What is RiskWare.tool.ck found by Malwarebytes?

Condesa January 13, 2011

I had my computer scanned by Malwarebytes and I got the following results:

Vendor: RiskWare.tool.ck
category: File and Memory Process
Item: c:\Windows\kmservice.exe

So does anybody know what is RiskWare.tool.ck?
Is it dangerous for my computer?
Why didn’t Spybot report it?

  1. Noone
    April 14, 2012 at 5:54 pm

    You got the best answer..Thanks 

  2. Aibek
    October 30, 2011 at 5:00 am

    Thanks for the comment.
    Could you please take a screenshot of that warning message you get from McAffe and send it over to us.
    I just checked the download again and it's definitely appears as clean.
    Also, checked the file on:

    VirusTotal, http://www.virustotal.com
    Jotti Virus Scan, http://virusscan.jotti.org/en-gb

    both showed no alert.


  3. Monkeycmonkeydo
    October 29, 2011 at 4:15 pm

    Ok here's the scoop so far...I forgot to run Hijackthis last night and if I had I would have noticed a little sleeper bugger that seems to be plaguing ppl in Microsoft Office, redirector urlredir.dll. I did go to the site and try downloading again got the same, but after I'm done with this adventure and not being redirected I'll try again. My apologies if I made a hasty comment/statement .... just keepin' in real.

    • Aibek
      October 29, 2011 at 1:37 pm

      Thanks for the comment.

      Could you please take a screenshot of that warning message you get
      from McAffe and send it over to us.

      I just checked the download again and it's definitely appears as

      Also, checked the file on:

      VirusTotal, http://www.virustotal.com

      Jotti Virus Scan, http://virusscan.jotti.org/en-gb

      both showed no alert.


    • Monkeycmonkeydo
      October 29, 2011 at 3:28 pm

      u wanna talk cause i was so tired after that i went to bed just got up because I couldn't believe myself especially this morning after looking into some pages re: ur business

      • Monkeycmonkeydo
        October 29, 2011 at 3:35 pm

        Like I said last night, I'm not here to make trouble for anyone and you know the older I get the more I realize the less I really do know. I did not take any screen shots last night and I just looked at McAfee I sent a whole bunch of stuff that I had forgotten to deal with in Quarantine so there isn't anything in there. I'm going to the site right now because I really would like to have some real-time protection along with everything else I have that allows me to do battle. If I can reproduce last night's event I'll let you know.

  4. No
    October 27, 2011 at 9:17 am

    as soon as i ran this keygen, my mom died

    • NotForSell
      October 28, 2011 at 6:25 am

      Your mom died... Seriously.... You are fking ignorant...

      • Guest
        November 2, 2011 at 5:32 pm

        It's a joke son, it's a joke.

  5. Pahjalik
    October 21, 2011 at 4:46 am

    So the final result is??  ---   No one knows!  Lots of free advice but remember what you paid for all that free advice and equate the value.  It's 50/50 they're either right or wrong.

  6. Mr.Berns
    October 13, 2011 at 1:17 pm

    Mine got flagged as well, but i use mine for legitimate
    reasons. I have an XP VM template that I use to deploy and the program i use to change the default key to a purchased key ( i used an OEM license XP to create the template) is XPPID, which tells you up front that it uses this peice of software.  So, other than downloading some traffic monitoring software to see what is going out from your PC (wireshark) i would say its a false positive.  Though just as many have suggested, i would not use it as an ilegal keygen. 

  7. Captain_flemme
    September 13, 2011 at 12:17 am


    i have another solution. if you need the key to make your soft working but you don't want to take a risk, launch it in a sandbox like sandboxie. you get the key a virus or anything else don't have access to your system !!!

    Hope it helped

  8. DarkSyd
    August 3, 2011 at 2:39 am

    I get this "False Positive" from a .tmp file that keeps generating itself. Sooooooo....REMOVE IT!!! This kind of action is related to keygen's

  9. ProfessorCalamitoser
    July 5, 2011 at 7:52 am

    bullsh1t!!!! if u got problem with that 'thing' than dont use it!!! ''And Old Man Said' We Live Our Live,Our Life is For a CraCker'...

