Ionut Jar

This is the report from Microsoft defender:  An active 'Vigorf' malware was blocked New Detected Low 10/27/2025 3:33:33 PM  [17044] PCMonitorSrv.exe created file PCMonitorSrv.sys Malware 3:33:33 PM  [4] ntoskrnl.exe loaded image PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Last modified time Oct 27, 2025 3:33:33 PM Initiating process  [4] ntoskrnl.exe Process id 4 Execution details Token elevation: Default, Integrity level: System Image file path C:\Windows\System32\ntoskrnl.exe Image file SHA1 d50cebb81fe449e0d62a4ae92b185b917e898eef Image file creation time May 12, 2025 7:48:05 AM Image file last modification time May 12, 2025 7:48:06 AM PE metadata  ntoskrnl.exe User  NT AUTHORITY\SYSTEM PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware Is runtime packed False Threat name Trojan:Win32/Vigorf.A Remediation action quarantine Remediation action result Fail Detection time Oct 27, 2025 3:34:05 PM 3:34:05 PM  ntoskrnl.exe interacted with file PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Creation time Oct 27, 2025 3:33:33 PM Last modified time Oct 27, 2025 3:33:33 PM Initiating process  [4] ntoskrnl.exe Process id 4 Execution details Token elevation: Default, Integrity level: System Image file path C:\Windows\System32\ntoskrnl.exe Image file SHA1 d50cebb81fe449e0d62a4ae92b185b917e898eef Image file creation time May 12, 2025 7:48:05 AM Image file last modification time May 12, 2025 7:48:06 AM PE metadata  ntoskrnl.exe User  NT AUTHORITY\SYSTEM PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware 3:34:05 PM  PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Creation time Oct 27, 2025 3:33:33 PM Last modified time Oct 27, 2025 3:33:33 PM Signer Noriyuki MIYAZAKI Issuer GlobalSign ObjectSign CA VirusTotal detection ratio 4/72 Initiating process  Additional related files PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware Is runtime packed False Threat name Trojan:Win32/Vigorf.A Remediation action quarantine Remediation action result Fail Detection time Oct 27, 2025 3:34:05 PM We are having this issue on multiple workstations where the deployment was done.