Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HackTool virus


  • Please log in to reply
15 replies to this topic

#1 Magic Sam

Magic Sam

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 25 January 2015 - 11:48 AM

Frantic phone call from my relatives who* appear to have been infected by "HackTool:win32/AutoKMS" which is particularly aggressive and able to hack into their bank accounts.  It appears to have got round MacAfee and defies other AV programs.  I have suggested they try downloading Malwarebytes if necessary via a USB stick.  Does anyone recognize this one and is there a dedicated removal (and prevention!) tool??

Thanks

* their 2 PC's not them in person ..



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:05:14 PM

Posted 25 January 2015 - 12:19 PM

Have you tried this solution? http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=HackTool:Win32/AutoKMS


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 25 January 2015 - 12:48 PM

Tks - I have relayed your link plus contents to my relatives.  There seems to be some contradiction in that your link implies that the virus is a fairly low level one-year-old threat installed by the "victim" trying to use unauthorized MS programs, whilst the "latest" HackTool seems to have come from nowhere and can get access to bank accounts etc.  It looks like two different animals using the same or a very similar name.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 25 January 2015 - 02:05 PM

A Hack Tool is typically a program, crack, or keygen used by hackers for activating/installing pirated software or to gain access to a computer without authorization.However, some administrative tools may be detected as Risk Tool, or Hacking tool because they have the potential of being misued by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. Since these detections do not necessarily mean the file is malicious or a bad program, in some cases the detection may be a "false positive". If you installed or recognize the program, then you can ignore the detection. If not, then you need to investigate further.

These types of detections are not an infection in the typical sense...meaning they are not in the same category as infectious malware which includes viruses, worms, Trojans, rootkis and bots.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 25 January 2015 - 02:59 PM

I get the impression that what my relatives are experiencing is in your words the result of a Hack Tool, rather than a Risk / Hacking Tool.  

They are convinced that it is a trojan that can "watch" when they are accessing their bank accounts that, as I said, seems to have got  through MacAfee.



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 25 January 2015 - 04:33 PM

The detection should have identified a specific file name associated with the threat and it's full path (location). Knowing that information will help you determine more about it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 26 January 2015 - 02:30 PM

It now turns out that this was a false alarm - misunderstanding - confusion as is the way in life.  Apologies for misleading correspondents.  But I suppose the lesson to be taken from this is for my relatives to install Malwarebytes in addition to their standard AV?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 26 January 2015 - 04:09 PM

Yes an anti-virus program is not enough these days and you need anti-malware software to supplement it.

However, after using any security tools you should always be cautious of scanning results before taking action. Why? If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Some security programs have high detection rates especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list if you were not too quick to delete it from quarantine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 26 January 2015 - 05:02 PM

Yes this does get a bit complicated for the layman.  I run MWB (the free version) from time to time on my PC and I think it has a heuristics feature.  It is probably a case of which is the lesser of the two evils (no scan or scan and delete false positives).  I have noted on the MWB site that they offer us various other (free) downloads in addition - very generous of them - and I am toying with the idea of taking full advantage of what is on offer.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 26 January 2015 - 05:05 PM


See my comments in Supplementing your Anti-Virus Program with Anti-Malware Tools as to why I recommend Malwarebytes Anti-Malware Pro (and/or Emsisoft Anti-Malware).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 26 January 2015 - 05:36 PM

Thanks for the link to such an exhaustive piece of research and compilation.  In the end one is spoilt for choice .. :) :(

I was under the obviously mistaken impression that MWB Premium / paid for would conflict with my Avast AV so have to date not opted for the former.  I may now reconsider.

I am running a deliberate risk of still using Office 2003 programs albeit now within Windows 7 (previously XP) so I have to decide what additional precautions are advisable even if no substitute for more current MS-supported programs. MWB Pro and/or one of the other MWB products might help tilt the balance somewhat



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 26 January 2015 - 06:15 PM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 27 January 2015 - 11:32 AM

Based on what you say I will take the Premium version of MWB also.  Beyond which, thinking of the specific "risk" of running outdated software which I have exposed myself to, is there any other individual defence tool in your comprehensive listing that I should be considering? Or, as I suspect, do they all contribute to one's general defences without targeting any specific threat (within of course their respective categories, malware, spyware etc)?



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 PM

Posted 27 January 2015 - 01:08 PM

I use ESET NOD32 Anti-Virus and Emsisoft Anti-Malware on each of my two Windows 7 machines.

I also use the following to supplement the above and for additional security:

Calendar Of Updates is an excellent resource to check on a daily basis for updates to popular programs. Also see How to detect vulnerable and out-dated programs using Secunia PSI.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 Magic Sam

Magic Sam
  • Topic Starter

  • Members
  • 225 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brigadoon (Co Durham, UK)
  • Local time:12:14 AM

Posted 27 January 2015 - 02:55 PM

Wow that's quite a list.  Many of those I can recognize and can emulate e.g. by adding Emsisoft to MWB Pro.

 

Question however: In the past I was dogged by  l o n g  boot times (on a different PC) and I had a suspicion (unproven) that much of this could be due to SuperantiSpyware Free doing its automatic pre-loading scans.  The same with WinPatrol. In the end I uninstalled both.  The same could apply to any program that is triggered on startup. Can I ask if you have experienced this with any of the programs in your latest post?

 

You say that SAS is on demand and that is what I took it to be.  However I did get the impression that in this respect it was not entirely dormant until "demanded".  Again does not MWB Pro do something in "real" (?) time which would have this same effect?  It is obviously a matter of striking a workable balance between additional protection and not having to wait for ages in order to get access to one's PC.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users