I'm out of office until Aug-24. Will respond to all requests upon my return. Thanks, Martin

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
HWINFO32/64 Kernel Driver - Just appears
#1
Question 
Hi there,

Today one of mi servers reboot with no apparent reason, when I saw the windows logs I just find this event after the reboot:

"a service was installed in the system.
Service Name :HWiNFO32/64 Kernel Driver
Service Fiel N_ame: C:\Temp\HWiNFO64A.SYS
Service Type: kernel mode driver
service Start Type: demand start
Service account:

event ID 7045

I don't remenber to download this utility.

There is no unninstall on the control panel, nor a visible service on the Services admin tool.

I this a malware pretending to be a hwinfo utility?

My server have Kaspersky with the database updated. This server is on the intranet.

Windows 2008 r2 server, running and Oracle database.

I appreciate any advice on this issue.

Regards,


Attached Files Thumbnail(s)
   
Reply
#2
No, that's not Malware. Some other applications (including Kaspersky) can be making use of the HWiNFO engine, so that's the reason why it's present on your system.
Reply
#3
(03-07-2017, 08:19 AM)Martin Wrote: No, that's not Malware. Some other applications (including Kaspersky) can be making use of the HWiNFO engine, so that's the reason why it's present on your system.

Thanks for your response Martin.

I'm looking forward for a malware removal , just in case, and a permanent monitoring for the next days since Oracle is for mission critical app.

Also I'm  trying HWInfo, it looks more friendly than WMI commands.

Regards,
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)