WinRing0

[TheGr8McCranni]

I was clearing out some files on my hard drive the other day, and came across a file labeled WinRing0. I don't remember anything relating to it, and I can't find anything about it online. Anyone know what it is? And if it's malicious, how to remove it?

 

[airdeano]

welcoem to the Linus Tech Tips forums!

 

it is a support folder for razor products.

some malware camouflages itself as winring0.sys. you should check the winring0.sys process on your PC to see if it is a threat.

[TheGr8McCranni]

I'm currently running a malwarebytes rootkit/system scan, and so far nothing has come up. Any way to safely delete it?

 

 

Update: I'm looking at the dates that it was downloaded, and it seems to match up with my EVGA PrecisionXOC download. Do you think it would have come with the EVGA software?

 

 

[homeap5]

You can check this by yourself - right mouse button, locate file and maybe you'll find your answer. Also - use Autoruns.

[TheGr8McCranni]

5 hours ago, homeap5 said:

You can check this by yourself - right mouse button, locate file and maybe you'll find your answer. Also - use Autoruns.

I ended up deleting the file and everything relating to it, running Malwarebytes to make sure it was all clear just Incase, and everything that I assumed could be in trouble ended up working just fine. So either way, if it was malicious, I’m a little safer, and if not, it didn’t really affect anything.