Autokms

Hi

MS antivirus detected a malware called AUTOKMS that F-Secure didnt detected! Why not?

It krasched my Win 10 and created problems for me. Why?

Lars

Comments

  • UkkoUkko Posts: 3,142 Superuser

    Hello,

     

    Based on Microsoft page:

    https://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=HackTool:Win32/AutoKMS

     quote:

    ----

    ""It can be used to "crack" or patch unregistered copies of Microsoft software""

    ----

     

    And as potentially point that crack (probably can be for another software too) can be with malicious payload.

     

    Anyway... F-Secure time to time can be "not aggresive" about crackers/patchers/hacktools (mainly about situation.. when this is do not comes with malicious payload). Because partly this is "safe".

     

    In your situation I can to feel about some of steps (if detected file known for you and you able to understand how it get to your system):

     

    --> Transfer this file for F-Secure SAS:

    https://www.f-secure.com/en/web/labs_global/submit-a-sample

    For proper understanding.. why there is missing detection.

     

    --> Re-check points under F-Secure installation.

    If there something as F-Secure SAFE/F-Secure Internet-Security:

    Can be helpful: open Main UI of F-Secure, choose "Settings" under main UI;

    There should be settings for "Manual Scanning" - where you able to re-check settings about "scan compressed files" and "advanced scan" (to "check"-status); and optionally "uncheck" option "scan just known types".

     

    And re-run full scan (by Main UI -- Tools-tab -- Choose Scan settings --> Full Scan) or just re-scan this file (maybe F-Secure will detect this... with "advanced scan" settings, which usually can to increase f/p detections).

     

    Sorry for my reply. 

  •   Strange.  All Microsoft is legal even outlook 2016 that I bought recently. All these programs was gone and has to be downloaded from Ms. 

    My f-secure safe doesn't have the feasibility that you mentioned above.

    BR 

    Ukko
  • UkkoUkko Posts: 3,142 Superuser

    Hello,

     

    How I can to understand this detection can be for crack/patch/hacktool to another software too (if for crack/patch something at all).

     

    But also when you mean MS AV... does there Windows Defender? And if yes (or not) - how detection (prompt?) comes for you? And also if there is possible.. maybe you able to open Microsoft AV UI and settings about Quarantine (to re-check... if there will be information, which file is "removed/detected").

    And maybe this is "valid" or know application for you (which can be installed randomly or like "payload" with another software... something like adware; or something else)? And will be more visible.. about something else (but anyway... maybe this information can be more helpful for F-Secure Support - if there should be detection, but did not come; Or just for F-Secure SAS... where they able to do analysis for this file).

     

    Also basically.. if F-Secure SAFE work together with Microsoft AV at real-time scanning (protection).. there is can be some potential mistake between them.

     

    Sorry for my reply.

This discussion has been closed.