Users who purchase stationary computer terminals or laptops with an already installed system and related software products often encounter the fact that the active KMService.exe process is constantly visible in the “Task Manager”. What kind of service is this? Not everyone knows about this, and most people even consider it a virus. In fact, this is only partly true.
KMService.exe: what kind of process?
The process itself, which so surprises everyone with its presence, is not a virus. It is a service that initially appears in system processes after activation of unlicensed MS Office 2010.
The situation is such that many users (if not the absolute majority) do not want to (or cannot) lay out money for an office suite. In turn, the installed "Office" after a certain time begins to require activation of the package. This is where a special application comes to the rescue, the result of which is the appearance of the background process KMService.exe. What kind of software is this? Everything is simple!
KMService.exe: what is it in terms of software?
Since the user does not have an activation code for the “Office”, for his normal operation the built-in protection against the use of unlicensed copies needs to be fooled somehow.
For this, the mini-KMS Activator utility is used, which allows you to activate Office 2010 VL, install keys, or reset the status of the trial version (Trial). In other words, the activator informs the office suite security system that money has been paid for it, and generates a license. As a rule, after starting the utility in its portable form, the application file and related components are saved along the path C: \ Windows \ KMService.exe or in the folder of the system root directory of the same name (although other options are possible).
Types of files and their location after launch
If we talk about saving the utility elements along with the executable file after starting or installing the main application, they may not always be located in the main folder of the system.
So, for example, sometimes you may come across the option of saving along the path C: \ Windows \ actofvl \ KMService.exe (in the updated version of the utility).
And it is the main EXE file that is responsible for constantly monitoring the status of the Office license for a certain period of time, reactivating it without user intervention. At the same time, despite placing the file along the path C: \ Windows \ actofvl \ KMService.exe, many users do not pay attention to the fact that the launch of the same process can also be seen in the so-called "Task Scheduler".
Another thing is when the user encounters such an executable file in the System32 directory with the hidden objects displayed. This already indicates that this file is a virus that masquerades as an activator. As a rule, the program itself never saves anything to this system folder. Apparently, you cannot manually delete such an object - you will have to use an anti-virus scanner.
Why does antivirus work?
Often, even at the stage of the first launch of the portable version, full-time antiviruses (including Windows Defender) issue a warning about a possible threat.
A message appears in the system tray indicating that the applet that is being launched contains a modified HackTool: Win32 / AutoKMS (or KeyGen). This is normal, since almost all antiviruses (with rare exceptions) are configured in such a way that key generators (keygens) are not passed into the system, setting attributes of potentially dangerous or unwanted software for them, although in reality in the body of the program (in the program code) There is no viral threat.
Here licensing protection is triggered (especially if the process is started for KMService Srvany.exe, which can really be a virus).
But there are other types of malicious codes and programs. The most famous threat that can disguise itself as the KMService.exe process is the notorious HKTL_KEYGEN virus. But you can determine whether it is a virus, even by the size of the file. There are several modifications with sizes of 151.522 bytes, 151.622 bytes, 151.606 bytes, 155.648 bytes and 77.824 bytes.
How legal is the application?
We continue to consider the KMService.exe process. What is it, we have already figured out. Let us now look at some legal aspects.
From the point of view of international law, since the MS Office 2010 software product is protected by copyright and intellectual property rights, not to mention many other legal documents and norms, it is, of course, illegal to use this utility. You can use it only at your own peril and risk. But when did this stop our user? Moreover, it is impossible to verify the actual activation of the office suite online even with all the resources available to Microsoft Corporation.
New activator version
The utility in question is somewhat outdated. Today you can find a more advanced version of the program called KMSAuto Net.
The updated version can activate not only the "Office", but also generate licenses for all known modifications of the Windows systems themselves. In addition, the application is built in such a way that neither the antivirus nor the built-in firewall are already responding, and the utility starts without problems. And it is released exclusively in the form of a portable version, which completely eliminates the reaction from the protection side when trying to install.
Conclusion
As already clear, the situation when such a process appears among system services is not catastrophic. However, depending on the location of the executable file itself, which the user can track quite simply, you will have to make a decision to remove the threat, especially if he installed the office suite and did not activate it using one of the KMS utility versions.