This is not a false positive. A ton of apps that are very popular including open hardware monitor, fan control, hwinfo a bunch of rgb tools etc. All use a very old winring0 library. This was created over a decade ago and the author is gone and it cannot be patched. Problematically, this has a seriou… Answer from MrKrogXxXx on forums.flightsimulator.com
🌐
Microsoft Flight Simulator Forums
forums.flightsimulator.com › user support hub › hardware & peripherals
Heads up if using OpenHardwareMonitor - Defender reported a Trojan virus - Hardware & Peripherals - Microsoft Flight Simulator Forums
September 5, 2025 - I use OpenHardwareMonitor to keep an eye on CPU and GPU temps during flight. I’ve recommended it often here to others. Today I got this notification from Windows Defender: I googled it and found that other people using OHM, as well as LibreHardwareMonitor and FanControl software, are reporting ...
🌐
BleepingComputer
bleepingcomputer.com › bleepingcomputer forums › microsoft windows support › windows 10 support
Trojan Detected? - Windows 10 Support
6 days ago - So either get rid of it, or risk the consequences of keeping it installed on your system. ADDENDUM 2: Looking again at the initial post, it would appear the software isn't actually installed but is just sitting in your Downloads folder. Just delete the OpenHardwareMonitor folder containing it and be done with it.
Discussions
Trojan Vigorf.A in OpenHardwareMonitorLib.sys
Joe Gilray - Ding-Ding-Ding! We have a solution! I too noticed that the IntelSoftwareStudioService is still running on my system. I also removed OpenHardwareMonitorLib.sys from my virus scanning exclusion and re-ran the quick scan with the result of "No Threats Detected". More on learn.microsoft.com
🌐 learn.microsoft.com
11
14
September 4, 2025
vulnerability detected by Avast in kernel from OpenHardwareMonitorLib.sys file
Since few time, I've received a vulnerability detected by Avast in kernel from OpenHardwareMonitorLib.sys file on the version openhardwaremonitor-v0.9.6.zip : I must to disable this option but ... More on github.com
🌐 github.com
68
February 11, 2023
Open Hardware Monitor driver vulnerability. Options and/or alternatives?
I had the same happen to me today now it wont show me my cpu temp More on reddit.com
🌐 r/pcmasterrace
31
18
August 13, 2025
Is Open Hardware Monitor dangerous? Why are opinions divided in the community tab? 13 voted that this file is dangerous, and 17 voted that it is safe. Why is this file posted on Malshare? The summary in behavior tab also contains the note "3 Detections: 1 MALWARE 1 TROJAN 1 EVADER".
OHM is open source and it's safe. https://github.com/openhardwaremonitor/openhardwaremonitor this is the reason there was 17 vote that it's safe. 13 other vote are just deadbrain. More on reddit.com
🌐 r/antivirus
1
1
April 10, 2024
🌐
Reddit
reddit.com › r/techsupport › fan control and open hardware monitor are being detected as trojans
r/techsupport on Reddit: Fan Control and Open Hardware Monitor are being detected as Trojans
September 17, 2025 -

Title basically, both apps are being read as trojans by windows defender. Open hardware monitor stopped detecting my CPU temps and fan control is also not detecting multiple fan headers.

What can I do? It looks like a problem with my motherboard maybe?

