AutoKMS.exe virus

Posted on 2012-09-06
Last Modified: 2013-11-22
Good morning,

Here is teh scenario.  A user brought their HP Pavilion laptop to me.  I opened it up and the first thing that happened was an error message that "windows Explorer was starting and stopping"  and then all of the icons on the screen disappeared and the screen went blank.

first thing I did was go to task manager and found the cmd.exe.  I added the hidden administrator and then I from a blog I read , in the cmd.exe  I copied the explorer.exe file to another location, renamed the file and the then copied the renamed file back to the c:\Windows location  name is  PAL.exe.  

From the task manager I went to regedit.exe and at HKLM\Software\Microsoft\WindowsNT\Current Version \WinLogon  and for the shell I change the explorer.exe to PAL.exe.    I then logged off the machine and logged back on.

Now my icons are all there but when I try to go to the Start Menu and select "All Programs"  I get that error message that the windows explorer is stopping.  Also, My "Pin to Start menu items" are missing.  

Another thing I tried was to copy explorer.exe from another 64 bit machine.  This didn't work so I reverted back to my PAL.exe file.  

2 questions--1. is there a valid registry cleaner I can use to get this machine up and running?
2. What is the proper method for getting a good copy of explorer.exe, and if I do will this fix my "All Programs" issue or is there just another tweak in the registry I need to make to fis this Windows Explorer is stopping issue?
Question by:Lamrski
    LVL 29

    Expert Comment

    by:Sudeep Sharma
    If this is virus/malware or torjan then any registry cleaner or registry fixer would not work.

    You would need to clean the system with the well known tools.

    I would recommend to scan the system with the tools mentioned below and in the sequence they are mentioned and post the logs

    Make sure you DO NOT REBOOT the system after running tools in point 1 & 2.

    1. RogueKiller/TheKiller
    2. MalwareBytes
    3. TDSSKIller

    I would also recommend you to go through the articles from Younghv and RPG for the links of the tools and for the future reference

    Basic Malware Troubleshooting



    Run MalwareBytes in Quick Mode and if that required reboot, then reboot the system and run tools mentioned in point 1 and 2 but this time run MalwareBytes in Full Systen Scan.

    So in your next reply post the RogueKiller logs, MBAM logs and TDSSKIller Logs

    LVL 7

    Accepted Solution

    AutoKMS is mostly not a virus. It is a popular software while "validates" (cracks) latest MS Office installations. KMS stands for Key Management Service. It is normally found in C:\Windows\AutoKMS.exe.

    Try booting to the "last known good configuration" or if you could try to "restore to a previous restore point".

    If you own the CD for your operating system, perform a "repair installation". None of the available registry cleaners can help you as they are built to find erroneous data.

    Please backup all your data before you run the repair.

    Author Comment

    Thank you for for your answer .  I found out that this verison  of MS Office that the user was using was a "hacked" version.  I ended up backing up the data from the machine and then I installed a fresh install of windows 7 home premium.  I pruchased avalid copy of MS Office.   Now all is good thank you for your help.  It is much appreciated!!

    Author Closing Comment

    BTW, there were no restore points available.  and I had rebboted so many times that the  "LKGC"  would not work even if I tried.  Thank youi though.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
    Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
    This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
    This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now