Trojan Vigorf.A in OpenHardwareMonitorLib.sys
vulnerability detected by Avast in kernel from OpenHardwareMonitorLib.sys file
Open Hardware Monitor driver vulnerability. Options and/or alternatives?
Is Open Hardware Monitor dangerous? Why are opinions divided in the community tab? 13 voted that this file is dangerous, and 17 voted that it is safe. Why is this file posted on Malshare? The summary in behavior tab also contains the note "3 Detections: 1 MALWARE 1 TROJAN 1 EVADER".
Title basically, both apps are being read as trojans by windows defender. Open hardware monitor stopped detecting my CPU temps and fan control is also not detecting multiple fan headers.
What can I do? It looks like a problem with my motherboard maybe?
Thank you for the details. The issue came back today. I simply went to services.msc, stopped and disabled the Intel Software Studio service. Then I told Windows defender to remove the file. Rebooted and came back with a clean scan. The OpenHardwareMonitor.sys file did not come back after reboot.
If I see this again, I'll employ your very detailed instructions. Hopefully I won't see this again.
Joe Gilray - Ding-Ding-Ding! We have a solution! I too noticed that the IntelSoftwareStudioService is still running on my system. I also removed OpenHardwareMonitorLib.sys from my virus scanning exclusion and re-ran the quick scan with the result of "No Threats Detected".
My theory of what happened is a little different however. Yes, when I uninstalled the IntelSoftwareStudio, it may well have rebuilt OpenHardwareMonitorLib.sys without Winring0, but that was irrelevant to Defender as it was still dinging it as a threat until the virus definitions were updated today (Mine updated on 9/7 too) This was a problem that Microsoft Defender made.
Now to see if I can cancel my order with Amazon for the new Lenovo mini PC. (Yeah, I was willing to just replace the hardware for my peace of mind)
I've been running Open Hardware Monitor latest version 0.9.6 for several years. Today after my Windows 10 PC rebooted I noticed some info was no longer being displayed and saw there was a security vulnerability caught by Windows Security/Microsoft Defender: "VulnerableDriver:WinNT/Winring0.G"
As there is no newer version of Open Hardware Monitor and it hasn't been updated since 2020, are there other decent or better options for showing running system stats? Specifically I like that OHM shows my motherboard and CPU versions as well as temps and fan speeds.
EDIT: Seeing the same warning for LibreHardwareMonitor v0.9.4.
Also on the behavior tab there is a note "The sandbox Zenbox flags this file as: MALWARE TROJAN EVADER".
https://www.virustotal.com/gui/file/5e238c36ae5f8a8ab9aa5e6fa3c568967d61953393384c7c8fd6370f8bc86b85/detection
Joe Sandbox Analysis:
Verdict: MAL
Score: 68/100
HTML Report: https://www.joesandbox.com/analysis/1413118/0/html
JaffaCakes118:
Threat Score: 6/10
Family: N/A
File Report: https://tria.ge/230906-1wnb5scc32
Tags: #bootkit, #persistence
So this am start up win 11 antivirus says my open hardware monitor is a trojan....Bit defender has not called it so I am a little confused if it is or if had it and bitdefender didn't call it? anyone else think that open hardware went bad?
The usual MS Windows Defender nonsense. It is NOT a trojan, it's a vulnerability (WingRing0 which is installed and used by FanControl, it is needed for apps like FanControl/SignalRGB to work).
It is considered a 'security' risk, but it's not a risk to the average PC user/gamer/etc. Only those downloading pirate software, going on 'dodgy' websites, things like that are actually at risk. Even then, whatever virus they downloaded would have to get past their anti-virus software to be able to take advantage of the vulnerability. The vulnerability has ALWAYS been part of Fan Control, it's not just been added to FanControl or any other software that Windows has flagged, Windows Defender has just had an update that makes it flag the vulnerability.
I've been a PC tech for over 30 years (including employment for 17 years by two of the biggest investment banks in the world), I knew about the vulnerability before installing FanControl.
It didn't concern me then, it doesn't concern me now. If you're not a shady person that does shady things, you'll be just fine. I just Whitelisted it, no more pop-ups.
I tracked my issue to Intel NUC Software Studio as the culprit that installed OpenHardwareMonitorLib.sys that then triggered the Trojan:Win32/Vigorf.A alert in Defender. Add that to the list of software that uses Open Hardware Monitor.