My father downloaded KMSpico app and dozens of Malware and Virus come with it

[sindel]

Hello.

Today my father downloaded the KMSpico activation software. Of course it would come with virus. And it did.

After the installation all kind of useless and unwanted programs were installed, messing with Chrome with adwares, bitcoin miners and etc.

I've already installed Malwarebytes and removed a bunch of them, I also did full scan with Windows Defender and get rid of a lot aswell.

However, I'm still aware of many problems that the malware had:


1- All apps on Windows 10 isn't connecting to the internet. (Edge, Mail app and etc);
2- When I restart Windows and run the scans again, the malware called Adware.Neoreklami.ChrPRST ALWAYS come back (all linked with Google Chrome by the way)
It seems like Chrome itself are "reloading" all malwares again.



Please, what can I do to resolve this issue? Also, what can I do to make sure EVERY malware is officialy uinstalled



Thank you.

 

[canadianvice]

KMS comes with some pretty fundamental access, and given that he got one with malware... keeping his PC safe was not an objective with the raised permissions he would have given KMS.

Back up his files:
ROBOCOPY "<Path to his user dir>" [OR: "C:\Users" for multiple users on the PC] "<removable media>" /E /XD "Temporary Internet Files" "Temporary Files" "%ProgramData%" /XF *.tmp *.msi *.exe *.zip *.rar *.7zip *.jar [note: you may need to google the syntax. IIRC this is correct, but yea... the reason for excluding those directories is because most of that stuff doesn't transfer over anyhow, and it's a hell of a lot of random junk to copy.]



Run it as admin.

This will copy all his user files over EXCEPT problematic extensions like .exe and .zip, to avoid the risk of re-infection.

Following this, you may wish to manually seek out a few files, such as his browser favourites or email files. Look up instructions on google depending on what it is.

Plug it into another PC, preferably one booted into something like Kaspersky Rescue Disk or Linux, and scan everything on it before copying it into his new Windows install. For the browser, the ONLY files I would keep are his bookmarks and his history.

Then you nuke the hard drive and do a clean reinstall of a LEGAL copy of Windows (format all partitions prior - be aware this will destroy any data not backed up). Your system is at the level of "buggered" that most people, myself included, suggest just nuking it for the amount of effort trying to clean it all up is. Make like the lord after an arbitrary moral test of a non-statistically safe sample of the global population, and wipe the slate clean.

 

[sindel]

KMS comes with some pretty fundamental access, and given that he got one with malware... keeping his PC safe was not an objective with the raised permissions he would have given KMS.

Back up his files:
ROBOCOPY "<Path to his user dir>" [OR: "C:\Users" for multiple users on the PC] "<removable media>" /E /XD "Temporary Internet Files" "Temporary Files" "%ProgramData%" /XF *.tmp *.msi *.exe *.zip *.rar *.7zip *.jar [note: you may need to google the syntax. IIRC this is correct, but yea... the reason for excluding those directories is because most of that stuff doesn't transfer over anyhow, and it's a hell of a lot of random junk to copy.]



Run it as admin.

This will copy all his user files over EXCEPT problematic extensions like .exe and .zip, to avoid the risk of re-infection.

Following this, you may wish to manually seek out a few files, such as his browser favourites or email files. Look up instructions on google depending on what it is.

Plug it into another PC, preferably one booted into something like Kaspersky Rescue Disk or Linux, and scan everything on it before copying it into his new Windows install. For the browser, the ONLY files I would keep are his bookmarks and his history.

Then you nuke the hard drive and do a clean reinstall of a LEGAL copy of Windows (format all partitions prior - be aware this will destroy any data not backed up). Your system is at the level of "buggered" that most people, myself included, suggest just nuking it for the amount of effort trying to clean it all up is. Make like the lord after an arbitrary moral test of a non-statistically safe sample of the global population, and wipe the slate clean.

I'm sorry I can't format my PC right now! My internet speeds is poor and I don't have much time to do this 🙁

 

[xtcmax]

1. Download this tool to your flash drive: https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
(make sure you download the right version for your windows)
2. Copy FRST to a flash drive
3. Restart PC into command prompt mode
4. In command prompt type notepad. When notepad opens, click on FILE to find out the letter of your flash drive.
5. Run FRST from the flash drive, it should remove some malware.
6. Download free Malwarebytes scanner and run it on your PC.
7. Download free Malwarebytes anti addware and run it on your PC.

If you don't have time to heal your pc, then I suggest:
1. Do not download files from untrusted sources
2. Do not run .exe installers if you don't know what the hell you downloaded
3. Buy a new PC with legal copy of Windows if you don't have time to clean your current one.

 

[canadianvice]

KMS comes with some pretty fundamental access, and given that he got one with malware... keeping his PC safe was not an objective with the raised permissions he would have given KMS.

Back up his files:
ROBOCOPY "<Path to his user dir>" [OR: "C:\Users" for multiple users on the PC] "<removable media>" /E /XD "Temporary Internet Files" "Temporary Files" "%ProgramData%" /XF *.tmp *.msi *.exe *.zip *.rar *.7zip *.jar [note: you may need to google the syntax. IIRC this is correct, but yea... the reason for excluding those directories is because most of that stuff doesn't transfer over anyhow, and it's a hell of a lot of random junk to copy.]



Run it as admin.

This will copy all his user files over EXCEPT problematic extensions like .exe and .zip, to avoid the risk of re-infection.

Following this, you may wish to manually seek out a few files, such as his browser favourites or email files. Look up instructions on google depending on what it is.

Plug it into another PC, preferably one booted into something like Kaspersky Rescue Disk or Linux, and scan everything on it before copying it into his new Windows install. For the browser, the ONLY files I would keep are his bookmarks and his history.

Then you nuke the hard drive and do a clean reinstall of a LEGAL copy of Windows (format all partitions prior - be aware this will destroy any data not backed up). Your system is at the level of "buggered" that most people, myself included, suggest just nuking it for the amount of effort trying to clean it all up is. Make like the lord after an arbitrary moral test of a non-statistically safe sample of the global population, and wipe the slate clean.

I'm sorry I can't format my PC right now! My internet speeds is poor and I don't have much time to do this 🙁

Well, the fellow above you had a pretty severe virus and seemed to have fixed it, so perhaps try his solution, but the only one I'd expect is "clean" is formatting the PC. Even if you apply his, do not use it for sensitive things or online banking until it is properly formatted. I would also suggest making a copy of the Win10 media on USB so you don't have to worry about download so much in future.

 

[USAFRet]

Please, what can I do to resolve this issue? Also, what can I do to make sure EVERY malware is officialy uinstalled
Thank you.

Get a valid OS, wipe and reinstall.
KMSPico (AKA pirated software) is persona non grata around here.