso

    -=-

    Pay particular attention to any comments by Rob Koch replied on August 23, 2016

    Take a look at the Defender logs for this detection under the History tab, All detected items radio button. When you display the item details, the last section which typically requires that you scroll to the bottom should list the folder and file the hacktool was detected in.

    If you can cut and paste those details here we can possibly help you with removal. Most of this particular detection I've seen here are typically contained in packed files containing other programs as well, which is why Defender fails to remove them since it can't without deleting the entire container file, which it won't do by default.

    Rob

    <<https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=HackTool:Win32/AutoKMS>>

    <<https://malwaretips.com/blogs/remove-hacktool-win32-autokms/>

    1 person found this answer helpful.
    0 comments
  3. Anonymous
    2017-10-31T12:28:18+00:00

    What is the complete full path (location) where Windows Defender indicates that the threat resides?

    Have a look where the file is located:

    QUOTE

    Scan results can be viewed by opening Windows Defender and looking at the last scan details. If anything was detected, it will show in the 'History' tab. If you want to see more detailed logs, you can view them in Event Viewer > Applications and Services Logs > Microsoft > Windows > Windows Defender > Operational. If malware was detected malware, it will show as a 'Warning' with a yellow warning sign and details.

    UNQUOTE

    -=-

    Look for someting like this:

    file*:F:\New folder (5)\Office 2016 VL ProPlus English (x86-x64) 6 Dec 2016\Office_ProPlus_2016_64Bit_EN_2016.12.06.iso->\bonus\Microsoft Toolkit 2.6.1\MTKV261.zip->Microsoft Toolkit.exe*

    :F:\New folder (5)\Office 2016 VL ProPlus English (x86-x64) 6 Dec 2016\Office_ProPlus_2016_64Bit_EN_2016.12.06.iso

    -=-

    Pay particular attention to any comments by Rob Koch replied on August 23, 2016

    Take a look at the Defender logs for this detection under the History tab, All detected items radio button. When you display the item details, the last section which typically requires that you scroll to the bottom should list the folder and file the hacktool was detected in.

    If you can cut and paste those details here we can possibly help you with removal. Most of this particular detection I've seen here are typically contained in packed files containing other programs as well, which is why Defender fails to remove them since it can't without deleting the entire container file, which it won't do by default.

    Rob

    <<https://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=HackTool:Win32/AutoKMS>>

    <<https://malwaretips.com/blogs/remove-hacktool-win32-autokms/>

    file: C:\Windows\Temp\SppExtComObjHook.dll is this the full path of it?

    0 comments
  4. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more

  5. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more