Posted 5 hours ago5 hr This is the report from Microsoft defender:An active 'Vigorf' malware was blockedNewDetectedLow10/27/20253:33:33 PM[17044] PCMonitorSrv.exe created filePCMonitorSrv.sysMalware3:33:33 PM[4] ntoskrnl.exe loaded imagePCMonitorSrv.sysMalwareSHA1d25340ae8e92a6d29f599fef426a2bc1b5217299PathC:\Program Files\Pulseway\PCMonitorSrv.sysSize14 KBIs PETrueLast modified timeOct 27, 2025 3:33:33 PMInitiating process[4]ntoskrnl.exeProcess id4Execution detailsToken elevation: Default, Integrity level: SystemImage file pathC:\Windows\System32\ntoskrnl.exeImage file SHA1d50cebb81fe449e0d62a4ae92b185b917e898eefImage file creation timeMay 12, 2025 7:48:05 AMImage file last modification timeMay 12, 2025 7:48:06 AMPE metadatantoskrnl.exeUserNT AUTHORITY\SYSTEMPE metadataPCMonitorSrv.sysOriginal nameWinRing0.sysCompilation timestampJul 26, 2008 4:29:37 PMCompanyOpenLibSys.orgProductWinRing0Version1.2.0.5DescriptionWinRing0Remediation detailsDefender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'MalwareIs runtime packedFalseThreat nameTrojan:Win32/Vigorf.ARemediation actionquarantineRemediation action resultFailDetection timeOct 27, 2025 3:34:05 PM3:34:05 PMntoskrnl.exe interacted with filePCMonitorSrv.sysMalwareSHA1d25340ae8e92a6d29f599fef426a2bc1b5217299PathC:\Program Files\Pulseway\PCMonitorSrv.sysSize14 KBIs PETrueCreation timeOct 27, 2025 3:33:33 PMLast modified timeOct 27, 2025 3:33:33 PMInitiating process[4]ntoskrnl.exeProcess id4Execution detailsToken elevation: Default, Integrity level: SystemImage file pathC:\Windows\System32\ntoskrnl.exeImage file SHA1d50cebb81fe449e0d62a4ae92b185b917e898eefImage file creation timeMay 12, 2025 7:48:05 AMImage file last modification timeMay 12, 2025 7:48:06 AMPE metadatantoskrnl.exeUserNT AUTHORITY\SYSTEMPE metadataPCMonitorSrv.sysOriginal nameWinRing0.sysCompilation timestampJul 26, 2008 4:29:37 PMCompanyOpenLibSys.orgProductWinRing0Version1.2.0.5DescriptionWinRing0Remediation detailsDefender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'Malware3:34:05 PMPCMonitorSrv.sysMalwareSHA1d25340ae8e92a6d29f599fef426a2bc1b5217299PathC:\Program Files\Pulseway\PCMonitorSrv.sysSize14 KBIs PETrueCreation timeOct 27, 2025 3:33:33 PMLast modified timeOct 27, 2025 3:33:33 PMSignerNoriyuki MIYAZAKIIssuerGlobalSign ObjectSign CAVirusTotal detection ratio4/72Initiating processAdditional related filesPE metadataPCMonitorSrv.sysOriginal nameWinRing0.sysCompilation timestampJul 26, 2008 4:29:37 PMCompanyOpenLibSys.orgProductWinRing0Version1.2.0.5DescriptionWinRing0Remediation detailsDefender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'MalwareIs runtime packedFalseThreat nameTrojan:Win32/Vigorf.ARemediation actionquarantineRemediation action resultFailDetection timeOct 27, 2025 3:34:05 PMWe are having this issue on multiple workstations where the deployment was done.
