VersionsVersions 1.27% 1.27% 3.80% 1.27% 13.92% 34.18% 1.27% 8.86% 1.27% 3.80% 2.53% 20.25% 6.33%



Remove AutoKMS.exe
Warning 190 antivirus scanners has detected malware in various versions of AutoKMS.exe.


autokms.exe has 13 known versions, the most recent one is During installation, a run registry key for all users is added that will cause the program to run each time any user logs on to Windows. In order execute the program with adminsitrator rights and prevent a UAC prompt, the program will add a job to the Windows Task Scheduler that will automtaiclaly start it when a user logs on. The average file size is about 1.82 MB. This is a .NET Common Language Runtime (CLR) assembly.


File name:autokms.exe
Product name:AutoKMS
Typical file path:C:\windows\autokms\autokms.exe


(Note, the behaviors below are for all versions of autokms.exe, select a unique version for details.)
Scheduled tasks
  • The job 'AutoKMSCustom' runs daily in the path '\AutoKMSCustom'
  • The task 'AutoKMSDaily' runs daily in the path '\AutoKMSDaily'
  • The job 'AutoKMS' runs daily in the path '\AutoKMS'
  • Entry path '\AutoKMSDaily'
  • Entry path '\AutoKMS'
  • Entry path 'C:\WINDOWS\Tasks\AutoKMS.job'
Scheduled tasks startups
Set to load on user login (bypasses Windows UAC if enabled)
  • Login entry path '\AutoKMS'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'AutoKMS' → C:\WINDOWS\AutoKMS.exe

