KMSEmulator.exe and Malwarebytes?

Malewarebytes keeps finding C:\Windows\KMSEmulator.exe and flagging it as a "Riskware.Tool". I have told it(MBAM) to ignore it, but it keeps getting flagged. The strange thing is that when I try to add KMSEmulator to the 'Ignore List" in MBAM, I can't find it anywhere in the Windows folder. I have my file managers set to show all files, even system and hidden files, but I still can't see the KMSEmulator file. I have added "C:\Windows\AutoKMS.exe to the "Ignore List" but that didn't stop the flagging. Any ideas for getting MBAM to stop flagging this file?

 

You need to login to view this posts content.

 

Sorry to be so long in getting back here. I took your advice and went straight to the source - CODYQX4 via PM. He said that KMSEmulator.exe gets deleted right after booting so that is why it can't be found after telling Malwarebytes to ignore it. I was able to trap it once it found that out. I opened MB while the pop-up window was still open. Went to the "Ignore List" in MB and navigated to "C:\Windows\KMSEmulator.exe" and there it was. Added it to the list and it worked just fine.

Then CODYQX4 told me he had a new Beta 9 version that uses vbc. Got that, uninstalled Office (in the Toolkit only) and then used the EZ-Activator in the Toolkit. Now I don't get any flags from MB even after deleting "C:\Windows\KMSEmulator.exe" from the "Ignore List".

As to why you aren't getting flagged, there could be several reasons - none of which I have a clue about. All I can say is that the first time I saw the flag was on my grandson's new machine that I set up for him. It had Win 7 Home Premium 64 bit. I next saw it when I got my new SSD and installed Win 7 Ultimate 64 bit. I had never seen any flags on my old 32 bit versions of Ultimate. All machines used MB Pro, so the only common thread is 64 bit Windows!

Anyway, all is now well. Thanks again for the help.

jetjock

 

Do you have MBAM set for "Automatic - Delayed Load" under services.msc? (default setting) I changed mine to just "Automatic" so it would load faster. If you have a delayed start, KMSEmulator may be gone by the time it loads and scans.