3 hours ago3 hr Administrators Hello,This is happening due to a library we're using for hardware monitoring. We are in-progress of switching to a separate library in early 2026. The risk is related to a driver called WinRing0 which can be exploited to run arbitrary kernel-code. The driver on it's own will not cause a security problem.-Paul
_a9c1b4.png){kind=logo}
_49ee3f.png){kind=logo}
This is the report from Microsoft defender:
An active 'Vigorf' malware was blocked
New
Detected
Low
10/27/2025
3:33:33 PM
[17044] PCMonitorSrv.exe created file
PCMonitorSrv.sys
Malware
3:33:33 PM
[4] ntoskrnl.exe loaded image
PCMonitorSrv.sys
Malware
SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299
Path
C:\Program Files\Pulseway\PCMonitorSrv.sys
Size
14 KB
Is PE
True
Last modified time
Oct 27, 2025 3:33:33 PM
Initiating process
[4]
ntoskrnl.exe
Process id
4
Execution details
Token elevation: Default, Integrity level: System
Image file path
C:\Windows\System32\ntoskrnl.exe
Image file SHA1
d50cebb81fe449e0d62a4ae92b185b917e898eef
Image file creation time
May 12, 2025 7:48:05 AM
Image file last modification time
May 12, 2025 7:48:06 AM
PE metadata
ntoskrnl.exe
User
NT AUTHORITY\SYSTEM
PE metadata
PCMonitorSrv.sys
Original name
WinRing0.sys
Compilation timestamp
Jul 26, 2008 4:29:37 PM
Company
OpenLibSys.org
Product
WinRing0
Version
1.2.0.5
Description
WinRing0
Remediation details
Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'
Malware
Is runtime packed
False
Threat name
Trojan:Win32/Vigorf.A
Remediation action
quarantine
Remediation action result
Fail
Detection time
Oct 27, 2025 3:34:05 PM
3:34:05 PM
ntoskrnl.exe interacted with file
PCMonitorSrv.sys
Malware
SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299
Path
C:\Program Files\Pulseway\PCMonitorSrv.sys
Size
14 KB
Is PE
True
Creation time
Oct 27, 2025 3:33:33 PM
Last modified time
Oct 27, 2025 3:33:33 PM
Initiating process
[4]
ntoskrnl.exe
Process id
4
Execution details
Token elevation: Default, Integrity level: System
Image file path
C:\Windows\System32\ntoskrnl.exe
Image file SHA1
d50cebb81fe449e0d62a4ae92b185b917e898eef
Image file creation time
May 12, 2025 7:48:05 AM
Image file last modification time
May 12, 2025 7:48:06 AM
PE metadata
ntoskrnl.exe
User
NT AUTHORITY\SYSTEM
PE metadata
PCMonitorSrv.sys
Original name
WinRing0.sys
Compilation timestamp
Jul 26, 2008 4:29:37 PM
Company
OpenLibSys.org
Product
WinRing0
Version
1.2.0.5
Description
WinRing0
Remediation details
Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'
Malware
3:34:05 PM
PCMonitorSrv.sys
Malware
SHA1
d25340ae8e92a6d29f599fef426a2bc1b5217299
Path
C:\Program Files\Pulseway\PCMonitorSrv.sys
Size
14 KB
Is PE
True
Creation time
Oct 27, 2025 3:33:33 PM
Last modified time
Oct 27, 2025 3:33:33 PM
Signer
Noriyuki MIYAZAKI
Issuer
GlobalSign ObjectSign CA
VirusTotal detection ratio
4/72
Initiating process
Additional related files
PE metadata
PCMonitorSrv.sys
Original name
WinRing0.sys
Compilation timestamp
Jul 26, 2008 4:29:37 PM
Company
OpenLibSys.org
Product
WinRing0
Version
1.2.0.5
Description
WinRing0
Remediation details
Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe'
Malware
Is runtime packed
False
Threat name
Trojan:Win32/Vigorf.A
Remediation action
quarantine
Remediation action result
Fail
Detection time
Oct 27, 2025 3:34:05 PM
We are having this issue on multiple workstations where the deployment was done.