MalwareMalware detections

Based on 40+ industry antivirus scanners, 190 of them detected the following malware.
Antivirus engineEngine versionDetectionFile version
Agnitum Trojan.Meredrop!Fzg3EZJAohU
Agnitum Trojan.Meredrop!FRcm9CKzHag
Agnitum Trojan.DR.Agent!vUMtdLQQGW8
Agnitum Trojan.Gendal!1f/JuUgpm9g
Agnitum Trojan.Meredrop!pMjFc1ZBsZw
Agnitum Trojan.DR.Agent!LrNEZV2Q4uQ
Agnitum Trojan.Meredrop!b2VmcmZh45I
AhnLab V3 Internet Security 2013.04.04.04 Trojan/Win32.Gen
AhnLab V3 Internet Security 2013.07.10 Trojan/Win32.Gen
AhnLab V3 Internet Security 2013.07.05 Win-AppCare/Hacktool.647168.B
Avira AntiVir TR/Meredrop.A.10879
Avira AntiVir TR/Dropper.Gen
Avira AntiVir TR/Meredrop.A.8924
Avira AntiVir TR/Dropper.Gen
Avira AntiVir SPR/Tool.Keygen.BI.38
Antiy Labs AVL Trojan/win32.agent.gen
Antiy Labs AVL Trojan/Win32.Pakes.gen
avast! 6.0.1289.0 Win32:PUP-gen [PUP]
avast! 6.0.1289.0 Win32:PUP-gen [PUP]
avast! 6.0.1289.0 Win32:PUP-gen [PUP]
avast! 8.0.1489.320 Win32:PUP-gen [PUP]
avast! 8.0.1489.320 Win32:PUP-gen [PUP]
AVG 2014.0.3629 Generic22.GWB
AVG 2014.0.3629 Generic23.BLCV
AVG 2014.0.3629 HackTool.TEO
AVG 2014.0.3629 Generic23.CYP
AVG 2014.0.3629 Generic19.AVDB
AVG 2014.0.3629 Dropper.Generic4.NFC
AVG 2014.0.3629 Generic20.AIOK
Baidu Antivirus Malware.Win32.Activator.42
BitDefender 7.2 Trojan.Generic.5963867
BitDefender 7.2 Application.Keygen.BY
BitDefender 7.2 Trojan.Generic.6325903
Bkav Security W32.RadusateW.Trojan
CAT Quick Heal Trojan.Meredrop
CAT Quick Heal Trojan.Meredrop
Commtouch W32/Trojan.HIML-8905
Commtouch W32/Trojan.PUGW-4060
Commtouch W32/Trojan.IOLG-8678
Commtouch W32/Trojan.XSZZ-7616
Commtouch W32/Risk.IALF-3386
Commtouch W32/Trojan.WNVD-6506
Commtouch W32/Risk.SRKH-7905
Commtouch W32/Trojan.IRFE-3779
Comodo Internet Security 15736 UnclassifiedMalware
Comodo Internet Security 15806 UnclassifiedMalware
Comodo Internet Security 15943 UnclassifiedMalware
Comodo Internet Security 15875 UnclassifiedMalware
Comodo Internet Security 15977 UnclassifiedMalware
Comodo Internet Security 16572 UnclassifiedMalware
Comodo Internet Security 16548 UnclassifiedMalware
Comodo Internet Security 17056 UnclassifiedMalware
Dr.Web Trojan.Inject1.6910
Dr.Web Trojan.MulDrop4.36254
Dr.Web Trojan.MulDrop4.57531
Emsisoft Anti-Malware Trojan.Generic.5963867 (B)
Emsisoft Anti-Malware Application.Keygen.BY (B)
Emsisoft Anti-Malware Trojan.Generic.6325903 (B)
eSafe Win32.SPRTool.Keygen
eSafe Win32.Trojan
eSafe Win32.TRDropper
eSafe Win32.Trojan
eSafe Win32.TRDropper
eSafe Win32.Trojan
ESET NOD32 7.8172 a variant of Win32/HackKMS.B
ESET NOD32 7.8193 a variant of Win32/HackKMS.B
ESET NOD32 7.8231 a variant of Win32/HackKMS.B
ESET NOD32 7.8211 a variant of Win32/HackKMS.B
ESET NOD32 7.8243 Win32/HackKMS.A
ESET NOD32 7.8547 a variant of Win32/HackKMS.B
ESET NOD32 7.8529 a variant of Win32/HackKMS.B
Fortinet W32/SPNR.1CJI11!tr
Fortinet W32/Malware_fam.NB
Fortinet W32/CrackOffice.0A24!tr
Fortinet W32/Dx.UQG!tr
Fortinet W32/Dropper.DGT!tr
Fortinet W32/Generic!tr
F-Prot v6. W32/MalwareF.OISJ
F-Prot v6. W32/MalwareF.TCON
F-Secure 11.0.19020.35 Trojan.Generic.5963867
F-Secure 11.0.19020.35 Application.Keygen.BY
F-Secure 11.0.19100.45 Trojan.Generic.6325903
G Data 13.4.22 Trojan.Generic.5963867
G Data 13.4.22 Application.Keygen.BY
G Data 13.7.22 Trojan.Generic.6325903
Ikarus T3. not-a-virus.Actiavtion.KMS
Ikarus T3. possible-Threat.Tool.Keygen
Ikarus T3. not-a-virus:Activator.MSOffice
Ikarus T3. not-a-virus.Keygen.KMS
Ikarus T3. possible-Threat.Patch.KMS
Ikarus T3. possible-Threat.Tool.Keygen
Ikarus T3. possible-Threat.ActivationTool.KMS
K7 AntiVirus 9.164.8447 Riskware
K7 AntiVirus 9.164.8499 Riskware
K7 AntiVirus 9.164.8548 Riskware
K7 AntiVirus 9.170.8983 Riskware
K7 AntiVirus 9.170.8961 Riskware
