How to remove #MSELDI_000.EXE

#MSELDI_000.EXE

The module #MSELDI_000.EXE has been detected as Crack.AutoKMS

#MSELDI_000.EXE
Remove #MSELDI_000.EXE

File Details

Product Name:

KMS GUI ELDI
Company Name:

@ByELDI
MD5: ea4137f439c07464c8094c90fce47084
Size: 903 KB
First Published: 2017-05-21 23:06:54 (8 years ago)
Latest Published: 2025-06-12 23:00:57 (2 days ago)
Status: Crack.AutoKMS (on last analysis)
Analysis Date: 2025-06-12 23:00:57 (2 days ago)

Overview

Signed By: @ByELDI
Status: Valid

Common Places:

%programfiles%\kmspico
%sysdrive%\kmspico
%appdata%\zhp\quarantine\kmspico
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$rdw6vyf\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$rqr1qwz\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$r0yoaij\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$rhdsubj\kmspico 10.1.8 portable\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$rr0mmmj.rar\kmspico 10.1.8 portable\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$r35oc8a.rar\kmspico 10.1.8 portable\kmspico 10.1.8 portable
%sysdrive%\$recycle.bin\s-1-5-21-977091263-3761003994-473994326-1000\$rtuym4f.rar\kmspico 10.1.8 portable\kmspico 10.1.8 portable

File Names:

KMSELDI.exe
#MSELDI_000.EXE
#MSELDI.EXE
Winact.exe
KmsP.exe
$RN57IU7.exe
$R5BDJV6.exe
kmseldi.exe
KMSELDI (1).exe
gKMSELDI.exe
KMSELDI.EXE
KMSELDI_IObitDel.exe

Geography:

Iran 10.7%
Vietnam 6.6%
Turkey 4.6%
Thailand 4.4%
Philippines 3.9%
United States 3.8%
Brazil 3.6%
Italy 3.1%
Taiwan 2.6%
India 2.5%
Hong Kong 2.4%
Romania 2.3%
Greece 2.3%
Portugal 2.2%
France 2.0%
Czech Republic 1.9%
Israel 1.9%
Poland 1.8%
Mexico 1.7%
Colombia 1.6%
Indonesia 1.5%
Hungary 1.2%
Germany 1.2%
South Korea 1.2%
Bangladesh 1.2%
Kenya 1.2%
Pakistan 1.2%
Russia 1.1%
Bulgaria 1.1%
Argentina 1.1%
Serbia 1.0%
Peru 1.0%
United Kingdom 0.9%
Australia 0.9%
Egypt 0.8%
Spain 0.7%
Malaysia 0.7%
Bosnia and Herzegovina 0.7%
Belgium 0.7%
Sri Lanka 0.6%
Slovakia 0.6%
Ecuador 0.6%
Algeria 0.6%
Canada 0.6%
Nepal 0.6%
Netherlands 0.5%
Sweden 0.4%
South Africa 0.4%
Ukraine 0.4%
New Zealand 0.4%
Saudi Arabia 0.4%
Venezuela 0.4%
Chile 0.4%
Seychelles 0.4%
Denmark 0.3%
Lithuania 0.2%
Lebanon 0.2%
Georgia 0.2%
Austria 0.2%
Estonia 0.2%
China 0.2%
United Arab Emirates 0.2%
Paraguay 0.2%
Iraq 0.2%
Switzerland 0.2%
Slovenia 0.2%
Bolivia 0.2%
Ireland 0.2%
Morocco 0.2%
Ghana 0.2%
Guyana 0.2%
Ethiopia 0.2%
Nicaragua 0.2%
Panama 0.1%
Tunisia 0.1%
Croatia 0.1%
Finland 0.1%
Bahrain 0.1%
Belarus 0.1%
Libya 0.1%
Japan 0.1%
Côte d'Ivoire 0.1%
Cuba 0.1%
Cyprus 0.1%
Trinidad and Tobago 0.1%
Jordan 0.1%
Liberia 0.1%
El Salvador 0.1%
Honduras 0.1%
Mongolia 0.1%
Madagascar 0.1%
Malta 0.1%
Papua New Guinea 0.1%
Qatar 0.1%
Former Yugoslav Republic of Macedonia 0.1%
Dominican Republic 0.1%
Moldova 0.1%
Afghanistan 0.1%
Aruba 0.1%
Suriname 0.1%
Palestine 0.1%
Haiti 0.1%
Oman 0.1%
Brunei 0.1%
Nigeria 0.1%
Cameroon 0.1%
Uganda 0.1%
Norway 0.1%
Sudan 0.1%
Burkina Faso 0.1%
Guatemala 0.1%
Syria 0.1%

OS Version:

Windows 10 76.7%
Windows 7 16.5%
Windows 8.1 5.1%
Windows 8 0.7%
Windows Server 2012 R2 0.4%
Windows XP 0.2%
Windows Server 2008 R2 0.2%
Windows Vista 0.1%
Windows Embedded 8.1 0.1%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000dd72e

.NET Info:

MVID: cf73b3da-bd53-4695-8bf0-16ecbc0b0c87

PE Sections:

Name Size of data MD5
.text 899072 db240fffacb13d31d5fc2e1819eca22f
.rsrc 20992 9445cee9a79429fd9646bd2e5c83792b
.reloc 512 f6435b8247b785a75cf6a86f2be4813f

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for #MSELDI_000.EXE
copyright for information about #MSELDI_000.EXE
­