English German
FAQ
QUESTION

Trojan?

posted by
Theguyfromthewest
in MoBro Desktop App .
5 people are following

Hey all anyone get this?

Location: AppData\Roaming\mobro-data\service\MoBro.Plugin.MoBroHardwareMonitor.sys

ddf44fc1-56fc-4616-a2fb-27820555735c.e6c15a62.png
Replies 1 - 6 (6)

Noticed the same thing today. Came here looking for an answer

Found the same on my side. Also something like this:

VulnurableDriver:WinNT/Winring0.G

Hmmm?

Microsoft has recently classified the WinRing0 driver as a vulnerability. 
This driver is still used by a lot of hardware monitoring applications including Libre Hardware Monitor. 
As a result of this change, these applications will now be blocked by Windows Defender and reported as possible Trojan/Virus. More info here: https://support.microsoft.com/en-us/windows/microsoft-defender-antivirus-alert-vulnerabledriver-winnt-winring0-eb057830-d77b-41a2-9a34-015a5d203c42 

MoBro is affected from this as both the LibreHardwareMonitor plugin as well as the MoBroHardwareMonitor plugin make use of LibreHardwareMonitorLib to fetch metrics and that library currently accesses the now flagged WinRing0 driver. 
As soon as there is an official new version of the LibreHardwareMonitorLib available we will update both plugins which should resolve the situation. 

The clarify: 
There is no immediate danger and our plugins are still safe to use and not actually a Virus
LibreHardwareMonitor (like many other monitoring tools) just still use this old, no longer maintained driver that could also be exploited by a malicious program. Microsoft decided to now flag the usage of this driver. 

Until this is resolved you currently have the following options:

  • Stop using the affected plugins for now: LibreHardwareMonitor, MoBroHardwareMonitor,
  • Manually add an exception for Windows defender like described in the linked post 
    (Path to the plugins: C:\Users\[YOUR_USER]\AppData\Roaming\mobro-data\service\plugins\[PLUGIN])
  • Manually replace the LibreHardwareMonitorLib.dll in the plugin directory with the most recent nightly build

@Seraksab Thank you for your in‑depth answer; it makes a lot of sense. I’ve never doubted ModBros’ integrity, but I wondered whether the recent wave of GitHub attacks tied to compromised NPM packages could affect them therefore I was a bit more alerted than usual.

Quite interesting and thank you. I do see it happening everyday. So where can we find this LibreHardwareMonitorLib.dll?

e247aebd-ef4c-4a46-a8c5-a56b69f576d3.e182e891.png

Login to comment

Login
Like most websites, we also use cookies. But don't worry, we only use them for your login and statistics.