Top answer
1 of 2
1
I had the same issue with fancontrol 2 weeks ago. It was a false positive. The next update solved the issue.
2 of 2
1
It's a problem with a driver those applications use to talk to your hardware. Neither the applications or the driver are actually malicious, but the driver is vulnerable to be exploited by malicious software, hence Defender is quarantining it to protect your system. See below for a more in-depth explanation but the tl;dr is this is something those applications need to fix. The big issue is that there isn't really a good replacement driver available they can use instead, hence it is still an unsolved issue far as I know. https://www.reddit.com/r/FanControl/comments/1j93doq/why_does_defender_hate_fan_control_an_explanation/
🌐
GitHub
github.com › HardwareMonitor › openhardwaremonitor
GitHub - HardwareMonitor/OpenHardwareMonitor: Open hardware monitor - system sensors monitoring application for Windows · GitHub
Microsoft and other major antivirus vendors may have flagged OpenHardwareMonitor as malware. This is a false positive and is not related to a virus or anything similar. Signals from Microsoft usually extend to other antivirus vendors as well.
Starred by 195 users
Forked by 18 users
Languages   C# 97.0% | C 1.4% | C++ 0.9% | Python 0.3% | JavaScript 0.1% | HTML 0.1%
🌐
Microsoft Learn
learn.microsoft.com › en-us › answers › questions › 5545465 › trojan-vigorf-a-in-openhardwaremonitorlib-sys
Trojan Vigorf.A in OpenHardwareMonitorLib.sys - Microsoft Q&A
Top answer
1 of 5
2

Thank you for the details. The issue came back today. I simply went to services.msc, stopped and disabled the Intel Software Studio service. Then I told Windows defender to remove the file. Rebooted and came back with a clean scan. The OpenHardwareMonitor.sys file did not come back after reboot.

If I see this again, I'll employ your very detailed instructions. Hopefully I won't see this again.

2 of 5
2

Joe Gilray - Ding-Ding-Ding! We have a solution! I too noticed that the IntelSoftwareStudioService is still running on my system. I also removed OpenHardwareMonitorLib.sys from my virus scanning exclusion and re-ran the quick scan with the result of "No Threats Detected".

My theory of what happened is a little different however. Yes, when I uninstalled the IntelSoftwareStudio, it may well have rebuilt OpenHardwareMonitorLib.sys without Winring0, but that was irrelevant to Defender as it was still dinging it as a threat until the virus definitions were updated today (Mine updated on 9/7 too) This was a problem that Microsoft Defender made.

Now to see if I can cancel my order with Amazon for the new Lenovo mini PC. (Yeah, I was willing to just replace the hardware for my peace of mind)

🌐
2-Spyware
2-spyware.com › remove-open-hardware-monitor.html
Remove Open Hardware Monitor (Removal Instructions) - Mar 2021 update
March 2, 2021 - Even though the Internet is full of useful software, some of them may be corrupted by cybercriminals, and this is exactly what happened to a legitimate hardware software, now often referred to as “Open Hardware Monitor virus”. This program ...
🌐
GitHub
github.com › openhardwaremonitor › openhardwaremonitor › issues › 1557
vulnerability detected by Avast in kernel from OpenHardwareMonitorLib.sys file · Issue #1557 · openhardwaremonitor/openhardwaremonitor
February 11, 2023 - Since few time, I've received a vulnerability detected by Avast in kernel from OpenHardwareMonitorLib.sys file on the version openhardwaremonitor-v0.9.6.zip : I must to disable this option but ...
Author   openhardwaremonitor
🌐
Reddit
reddit.com › r/pcmasterrace › open hardware monitor driver vulnerability. options and/or alternatives?
r/pcmasterrace on Reddit: Open Hardware Monitor driver vulnerability. Options and/or alternatives?
August 13, 2025 -

I've been running Open Hardware Monitor latest version 0.9.6 for several years. Today after my Windows 10 PC rebooted I noticed some info was no longer being displayed and saw there was a security vulnerability caught by Windows Security/Microsoft Defender: "VulnerableDriver:WinNT/Winring0.G"

As there is no newer version of Open Hardware Monitor and it hasn't been updated since 2020, are there other decent or better options for showing running system stats? Specifically I like that OHM shows my motherboard and CPU versions as well as temps and fan speeds.

EDIT: Seeing the same warning for LibreHardwareMonitor v0.9.4.

