How to remove $RCVCROT.exe

$RCVCROT.exe

The module $RCVCROT.exe has been detected as PUP.AutoKMS

$RCVCROT.exe
Remove $RCVCROT.exe

File Details

Product Name:

KMS Server Emulator Service (XP)
Company Name:

MDL Forum, mod by Ratiborus
MD5: d1667e5fb0bb342131869fd8afeb0609
Size: 296 KB
First Published: 2017-05-22 10:19:57 (8 years ago)
Latest Published: 2023-10-08 23:30:52 (2 years ago)
Status: PUP.AutoKMS (on last analysis)
Analysis Date: 2023-10-08 23:30:52 (2 years ago)

Common Places:

%commonappdata%\kmsautos\bin
%temp%\be1b.tmp
%commonappdata%\kmsauto\bin
%temp%\b8cb.tmp
%temp%\52cf.tmp
%temp%\484f.tmp
%commonappdata%\kmsautos
%commonappdata%\kmsauto
%temp%
%sysdrive%\$recycle.bin

File Names:

KMSSS.exe
$RCVCROT.exe

Geography:

Russia 35.7%
Ukraine 21.2%
Pakistan 9.6%
Georgia 3.4%
India 3.4%
Belarus 3.1%
Kazakhstan 1.9%
Indonesia 1.9%
Azerbaijan 1.7%
Egypt 1.7%
Thailand 1.4%
Moldova 1.4%
Lithuania 1.4%
Peru 1.2%
Latvia 1.0%
Kyrgyzstan 1.0%
Bangladesh 1.0%
Romania 0.7%
Estonia 0.7%
Germany 0.7%
United States 0.7%
Iran 0.5%
Sri Lanka 0.5%
France 0.2%
Ghana 0.2%
Tajikistan 0.2%
Kenya 0.2%
Spain 0.2%
Montenegro 0.2%
Turkey 0.2%
South Korea 0.2%
Armenia 0.2%
Japan 0.2%
Switzerland 0.2%
Philippines 0.2%
Poland 0.2%
Tanzania 0.2%
Syria 0.2%
Mongolia 0.2%
Malaysia 0.2%

OS Version:

Windows 8.1 48.9%
Windows 7 33.9%
Windows 10 16.0%
Windows 8 1.0%
Windows Server 2012 R2 0.2%

Analysis

Subsystem: Windows CUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x00019054

PE Sections:

Name Size of data MD5
.text 207360 daaa7cefb5164f171d6d83721577b989
.rdata 70144 d2175f96fda3740a88b0d0c90462e2b7
.data 8704 7a2d8648af48170b15007e53c48891df
.rsrc 1536 031ee5737dce6ec52b5af731c3184ba7
.reloc 14336 7cc11704d0e569ffc66923c3b098cf0c

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for $RCVCROT.exe
copyright for information about $RCVCROT.exe
­