KMS_VL_ALL_AIO icon indicating copy to clipboard operation
KMS_VL_ALL_AIO copied to clipboard

Potential trojan?

Open SoftColours opened this issue 2 years ago • 27 comments

After downloading and using this to active MS Office, Windows Defender flagged a threat called "Win32/Uwamson.A!ml". Different google results indicate that this is either a trojan, ransomware or just a false positive. I was able to quarantine and remove it without any problems, but I thought I'd bring it up here just in case.

SoftColours avatar Dec 03 '21 14:12 SoftColours

False positive. One thing Defender is particularly good at is detecting activators for Micro$oft's own products.

KcrPL avatar Dec 03 '21 15:12 KcrPL

False positive.

Francismori7 avatar Dec 03 '21 15:12 Francismori7

False positive

ChrisChrome avatar Dec 09 '21 20:12 ChrisChrome

False positive

greysilly7 avatar Dec 09 '21 20:12 greysilly7

Could really do with some help as Eset security keeps removing the KMS_VL_ALL_AIO even after excluding it. I have installed ok with eset disabled but does any one know how to set up exclusions in eset properly as I seem to be missing something here!. in Quarantine, Restore and exclude from scanning is greyed out for thsi file and I can't find any info on how to get that working eset are no help, I'm eally starting to dislike eset lately. also concerned that even though I have excluded SppExtComObjHook.dll that eset will still ignor the exclusion and stop that working. any help here would be really appreciated. has any one else got this file working with eset!.

CitizenDroid avatar Dec 11 '21 13:12 CitizenDroid

Could really do with some help as Eset security keeps removing the KMS_VL_ALL_AIO even after excluding it. I have installed ok with eset disabled but does any one know how to set up exclusions in eset properly as I seem to be missing something here!. in Quarantine, Restore and exclude from scanning is greyed out for thsi file and I can't find any info on how to get that working eset are no help, I'm eally starting to dislike eset lately. also concerned that even though I have excluded SppExtComObjHook.dll that eset will still ignor the exclusion and stop that working. any help here would be really appreciated. has any one else got this file working with eset!.

ESET Endpoint Security is managed by an ESET Protect server in which you now create the exclusions and they get sent through the agents to your endpoints.

From what I can tell you, SppExtComObjHook.dll is not flagged when it renews the KMS licence periodically, VMs have no issue renewing their licence even without the file excluded, just setting up the auto renewal at the beginning gets flagged

Francismori7 avatar Dec 11 '21 14:12 Francismori7

Could really do with some help as Eset security keeps removing the KMS_VL_ALL_AIO even after excluding it. I have installed ok with eset disabled but does any one know how to set up exclusions in eset properly as I seem to be missing something here!. in Quarantine, Restore and exclude from scanning is greyed out for thsi file and I can't find any info on how to get that working eset are no help, I'm eally starting to dislike eset lately. also concerned that even though I have excluded SppExtComObjHook.dll that eset will still ignor the exclusion and stop that working. any help here would be really appreciated. has any one else got this file working with eset!.

ESET Endpoint Security is managed by an ESET Protect server in which you now create the exclusions and they get sent through the agents to your endpoints.

From what I can tell you, SppExtComObjHook.dll is not flagged when it renews the KMS licence periodically, VMs have no issue renewing their licence even without the file excluded, just setting up the auto renewal at the beginning gets flagged

Thanks for the info well appreciated. at least I don't have to worry about the SppExtComObjHook.dll file which is handy as for the other part I have kept the KMS_VL_ALL_AIO in a zipped file and eset seems to leave that alone so at least I know I just have to disable eset while installing. Does that mean once it's sent to endpoints eset will eventually stop flagging the file! again many thanks for your reply.

