WirRing0x64.sys should i be worried?
Ok so I'll explain and you tell me if i should be concerned
Today i used my pc as usual (just played roblox and watched youtube because i was with a friend) then turned it off and used it again after a few more hours
Windows defender said hey this file WirRing0x64.sys it's a trojan
I tried to delete it but a program was using it, i deleted OpenRGB and Fancontrol which i thought was using it, but i couldn't delete it
Windows defender told me hey this file is in system32\drivers but also in the OpenRGB folder in downloads (which i just deleted) and in
localhost\C$\Windows\system32\drivers
Just like the other route but it was in the network section of the windows explorer, where i saw another pc with another id, but it's content was (I believe) the same as mine (the public folders and such)
Used safe mode, the file wasn't there anymore, turned the pc on again, and yeah it wasn't there anymore, even the "second" pc



Solution:Jump to solution
ok so basically you can keep it on your system, the file itself isn't malicious
13 Replies
do you have any idea where you would've downloaded this from?
ok let me keep this simple, run a full windows defender scan
That's a known vulnerable driver, associated with OpenRGB, EVGA, and a few others if I'm remembering correctly. It's not malicious (that I can recall) itself, but it could be used for malicious purposes. I'll find a source real quick.
it looks like WinRing0x64.sys according to reddit is a known attackpoint but it's not bad itself
via https://www.reddit.com/r/computerviruses/comments/1imce43/is_this_winring0x64sys_a_virus/
so if you're worried run a full windows defender scan, then you should be fine
Yes, and i did have both openrgb and fancontrol
Did it dissapear because i told windows defender to delete it a bunch of times? Probably ig
probably yea
Solution
ok so basically you can keep it on your system, the file itself isn't malicious
That's probably the source then, and yes, WD would have tossed it and upon a restart it wouldn't show up.
so if you still want to use openrgb or fancontrol you probably will get it back and that'll be the end of it
but obviously be careful of what you have installed on your system. giving a random program admin could mean they're trying to hijack your system using this file
You'd have to remove the block and explicitly allow the driver within WD/Security settings
It's it normal for it to say it's from another computer and having that many permissions?
Also what's up with the second pc i saw if you could guess
The 13 users one? Couldn't tell you, but that's something I'd 100% look into if you are the only person with access to that PC.
Ah no that's the translator messing up
It's just users
Well I'll do as you guys say, thanks!
No problem!