K7 AntiVirus 9.173.9789 Trojan
K7GW Riskware
K7GW Riskware
K7GW Trojan
Kaspersky UDS:DangerousObject.Multi.Generic
Kingsoft 2013.4.9.267 Win32.Troj.Generic.a.(kcloud)
Malwarebytes Trojan.AutoKMS
Malwarebytes Trojan.Agent.H
Malwarebytes Riskware.Keygen
Malwarebytes Riskware.Keygen
McAfee 5.400.1158 Generic Dropper!1f3
McAfee 5.400.1158 Generic Dropper!dvv
McAfee 5.400.1158 Generic KeyGen
McAfee 5.400.1158 Generic PUP.z!gp
McAfee 5.400.1158 Generic.dx!uqg
McAfee 5.400.1158 Artemis!49BB8D0B9E07
McAfee 5.400.1158 Crack-Generic
McAfee 5.600.1067 Artemis!D4F602B1F775
McAfee Gateway Anti-Malware v2012.1-dat Generic Dropper!1f3
McAfee Gateway Anti-Malware v2012.1-dat Generic Dropper!dvv
McAfee Gateway Anti-Malware v2012.1-dat Generic KeyGen
McAfee Gateway Anti-Malware v2012.1-dat Generic PUP.z!gp
McAfee Gateway Anti-Malware v2012.1-dat Generic.dx!uqg
McAfee Gateway Anti-Malware v2013-dat Artemis!49BB8D0B9E07
McAfee Gateway Anti-Malware v2013-dat Crack-Generic
McAfee Gateway Anti-Malware v2013-dat Artemis!D4F602B1F775
Microsoft Security Essentials 1.9302.0 HackTool:Win32/Keygen
Microsoft Security Essentials 1.9302.0 HackTool:Win32/Keygen
Microsoft Security Essentials 1.9302.0 HackTool:Win32/Keygen
Microsoft Security Essentials 1.9402.0 HackTool:Win32/Keygen
Microsoft Security Essentials 1.9607.0 HackTool:Win32/Keygen
Microsoft Security Essentials 1.9607.0 HackTool:Win32/Keygen
eScan by MicroWorld Trojan.Generic.5963867
eScan by MicroWorld Application.Keygen.BY
NANO AntiVirus Trojan.Win32.Meredrop.zevmu
NANO AntiVirus Trojan.Win32.MLW.dzbvf
Norman 7.00.22 Suspicious_Gen2.MKFVJ
Norman 7.00.22 Suspicious_Gen2.NPCVJ
Norman 7.00.22 Suspicious_Gen2.PQUNW
Norman 7.00.22 Suspicious_Gen2.NOZBW
Norman 7.00.22 Suspicious_Gen2.ENOUR
Norman 7.01.04 Suspicious_Gen2.PSYEM
Norman 7.01.04 Suspicious_Gen2.FMSYS
Norman 7.02.06 Suspicious_Gen5.SENU
nProtect 2013-03-28.01 Trojan.Generic.5963867
Panda Antivirus Generic Malware
Panda Antivirus Generic Trojan
Panda Antivirus Generic Trojan
Panda Antivirus Generic Trojan
Panda Antivirus Trj/OCJ.D
PC Tools Trojan.Gen
PC Tools Trojan.Gen
PC Tools Trojan.Gen
PC Tools Trojan.Gen
Rising Antivirus Trojan.Win32.Generic.12A30279
Rising Antivirus Trojan.Win32.Generic.129A33EC
Rising Antivirus Trojan.Win32.Generic.1462B887
Sophos 4.87.0 Mal/Meredrop-B
Sophos 4.87.0 Mal/Meredrop-B
Sophos 4.87.0 Troj/AutoKMS-A
Sophos 4.88.0 Mal/Keygen-N
Sophos 4.90.0 Generic PUA CO
Sophos 4.90.0 Troj/Keygen-EI
Sophos 4.93.0 Troj/AutoKMS-A
Symantec 20121.3.0.76 WS.Reputation.1
Symantec 20121.3.0.76 Trojan.Gen
Symantec 20121.3.0.76 Trojan.Gen
Symantec 20131.1.0.101 Trojan.Gen
Symantec 20131.1.0.101 Trojan.Gen.2
Trend Micro 9.740.0.1012 TROJ_SPNR.1CJI11
Trend Micro 9.740.0.1012 TROJ_SPNR.0BGS11
Trend Micro 9.740.0.1012 HKTL_HACKMS
Trend Micro 9.740.0.1012 TROJ_SPNR.0BJS11
Trend Micro 9.740.0.1012 CRCK_KEYGEN
Trend Micro 9.740.0.1012 CRCK_ACTIVATE
Trend Micro 9.740.0.1012 TROJ_SPNR.04CI11
Trend Micro 9.740.0.1012 TROJ_SPNR.1CD213
Trend Micro HouseCall 9.700.0.1001 TROJ_SPNR.1CJI11
Trend Micro HouseCall 9.700.0.1001 TROJ_SPNR.0BGS11
Trend Micro HouseCall 9.700.0.1001 HKTL_HACKMS
Trend Micro HouseCall 9.700.0.1001 TROJ_SPNR.0BJS11
Trend Micro HouseCall 9.700.0.1001 CRCK_KEYGEN
Trend Micro HouseCall 9.700.0.1001 CRCK_ACTIVATE
Trend Micro HouseCall 9.700.0.1001 TROJ_SPNR.04CI11
Trend Micro HouseCall 9.700.0.1001 TROJ_SPNR.1CD213
VIPRE Antivirus 16356 Trojan.Win32.Generic!BT
VIPRE Antivirus 16550 Trojan.Win32.Generic!BT
VIPRE Antivirus 16902 Trojan.Win32.Generic!BT
VIPRE Antivirus 16716 Trojan.Win32.Generic!BT
VIPRE Antivirus 16986 Trojan.Win32.Generic!BT
VIPRE Antivirus 19442 Trojan.Win32.Meredrop
VIPRE Antivirus 19310 Trojan.Win32.Generic!BT
VIPRE Antivirus 22110 Trojan.Win32.Generic!BT

