A
A2h ago

WirRing0x64.sys should i be worried?

Ok so I'll explain and you tell me if i should be concerned Today i used my pc as usual (just played roblox and watched youtube because i was with a friend) then turned it off and used it again after a few more hours Windows defender said hey this file WirRing0x64.sys it's a trojan I tried to delete it but a program was using it, i deleted OpenRGB and Fancontrol which i thought was using it, but i couldn't delete it Windows defender told me hey this file is in system32\drivers but also in the OpenRGB folder in downloads (which i just deleted) and in localhost\C$\Windows\system32\drivers Just like the other route but it was in the network section of the windows explorer, where i saw another pc with another id, but it's content was (I believe) the same as mine (the public folders and such) Used safe mode, the file wasn't there anymore, turned the pc on again, and yeah it wasn't there anymore, even the "second" pc
No description
No description
No description
Solution:
ok so basically you can keep it on your system, the file itself isn't malicious
Jump to solution
13 Replies
guninvalid over coax alliance
do you have any idea where you would've downloaded this from? ok let me keep this simple, run a full windows defender scan
SkyTrashPanda
SkyTrashPanda2h ago
That's a known vulnerable driver, associated with OpenRGB, EVGA, and a few others if I'm remembering correctly. It's not malicious (that I can recall) itself, but it could be used for malicious purposes. I'll find a source real quick.
guninvalid over coax alliance
it looks like WinRing0x64.sys according to reddit is a known attackpoint but it's not bad itself via https://www.reddit.com/r/computerviruses/comments/1imce43/is_this_winring0x64sys_a_virus/ so if you're worried run a full windows defender scan, then you should be fine
A
AOP2h ago
Yes, and i did have both openrgb and fancontrol Did it dissapear because i told windows defender to delete it a bunch of times? Probably ig
guninvalid over coax alliance
probably yea
Solution
guninvalid over coax alliance
ok so basically you can keep it on your system, the file itself isn't malicious
SkyTrashPanda
SkyTrashPanda2h ago
That's probably the source then, and yes, WD would have tossed it and upon a restart it wouldn't show up.
guninvalid over coax alliance
so if you still want to use openrgb or fancontrol you probably will get it back and that'll be the end of it but obviously be careful of what you have installed on your system. giving a random program admin could mean they're trying to hijack your system using this file
SkyTrashPanda
SkyTrashPanda2h ago
You'd have to remove the block and explicitly allow the driver within WD/Security settings
A
AOP2h ago
It's it normal for it to say it's from another computer and having that many permissions? Also what's up with the second pc i saw if you could guess
SkyTrashPanda
SkyTrashPanda2h ago
The 13 users one? Couldn't tell you, but that's something I'd 100% look into if you are the only person with access to that PC.
A
AOP2h ago
Ah no that's the translator messing up It's just users Well I'll do as you guys say, thanks!
SkyTrashPanda
SkyTrashPanda2h ago
No problem!

Did you find this page helpful?