How to remove KMSELDI.exe

KMSELDI.exe

The module KMSELDI.exe has been detected as Virtool.Gen

KMSELDI.exe
Remove KMSELDI.exe

File Details

Product Name:

KMS GUI ELDI
Company Name:

@ByELDI
MD5: 7e2c9c23f6ff001837cb0a1a90006bca
Size: 1 MB
First Published: 2017-05-21 15:03:44 (7 years ago)
Latest Published: 2021-01-05 16:39:07 (4 years ago)
Status: Virtool.Gen (on last analysis)
Analysis Date: 2021-01-05 16:39:07 (4 years ago)

Common Places:

%programfiles%\kmsnano
%commonprograms%\microsoft office 2013\kmsnano
%programfiles%
%sysdrive%\pobieralnia\microsoft office 2013 activator (kmsnano 24) by dhruvloves007!
%sysdrive%\_programs\programs
%sysdrive%\_programs
%programfiles%
%windir%
%programfiles%
%programfiles%

Geography:

Turkey 40.8%
Vietnam 6.9%
Italy 5.4%
Poland 4.6%
Czech Republic 3.8%
United States 3.1%
Indonesia 3.1%
Egypt 3.1%
Hungary 2.3%
Greece 2.3%
Kuwait 1.5%
United Kingdom 1.5%
Canada 1.5%
Pakistan 1.5%
Nigeria 1.5%
Romania 1.5%
Algeria 1.5%
Austria 0.8%
Serbia 0.8%
Iraq 0.8%
Netherlands 0.8%
Lebanon 0.8%
Singapore 0.8%
Brazil 0.8%
Latvia 0.8%
Finland 0.8%
Estonia 0.8%
Kazakhstan 0.8%
Thailand 0.8%
Croatia 0.8%
Argentina 0.8%
United Arab Emirates 0.8%
Philippines 0.8%
Malaysia 0.8%
India 0.8%

OS Version:

Windows 7 53.1%
Windows 10 36.9%
Windows 8 6.2%
Windows 8.1 3.8%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x000d9b6e

.NET Info:

MVID: b4e4c52f-bd77-4c34-b32b-155a178c7cb8
Typelib ID: 863d9135-9365-4bee-95bf-0d83ded34d9f

PE Sections:

Name Size of data MD5
.text 883712 3801ac04a244f8b1133608747c9d19e9
.sdata 512 31bc527df3d3a922520f566d6bdba078
.rsrc 374272 f5c64af67921a0e107fab2f60ffd1f02
.reloc 512 be594699d9dfde7ea6c5b571fa87fe90

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for KMSELDI.exe
copyright for information about KMSELDI.exe
­