  10. Christopher Royall
    June 20, 2011 at 7:30 am

    OK, to actually answer the question: "What is RiskWare.tool.ck found by Malwarebytes?":
    Malwarebytes flags anything that has the word patch either in it's name or code or folder name.  Let's break down the name:  Risky: involving the possibility of something bad or unpleasant happening : involving risk, Tool:  something that helps to get or achieve something, does a job or activity.  CK:  Might refer to the company or group that made the patch, but really not positive on that one.

    Now, let's ask ourselves, why might Malwarebytes find this code to be malware/spyware?  Hmm, Do you really believe that these large consortiums of people/programmers out there, such as the 'Crude Team', are just spending hours of time to create these patches and keygens and give them away through torrents out of the kindness of their hearts?  Obviously, their making money on this, and since you can download most of these for free through various torrent groups, then one must ask how are they making money on these?  One example would be, create a patch that once ran, stay running till the computer is restarted, or just keeps running all the time, hidden within another program, that records all keystrokes entered into your computer, ie:  Credit Card numbers, with expiration dates and Back of Card codes.  Send them over the internet intermittently while the computer is idle, or in small enough increments to avoid being noticed.  Wham, Bam, Thank you Ma'am, You just got $5000 credit card slam.  How about if it just gets your log-in information for websites such as Netspend, Paypal, Netflix, etc.  Starting to get the picture anyone?  You got a $150 package for free, yes, and down the road, maybe not in the next day or so, but sometime down the road, all of a sudden, you find out someone opened a credit card in your name, ran it up to $10,000, and now, it's going to take you a heck of a lot of money to get that cleared from your records.

    That all being said, you might want to rethink this thing. 

    Remember, it never pays to covet your neighbors property.  What does that mean?  It means, you want what your neighbor has, but don't feel you should have to pay to have it, even though they did, or they created it and feel that is what is worth.  Finally, if the government gets their way, and they probably will on this, anyone that has even downloaded these patches, key generators, or pirated software, will be facing fines that are at least 5 times the amount of the actual cost of the software, and quite/most likely prison time.

    • TIREDofID10Ts
      June 25, 2011 at 9:44 pm


      • pfft
        June 27, 2011 at 2:01 pm

        You be the moron, noob.  It is a keygen, it is theft and it is a security risk on your computer.   christopher put it quite well and did so politely.  Unlike an idiot claiming to be tired of himself.

        • Dave
          February 11, 2012 at 6:24 pm

          Afraid is not a security risk. l2program kthnx

        • Angry Mofo
          March 1, 2012 at 6:38 pm

           Lol, where I live they sell pirated software in the malls.

        • Arcmetal
          April 13, 2012 at 2:45 am

          they don't do it only for money. Sometimes it's for fun, statisfaction, sticking it to the man etc.

      • agreesw/pfft
        June 27, 2011 at 3:30 pm

        I'm so VERY tired of forum trolls.

    • Dimbo
      June 30, 2011 at 12:02 pm

      It's like saying do you think these people donate to the poor out of the kindness of their hearts?   Or volunteer time to the local council out of the kindness of their hearts?  

    • Sikkwolf
      July 30, 2011 at 5:54 pm

      You're a fucking liar, a moron, and a tool. I hope your parents get cancer.

    • Ufy95788
      December 26, 2011 at 1:33 am

      We're now 6 months in, so I wonder if your prediction came true. You know, the part where you said everybody who downloaded a keygen gets prison time.

      Quit posting noob. Not every crack hosts spyware. 

