HWINFO32/64 Kernel Driver - Just appears

NewKidOnForum

New Member
Hi there,

Today one of mi servers reboot with no apparent reason, when I saw the windows logs I just find this event after the reboot:

"a service was installed in the system.
Service Name :HWiNFO32/64 Kernel Driver
Service Fiel N_ame: C:\Temp\HWiNFO64A.SYS
Service Type: kernel mode driver
service Start Type: demand start
Service account:

event ID 7045

I don't remenber to download this utility.

There is no unninstall on the control panel, nor a visible service on the Services admin tool.

I this a malware pretending to be a hwinfo utility?

My server have Kaspersky with the database updated. This server is on the intranet.

Windows 2008 r2 server, running and Oracle database.

I appreciate any advice on this issue.

Regards,
 

Attachments

  • even id after reboot.png
    even id after reboot.png
    73.6 KB · Views: 7
No, that's not Malware. Some other applications (including Kaspersky) can be making use of the HWiNFO engine, so that's the reason why it's present on your system.
 
Martin said:
No, that's not Malware. Some other applications (including Kaspersky) can be making use of the HWiNFO engine, so that's the reason why it's present on your system.

Thanks for your response Martin.

I'm looking forward for a malware removal , just in case, and a permanent monitoring for the next days since Oracle is for mission critical app.

Also I'm  trying HWInfo, it looks more friendly than WMI commands.

Regards,
 
Back
Top