Top answer
1 of 9
7
I had the same happen to me today now it wont show me my cpu temp
2 of 9
4
I got the same flag today after 3 yrs of use. Are you still using it or did you remove ohw?
Find elsewhere
🌐
ANY.RUN
any.run › report › 5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85 › cee6153d-c0ed-47f1-80a8-415ce76684f1
Malware analysis openhardwaremonitor-v0.9.6.zip Malicious activity | ANY.RUN - Malware Sandbox Online
Online sandbox report for openhardwaremonitor-v0.9.6.zip, verdict: Malicious activity
🌐
File.net
file.net › process › openhardwaremonitor.exe.html
OpenHardwareMonitor.exe Windows process - What is it?
If OpenHardwareMonitor.exe is located in a subfolder of the user's profile folder, the security rating is 72% dangerous. The file size is 494,592 bytes (32% of all occurrences), 493,568 bytes and 5 more variants. OpenHardwareMonitor.exe is not a Windows core file.
🌐
Reddit
reddit.com › r/antivirus › is open hardware monitor dangerous? why are opinions divided in the community tab? 13 voted that this file is dangerous, and 17 voted that it is safe. why is this file posted on malshare? the summary in behavior tab also contains the note "3 detections: 1 malware 1 trojan 1 evader".
r/antivirus on Reddit: Is Open Hardware Monitor dangerous? Why are opinions divided in the community tab? 13 voted that this file is dangerous, and 17 voted that it is safe. Why is this file posted on Malshare? The summary in behavior tab also contains the note "3 Detections: 1 MALWARE 1 TROJAN 1 EVADER".
April 10, 2024 -

Also on the behavior tab there is a note "The sandbox Zenbox flags this file as: MALWARE TROJAN EVADER".
https://www.virustotal.com/gui/file/5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85/detection

Joe Sandbox Analysis:

Verdict: MAL

Score: 68/100

HTML Report: https://www.joesandbox.com/analysis/1413118/0/html

JaffaCakes118:

Threat Score: 6/10

Family: N/A

File Report: https://tria.ge/230906-1wnb5scc32

Tags: #bootkit, #persistence

Top answer
1 of 1
1
OHM is open source and it's safe. https://github.com/openhardwaremonitor/openhardwaremonitor this is the reason there was 17 vote that it's safe. 13 other vote are just deadbrain.
🌐
GitHub
github.com › openhardwaremonitor › openhardwaremonitor › issues › 1658
Flagged as virus since a week (started on 22-9-2025) · Issue #1658 · openhardwaremonitor/openhardwaremonitor
September 27, 2025 - Unable to run, open, or download - flagged as virus both by Windows Defender (on gaming pc) and McAfee (on server pc) No specifics given, damn w11 system keeps me in the dark as why or what. Update on that: Trojan:Win32/Vigorf.A in OpenHardwareMonitorLib.dll - according to windows.....
Author   openhardwaremonitor
🌐
PC Risk
pcrisk.com › removal-guides › 9896-open-hardware-monitor-ads
Open Hardware Monitor Ads - Easy removal steps (updated)
December 31, 2021 - Mac Virus • July 13, 2022 · 05 · Potentially unwanted application • September 19, 2025 · Scan this QR code to have an easy access removal guide of Open Hardware Monitor PUP on your mobile device. Get rid of Mac malware infections today: Download Combo Cleaner for Mac ·
🌐
MalwareTips
malwaretips.com › home › adware › openhardwaremonitor.exe: what it is & should i remove it?
OpenHardwareMonitor.exe: What It Is & Should I Remove It? | MalwareTips Blog
July 9, 2023 - OpenHardwareMonitor.exe is a system monitoring tool that provides real-time information about hardware components. Learn if you should remove it.
🌐
GitHub
github.com › openhardwaremonitor › openhardwaremonitor › issues › 1633
Virus Detected Issue and wiped from pc essentially · Issue #1633 · openhardwaremonitor/openhardwaremonitor
March 11, 2025 - Can't redownload as it is flagged as a virus when it is downloaded and gets auto deleted.
Author   openhardwaremonitor
🌐
Lo4d
open-hardware-monitor.en.lo4d.com › hardware diagnostic › open hardware monitor
Open Hardware Monitor [openhardwaremonitor-v0.9.6.zip] - Analysis, Malware, Safety
Is Open Hardware Monitor safe? openhardwaremonitor-v0.9.6.zip file analysis - safety information, virus and malware testing with Avira, BitDefender, Malwarebytes, Norton and other top security software.
🌐
GitHub
github.com › LibreHardwareMonitor › LibreHardwareMonitor › issues › 1844
LibreHardwareMonitor.sys flagged as trojan:Win32/Vigorf.A on Windows 10 · Issue #1844 · LibreHardwareMonitor/LibreHardwareMonitor
September 4, 2025 - I downloaded it via powershell with the winget cmd. It was fine for 4-5 days until suddenly Windows Defender flagged it. I read in different forums that it can be a false positive. Can anyone suggest to me how I can confirm if it is due ...
Author   LibreHardwareMonitor
🌐
GitHub
github.com › openhardwaremonitor › openhardwaremonitor › issues › 843
reported as virus by Immunet · Issue #843 · openhardwaremonitor/openhardwaremonitor
August 21, 2016 - openhardwaremonitor / openhardwaremonitor Public · Notifications · You must be signed in to change notification settings · Fork 1.3k · Star 6.3k · New issueCopy link · New issueCopy link · Closed · Closed · reported as virus by Immunet#843 · Copy link · arnowi ·
Author   openhardwaremonitor
🌐
Reddit
reddit.com › r/antivirus › bitdefender doesn't call it but win antivirus says openhardwaremonitor-v0.9.6 (1)\openhardwaremonitor\openhardwaremonitorlib.sys-trojan:win32/vigorf.a
r/antivirus on Reddit: Bitdefender doesn't call it but win antivirus says openhardwaremonitor-v0.9.6 (1)\OpenHardwareMonitor\OpenHardwareMonitorLib.sys-Trojan:Win32/Vigorf.A
September 6, 2025 -