CitizenDroid avatar Dec 11 '21 14:12 CitizenDroid

Could really do with some help as Eset security keeps removing the KMS_VL_ALL_AIO even after excluding it. I have installed ok with eset disabled but does any one know how to set up exclusions in eset properly as I seem to be missing something here!. in Quarantine, Restore and exclude from scanning is greyed out for thsi file and I can't find any info on how to get that working eset are no help, I'm eally starting to dislike eset lately. also concerned that even though I have excluded SppExtComObjHook.dll that eset will still ignor the exclusion and stop that working. any help here would be really appreciated. has any one else got this file working with eset!.

ESET Endpoint Security is managed by an ESET Protect server in which you now create the exclusions and they get sent through the agents to your endpoints. From what I can tell you, SppExtComObjHook.dll is not flagged when it renews the KMS licence periodically, VMs have no issue renewing their licence even without the file excluded, just setting up the auto renewal at the beginning gets flagged

Thanks for the info well appreciated. at least I don't have to worry about the SppExtComObjHook.dll file which is handy as for the other part I have kept the KMS_VL_ALL_AIO in a zipped file and eset seems to leave that alone so at least I know I just have to disable eset while installing. Does that mean once it's sent to endpoints eset will eventually stop flagging the file! again many thanks for your reply.

Yep! The exclusion gets sent and will apply straight away. I no longer need to disable ESET at all

Francismori7 avatar Dec 11 '21 21:12 Francismori7

Thanks so much for clearing that up for me I hope that is the case eventually! but have added KMS_VL_ALL_AIO.cmd and just KMS_VL_ALL_AIO to both Performance and Detection exclusions but it's still quarantining the file when I click on it but as long as it doesn't pick up SppExtComObjHook.dll doing it's job I don't mind have added that as well. just have to keep the file zipped and turn off AV before installing but hopefully it kicks in with endpoints and leaves it alone, I've been testing differant software so hence my need to silence AV as eset is getting on my last nerve :/ . cheers for that at least I know what it is supposed to do! :)

CitizenDroid avatar Dec 12 '21 12:12 CitizenDroid

Allow me to rephrase that :) seems to have finally kicked hooray. I just tried again after posting comment lol and eset haven't eaten it wow . did take quite a while though not sure why that was!. again thanks for your help really appreciated. Regards

CitizenDroid avatar Dec 12 '21 12:12 CitizenDroid

Issue can be closed https://www.virustotal.com/gui/file/e4834aaf04092bbd62048c9182a9d92fd527f900c72666d1e9f2dabbc6dddd03 running latest Microsoft Defender on W11 results no false positives :-)

Macleykun avatar Jan 08 '22 18:01 Macleykun

Issue can be closed https://www.virustotal.com/gui/file/e4834aaf04092bbd62048c9182a9d92fd527f900c72666d1e9f2dabbc6dddd03 running latest Microsoft Defender on W11 results no false positives :-)

It's not that I'm worried about this any more as I have pretty much given up trying as I thought it had stopped!!. but it's still flagging it up looks like exclusions not being accepted for what ever reason no matter how many times I add it. starting to really dislike eset. I have never had problems with eset like this before it has always been easy to control and have used many cracks, trainers and patches with no issues after adding them to list if needed. would complain to eset but whats the point they would only suck more of my life away with pointless BS emails. thank you though for trying to help and enlighten me was much appreciated. Kind regards

CitizenDroid avatar Jan 11 '22 13:01 CitizenDroid

Issue can be closed https://www.virustotal.com/gui/file/e4834aaf04092bbd62048c9182a9d92fd527f900c72666d1e9f2dabbc6dddd03 running latest Microsoft Defender on W11 results no false positives :-)

It's not that I'm worried about this any more as I have pretty much given up trying as I thought it had stopped!!. but it's still flagging it up looks like exclusions not being accepted for what ever reason no matter how many times I add it. starting to really dislike eset. I have never had problems with eset like this before it has always been easy to control and have used many cracks, trainers and patches with no issues after adding them to list if needed. would complain to eset but whats the point they would only suck more of my life away with pointless BS emails. thank you though for trying to help and enlighten me was much appreciated. Kind regards

Some antivirus really hates the windows activator. That's why I had installed Kaspersky but its license got expired back in 2019 so for now I have added Avast but planning to remove them aswell. I always disable windows defender as it's naggy as hell.

I have used that same script in 5 devices including mine (Windows Defender, Avast, Kaspersky) not one single reported as malware nor removed it. Maybe change the antivirus?

DeathGOD7 avatar Jan 13 '22 14:01 DeathGOD7

Yer as I said not really worried about it being a malware as such as I know most AVs pick up activators, patches and allot of game trainers even ones I know are 100% safe, this thread was more about trying and get Eset to stop being a massive pain the the arse and exclude a file when told to but like most software and governments today just seem to want to force their wants on you :/ which Eset now seems to be no exception. it used to be bang on software and never flagged trainers or cracks but now it's just picking up everything maybe their being paid to embarrass the wants of the copyright brigade, who knows. anyway pretty much given up with asking Eset to exclude it just doesn't want to comply. might think twice about installing Eset again when it acts as stroppy as all the freeware. thanks for the input :)

CitizenDroid avatar Jan 13 '22 17:01 CitizenDroid

@Francismori7 @KcrPL @ChrisChrome @CitizenDroid

First of all, I don't know much about batch file language.

But can you guys tell me the meaning of the code between line number 3979 to 4722 ( stated below )? it looks like some hidden encoded malicious code with some decoded function.

https://github.com/abbodi1406/KMS_VL_ALL_AIO/blob/d03dbff05e9a2aadff32762ab95fcef1d10e50f0/KMS_VL_ALL_AIO.cmd#L3979

https://github.com/abbodi1406/KMS_VL_ALL_AIO/blob/d03dbff05e9a2aadff32762ab95fcef1d10e50f0/KMS_VL_ALL_AIO.cmd#L4722

parth-8vgft avatar May 18 '22 04:05 parth-8vgft

From read me,

image https://github.com/AveYo/Compressed2TXT

The traditional pack is posted here https://forums.mydigitallife.net/posts/838808/

WindowsAddict avatar May 18 '22 05:05 WindowsAddict

Windows Defender resulted this activator as a virus.

ChaseKnowlden avatar Mar 31 '24 16:03 ChaseKnowlden

Windows Defender resulted this activator as a virus.

It was discussed hundred of times. Read the discussion!

radoslew avatar Mar 31 '24 18:03 radoslew

While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back

CitizenDroid avatar Apr 01 '24 07:04 CitizenDroid

While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back

Doesn't make it worth the time nor the hassle, a total waste of a rant.

rautamiekka avatar Apr 01 '24 08:04 rautamiekka

While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back

Doesn't make it worth the time nor the hassle, a total waste of a rant.

Much like your pointless comment! but here you are still taking the time and hassle replying to something that you need not! what a Knobend!.

CitizenDroid avatar Apr 01 '24 09:04 CitizenDroid

While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back

You cannot use W7 keys to activate new versions of Windows anymore. Maybe you should learn something first and then try to teach someone else.

radoslew avatar Apr 01 '24 19:04 radoslew

While once upon a time it was handy using cracks like this it’s not really needed anymore you can obtain a licence via ebay or other sites offering ms office and loads of other usefull software at a Rez till of the normal cost just Google it the hard legit licences I paid £12 fof office so why take any risk any more. You don’t need to bug a as licence for windows so don’t bdd ed filled use your old windows licence it will activate windows 10 or 11 you can check places like kinguin. net for legit stuff and other sites like it don’t use Etsy they allow cracked bent software and ard a pin to get your money back

You cannot use W7 keys to activate new versions of Windows anymore. Maybe you should learn something first and then try to teach someone else.

Jesus do sad little twats like you just troll people because your bird of life or does it make you feel clever and important. even if that’s true had it harmed any one ! F***ing sad twat

CitizenDroid avatar Apr 02 '24 07:04 CitizenDroid