New Old Vicious Malware is back

[iamskippy]

Just wanted to give everyone that a oldie but a goodie is rearing its head again. I will mask itself as security software for you to update your own. Its malware with a bite to it. I have not seen this in about a year, so i am not sure of its new abililities, however AVG picked it up this am, and was able to remove it. I would also suggest a clean up program call cleanup

It resides in C:\windows\kmsact.exe and comes with its own keygen attached, so chances are its looking for operating information and keys to use, but none the less be on the look out for any monkey business.

kmsact.exe description : The filename kmsact.exe was last seen on 07.12.2010, and it is considered as unsafe. Threat name Malware Filename [System32Root]\kmsact.exe Filesize Unknown Last seen 07.12.2010 Status Known to RemoveIT Pro as unsafe. This file can perform following behavior. - File is created as process on the disk. - This process can create, delete or modify files on the disk.

should you see any un usual activity, please scan you pc with updated anti virus and anti spyware and anti malware as this is malware. If at that point you are not confortable. do the following, again keep in mind this is more advanced if you have allowed it to install.

1. Temporarily Disable System Restore, Reboot computer in SafeMode;

2. Locate kmsact.exe virus files and uninstall kmsact.exe files program. Follow the screen step-by-step screen instructions to complete uninstallation of kmsact.exe.

3. Delete/Modify any values added to the registry related with kmsact.exe,Exit registry editor and restart the computer; ( hkey_users\.default\software\winrar sfx )

4.Clean/delete all kmsact.exeinfected file(s):kmsact.exe and related,or rename kmsact.exe virus files;

5.Please delete all your IE temp files with kmsact.exe manually,run a whole scan with antivirus program ;


as always of you have any question please feel free to ask. I will be posting something about the iTunes issues in a little bit as well as a few of our brothers have been effected by it.


**** please be advised this is my opinion, methodology's and doesn't reflect on this site, or its proprietor what so ever *******

[iamskippy]

Bump for awareness,

[Mugz]

Just going to post something like this.......

My Mom's laptop got a virus. It loaded a false antivirus program (which took me awhile to realize it was FALSE and a virus). Booted up in Safe Mode, scanned computer. Found several trojans, etc, etc. Deleted these programs and all seemed fine. I created a restore point on her computer. Also, the program deleted all of her desktop icons.
I was able to restore them and she didn't lose any of her documents/files. Good to go right?
I had the computer for a few days, surfed the web, no problems. I adjusted all of her schedulers to scan often along with uploading updates. Adjusted her Firewall, Antivirus, etc, etc.
She gets the computer home....starts using it no problem, then a different problem. About 100 error message pop-ups....plus a black screen saver with 2 icons (My Computer and Control Panel). I re-scanned the computer it found a few issues but I don't think it found the virus. I tried several utilities to see if they would find the problem....seemd to fix it but still had the black screen and none of her original icons or her backround picture. Also, look slike her files are GONE (or are they just hidden by the virus?). I try to go on-line..I connect no problem but realize the Browser is corrupt. It redirects to false advertising websites.
She has AVG on her computer.....doesn't find it. Tried HiJack this but it comes up with an error saying it can't do what it's supposed to do.
Any ideas? This is a good one...(or a bad one).
She is lost without her computer and I am stumped. Searched the web (on my computer) to research the problem and try to get some fixes but theres so many out there....HELP.
Aslo, I tried to go back to the Restore point I set when I fixed the computer last week....but it the restore point is NOT THERE? A restore point of yesterday was there and no other restore points.....wtf? Oh yeah, it's Windows Vista......I am realizing I hate that Windows System. Too many freakin security prompts.

[iamskippy]

Well my friend, you didnt clean it correctly, these things love to live in old system retore files,also you didnt update everything correctly, after you where done cleaning.

you can try a few different programs in safe modem admin, there is one that escapes, it fix's whats know as the vundo or vundu virus. But down load combo fix and run it in safe mode.

John might chime in on the name of the vundu softwar, and i know its listed in another virus post by someoene else
Posted from my iPhone/Mobile device

[Mugz]

Quote:

Originally Posted by iamskippy

Well my friend, you didnt clean it correctly, these things love to live in old system retore files,also you didnt update everything correctly, after you where done cleaning.

you can try a few different programs in safe modem admin, there is one that escapes, it fix's whats know as the vundo or vundu virus. But down load combo fix and run it in safe mode.

John might chime in on the name of the vundu softwar, and i know its listed in another virus post by someoene else
Posted from my iPhone/Mobile device

Combo fix?

[JohnR]

Quote:

Originally Posted by Mugz

Combo fix?

On XP? Yes. Make sure you have a complete system backup of data files, scanned because you may need them.

Half the time when a system is at the point you list, the wise choice is to wipe and reload. You can sometimes get away with reinstalling over / repairing XP.

[Mugz]

Quote:

Originally Posted by JohnR

On XP? Yes. Make sure you have a complete system backup of data files, scanned because you may need them.

Half the time when a system is at the point you list, the wise choice is to wipe and reload. You can sometimes get away with reinstalling over / repairing XP.

No it's Windows Vista....once I get to a point where I can back up her files, I will do that.....then do a complete reformat.

[Mugz]

Ok, I looked up the Combo Fix for Vista. I will try it.....but I am afraid I could screw something up by deleting something I am not supposed to. I will run it and then do a search on what it comes up with and suggests to delete.

[JohnR]

For Vista - I would not think twice - backup all data and verify access to the apps (Use Belarc Advisor for M$ serial numbers). Tripple check backup and wipe and reload. A clean Vista install, patched with SP2, and then install the apps will work much better than trying to fix. Still not as good as XP or 7, but better.

[iamskippy]

Quote:

Originally Posted by JohnR

Still not as good as XP or 7, but better.

This is completely agree with! Vista = Windows ME = Windows 8

just like 98 se = XP = 7 = ?

damn i will even toss NT4 6 pack = 98 se = XP = 7 = ?

a fresh vista install is always better, then a fixed one, just like windows ME it was never the same. however there is a chance to save it, just slightly slimmer then me.


John that Vundo software i was reffering to is here, but there is one more and its driving me insane.