  11. Gord
    June 10, 2011 at 1:52 pm

    In my case it was an activator for MS Math

  12. Mronga49
    May 31, 2011 at 11:12 pm

    Depending on what’s in the exact file you have will determine what it is, for example I also have a false positive for a keygen app. I have no doubt that this is not a virus,100% certain it got flagged cuz it is seen as something bad i.e. cheating adobe outta money cuz this is what it does.OFC you must be aware cuz there are many such "tools" out there but IMO it all aint bad, it’s just bad for the company that doesn’t get their money. Hmmmm is that really a bad thing? On the other hand are we talking about a legal or a moral issue, or does it matter? IMO its an individual choice, for the most part all these guys sell us a product that is still in the R&D stage but they don’t have a problem selling it to us, so some say they don’t have a problem taking it either. You do the math and get all the info you can and then do what ur comfortable with.BTW I know someone that uses a computer that has a lotta malware and viruses but he is aware and says it suites his needs and he has nothing on the puter that can cause him a problem.(except a bot stealing his bandwidth maybe) Have fun, enjoy, and don’t take things so seriously,nobody will care a hundred years from now....... Hmmmm in fact most don’t even care right now.LOLMIKLO

  13. Phil
    May 10, 2011 at 3:06 pm

    My Microsoft software is all totally legit, and Malwarebytes found it on my laptop, too.

  14. Iha
    April 13, 2011 at 7:05 pm

    Just enjoy! we have to live with many viruses which as 1st step Windows by itself is a spy system! So, what the point for some malware, or what so ever?

  15. chuck norris
    March 29, 2011 at 8:16 am

    this virus helped me download a software for free. so, even though it is regarded as a bad thing. i am going to keep it because im using the software and it's been helping me more.

  16. Juan Mariconne
    March 28, 2011 at 2:23 pm

    if you really need the software,

    or use open source - open office, it can read microsoft data format.


    purchase the student edition

    purchase legit license of anti-virus software

    Recently - microsoft securitys essential did not catch a virus / malware which

    hosed my windows 7 desktop

    also avoide pop-up

    especially this firm

    AntiVirus 2011

    they bonked my machine last year
    I formated hard drive to get rid of it-

    • Sikkwolf
      July 30, 2011 at 5:53 pm

      Shut the fuck up.

  17. Jmorphett
    March 1, 2011 at 11:38 am

    Wow. I laughed. The OP did ask: So does anybody know what is RiskWare.tool.ck?

    And no one actually gave an answer. They just spewed out a 'I have no idea, remove it anyway' generic response.

    It's a false positive telling you that there isn't anything actually wrong with the file but it's associated with a 'bad thing'. ie pirating. So it is bad anyway. Golf claps to the posters here that just spew...

    • Tina
      March 1, 2011 at 6:12 pm

      Thank you for the insight.

    • NthaNO
      June 25, 2011 at 9:40 pm

      finally someone that doesn't have their head up their ass  !!!

    • Canadian Guy
      August 28, 2011 at 2:50 pm

      anyone else in this boat that wishes to use keyfinders maker etc can easily download sandboxie for free install it and open these 'Questionable Source tools" safely by right clicking on them and opening in sandbox. it's like a little virtual sandbox that keeps things from infecting your system. restrict the use of virus's and malware by working smart not working hard.

      • Quiet_one31
        October 16, 2011 at 3:09 pm

        I agree with Jmorphett. c:Windowskmservice.exe is safe.
        Yes, it is a Office 2010 activator, but it's quite safe.
        It has been submitted through Virustotal and they found it to be safe.
        The only thing this service does is provide a service that acts as a license server.

  18. Fulano X
    February 21, 2011 at 4:33 pm

    I found this malaware in keyfinder.exe too

  19. Frederickemanuel
    January 14, 2011 at 11:31 pm

    You should let Malwarebytes remove the infection. Spybot may have missed it because, well, that's the way things work. Tens of thousands of infections are issued every single day, and even when reputable developers work hard to find and remove infections, NO single piece of software can claim to find all of them all of the time.

    So you did right by running multiple security solutions. Follow what they tell you and I hope you're able to rid yourself of the infection! In addition to Malwarebytes, you might want to try a scan with SUPERAntiSpyware (www.superantispyware.com) and see what it finds. Between the two programs, I'd trust what they tell you.

  20. Richard Carpenter
    January 14, 2011 at 1:57 pm

    Lot of these tools that can download for free, are making the person on the other end wealthy. Most of this software is spiked with Malware, when you open it... your infected.

  21. Anonymous
    January 14, 2011 at 7:39 am


    did you use a pirated activator for office 2010? that’s it.
    You will need first to stop this service in the task manager and then go to the folder and delete the file.

Ads by Google