Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


KMS Connection Broker // Did I Just Download-Install Trojan-Virus-Spy?

  • Please log in to reply
2 replies to this topic

#1 agoodfella


  • Members
  • 10 posts
  • Local time:11:07 AM

Posted 17 August 2013 - 05:03 AM

Hi folks,
First, great forum, it's an awesome resource.
So I recently bought a gamepad for my new Windows 8 PC (and it was a bit buggy on a game that I just installed) and I wanted to check and see if it was working properly. I searched Google and went what I thought was the official Windows 8 App website (yeah, I'm an idiot) and downloaded a program called Joystick Tester, here is the link (oddly, its actually the first search item that pops up) -- the actual site "looks" like an official Windows 8 site, but it's not:
At any rate, the install didn't complete (I don't think), I cancelled halfway through cause it didn't seem kosher (it kept asking me to install other bloatware-like apps). After a bit of digging, found out the app is from a developer called Cheng Du Vtools Information Technology... seems sketchy, I don't know... a quick Google search and they seem to be connected with some kind of quasi-military tech university institution in the PRC? 
At any rate, I have ran Norton Internet Security full scan of my PC and it hasn't come up with anything, however, I did note that after the install, from my Norton logs, there is a process called KMS connection broker which was enabled through my firewall, I Googled this it is a proper MS program, but it's connected to remote desktop application (geez, that's worrying, I don't ever remember enabling this nor do I ever use this)... And I also noted there were several logs related to "Teredo Tunneling Pseudo-Interface" I have never seen before in my logs prior... Now I'm getting worried, so I went to the online scanner site Jotti, and scanned the installer and it found this:
ClamAV found "PUA.Win32.Packer.Upx-28"
esset found "Win23/FreeNew.B"
But, the rest of their scanners "Found Nothing" (a total of 20 others including Kasperksy, TrendMicro, VBA32, AVG, Dr.WEB, etc)
Lastly, the thing is (as far as I can tell) the actual program never installed (there is nothing in the installed programs section which shows this program) and so there isn't a way to "uninstall" -- multiple Norton scans have come up empty... Am I being paranoid? Am I screwed? 
Any thoughts would be helpful. Thanks. 



Edited by agoodfella, 17 August 2013 - 05:06 AM.

BC AdBot (Login to Remove)


#2 agoodfella

  • Topic Starter

  • Members
  • 10 posts
  • Local time:11:07 AM

Posted 17 August 2013 - 07:34 PM

any ideas folks? many thanks... 

#3 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,530 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:10:07 PM

Posted 01 September 2013 - 08:36 PM

Hello and welcome

You probably want this site.

The SppExtComObj.Exe is a KMS Connection Broker.

This file is part of Microsoft® Windows® Operating System. SppExtComObj.Exe is developed by Microsoft Corporation. It’s a system and hidden file. SppExtComObj.Exe is usually located in the %SYSTEM% folder and its usual size is 76,800 bytes.
Do NOT disable.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users