So this am start up win 11 antivirus says my open hardware monitor is a trojan....Bit defender has not called it so I am a little confused if it is or if had it and bitdefender didn't call it? anyone else think that open hardware went bad?

Top answer
1 of 3
4
We have another thread about this on the front page, and a similar thread from a couple days ago: https://www.reddit.com/r/antivirus/comments/1n9vsvw/windows_security_detected_trojanwin32vigorfa/ https://www.reddit.com/r/antivirus/comments/1n8o46s/trojan_keeps_coming_back_after_defender_offline/
2 of 3
1
also now win antivirus is calling FanControl\FanControl.sys a Trojan:Win32/Vigorf.A
🌐
Microsoft Learn
learn.microsoft.com › en-us › answers › questions › 5545190 › threats-detected-trojan-win32-vigorf-a
Threats detected: Trojan:Win32/Vigorf.A - Microsoft Q&A
Top answer
1 of 5
16

The usual MS Windows Defender nonsense. It is NOT a trojan, it's a vulnerability (WingRing0 which is installed and used by FanControl, it is needed for apps like FanControl/SignalRGB to work).

It is considered a 'security' risk, but it's not a risk to the average PC user/gamer/etc. Only those downloading pirate software, going on 'dodgy' websites, things like that are actually at risk. Even then, whatever virus they downloaded would have to get past their anti-virus software to be able to take advantage of the vulnerability. The vulnerability has ALWAYS been part of Fan Control, it's not just been added to FanControl or any other software that Windows has flagged, Windows Defender has just had an update that makes it flag the vulnerability.

I've been a PC tech for over 30 years (including employment for 17 years by two of the biggest investment banks in the world), I knew about the vulnerability before installing FanControl.

It didn't concern me then, it doesn't concern me now. If you're not a shady person that does shady things, you'll be just fine. I just Whitelisted it, no more pop-ups.

2 of 5
9

I tracked my issue to Intel NUC Software Studio as the culprit that installed OpenHardwareMonitorLib.sys that then triggered the Trojan:Win32/Vigorf.A alert in Defender. Add that to the list of software that uses Open Hardware Monitor.

Related queries
is openhardwaremonitor. safe
openhardwaremonitor alternative
openhardwaremonitor virus windows 10
openhardwaremonitor virus fix
openhardwaremonitor virus windows 11
uninstall openhardwaremonitor
openhardwaremonitor windows defender
hwmonitor