VersionsAll file variations of autokms.exe

MD5SHA-1File size
140237ba8bd1aac665893a4a456abdd9 390f9e10b6dfa38817bbd3364592f203bdb2171b 3.56 MB
27e88911bbfcafa73b55d723924c2533 504ec6a8a49f33326445dd2890eb0a09ff9c5fa9 3.67 MB
4e8c983215115036c46841ffb51562a1 5f97872a4b80596bd454f3b17abebcc128bf8823 2.69 MB
a1ba1862ed87d09ddcd36f878392ca47 2e2313ac534f308f99ff646c9683e111f2b78284 3.01 MB
d4f602b1f775b5827932d3c5b04a3fd2 8baaf0b8c8bc4f1bbc4e3d1e02b3516805c1690c 3.22 MB
07605abeb10fc533881c91f19decf69a 13ee8c9fce6f74512dcd188cca0655c5ede37612 1.83 MB
49bb8d0b9e079745aa18becb7f36feaf 2e21725796379cdc73f5666f4d910fc343d7c6db 1.83 MB
3cb03c134f7307866b3c52735cdfae76 53d5c81eee1d9397ad6657088a49d72343022203 717 KB
5f8661f8550d9c66073ef49c1bbbaf8b 81f5010e7b4dbd49c66abc46a3ddda996a95f590 714.5 KB
901306b7ca56b1214a88087d224bf145 8ceb9933d8b7da5366012b5b26985e56c37c2523 712 KB
df608bdb810684df278ba5e0c38c8885 66a815e5ebc64c21f961bf031f8d701881603b0d 601.5 KB
e529a1ba814ab5afa5068db7e487b4ba 6faf21e89147e54d02eb3daae1c7149de7361d94 632 KB
0ed398a4d031b9cfb10e3fedf97ad836 5c56fa5d01314c7c9ba9000611e23f9c9bf8f5ba 600 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 7 Ultimate 32.91%
Windows 7 Home Premium 16.46%
Windows 8 7.59%
Windows 7 Professional 7.59%
Windows 8 Pro 7.59%
Windows 8.1 5.06%
Windows 8.1 Pro with Media Center 3.80%
Windows 8.1 Single Language 2.53%
Windows 8 Enterprise N 2.53%
Microsoft Windows XP 2.53%
Windows 7 Enterprise 2.53%
Windows 7 Starter 2.53%
Windows 8 Enterprise 2.53%
Windows 8.1 Pro 1.27%
Windows 8.1 Pro Preview with Media Center 1.27%
Windows 7 Home Basic 1.27%

Distribution by countryDistribution by country

United States installs about 11.39% of AutoKMS.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Lenovo 33.71%
ASUS 15.73%
Toshiba 13.48%
Acer 8.99%
Hewlett-Packard 7.87%
Intel 4.49%
Dell 4.49%
American Megatrends 3.37%
Samsung 3.37%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE