How to remove “HackTool:Win32/AutoKMS!rfn”?

Malware Removal

The HackTool:Win32/AutoKMS!rfn is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware - Review 2020

GridinSoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend to use GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the TRIAL period.
6-day free trial available.

What HackTool:Win32/AutoKMS!rfn virus can do?

  • Executable code extraction
  • Creates RWX memory
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Network activity detected but not expressed in API logs

How to determine HackTool:Win32/AutoKMS!rfn?


File Info:

crc32: AC99A36B
md5: 13d25a51b50204fed71bc37f428f8c91
name: oem8.exe
sha1: b4f9a4ef3f25b1f78730ca289ef2a1a69d646cd8
sha256: d74706b32d5e6c925613898b90d6f21ca02aea19a0e45317e35683c596ec78d0
sha512: 59852d5d1168aba602f190af7432fa19a68c9f5f9de88974a39c8a3d2a1eac86ef69b8fa130caa372b0705d258d9792bc5d5ffc8e499934f7635e17d58c1959e
ssdeep: 24576:Fmqi5owsG8K8IGMaoZOexByLVLTIV1dw4Ut020KBuUEwqpuX0msXXHt:FgRZnZO7IzBUt0xK9EwqpuX0VXXN
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:

FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0
Translation: 0x0409 0x04e4

HackTool:Win32/AutoKMS!rfn also known as:

CAT-QuickHealRisktool.Procpatcher
McAfeeArtemis!13D25A51B502
CylanceUnsafe
VIPRETrojan.Win32.Generic!BT
K7AntiVirusUnwanted-Program ( 004d38111 )
K7GWUnwanted-Program ( 004d38111 )
Cybereasonmalicious.f3f25b
Invinceaheuristic
SymantecML.Attribute.HighConfidence
ESET-NOD32a variant of Win32/StartPage.AOU
APEXMalicious
Paloaltogeneric.ml
Kasperskynot-a-virus:RiskTool.Win64.ProcPatcher.a
AlibabaHackTool:Win32/ProcPatcher.eeb93651
RisingTrojan.StartPage!8.B (CLOUD)
Endgamemalicious (moderate confidence)
ZillyaTrojan.AntiAV.Win32.8665
TrendMicroTROJ_GEN.R002C0PKR19
McAfee-GW-EditionBehavesLike.Win32.PUP.tc
FortinetRiskware/ProcPatcher
Trapminesuspicious.low.ml.score
FireEyeGeneric.mg.13d25a51b50204fe
SophosKMS Activator (PUA)
SentinelOneDFI – Suspicious PE
JiangminRiskTool.ProcPatcher.ni
WebrootW32.Malware.Heur
Antiy-AVLRiskWare[RiskTool]/Win64.ProcPatcher
MicrosoftHackTool:Win32/AutoKMS!rfn
ZoneAlarmnot-a-virus:RiskTool.Win64.ProcPatcher.a
AhnLab-V3Trojan/Win32.Gen.R99303
VBA32Backdoor.RMS
TrendMicro-HouseCallTROJ_GEN.R002C0PKR19
YandexPUP.Agent!
eGambitGeneric.Dropper
GDataWin32.Trojan.Agent.J62PSF
BitDefenderThetaGen:NN.ZelphiF.34082.o10ba0dAr@nj
AVGWin32:Malware-gen
AvastWin32:Malware-gen
CrowdStrikewin/malicious_confidence_70% (D)
Qihoo-360Win32/Trojan.d54

How to remove HackTool:Win32/AutoKMS!rfn?

HackTool:Win32/AutoKMS!rfn removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

Leave a Comment