What is HwInfoD.vxd ?

[Guest Warren]

One of my spyware scanners keeps identifying this file in Windows\System as

a worm. I quaranteen the file but it keeps coming back.

 

Is this a false positive or have I got a serious problem ? If a serious

problem where is it coming from ?

[Guest Malke]

Warren wrote:

<span style="color:blue">

> One of my spyware scanners keeps identifying this file in WindowsSystem

> as

> a worm. I quaranteen the file but it keeps coming back.

>

> Is this a false positive or have I got a serious problem ? If a serious

> problem where is it coming from ?</span>

 

A quick Google tells me that hwinfod.vxd is one of the driver files created

by Microsoft System Information Tools.

 

http://support.microsoft.com/kb/188133

 

However, since you didn't tell us what spyware scanner identifies the file

as a worm and because malware can call itself anything, you may want to

upload the file to Virus Total for identification. Virus Total will submit

the file to numerous antivirus companies and send you a report.

 

http://www.virustotal.com/

 

Additionally, you may wish to perform more thorough scans for viruses and

malware with other tools:

 

http://www.elephantboycomputers.com/page2....emoving_Malware

 

Malke

--

MS-MVP

Elephant Boy Computers

www.elephantboycomputers.com

Don't Panic!

[Guest Warren]

Thanks Malke, I've give thaat site a try. The tool that I'm using was

XoftSpySE, which seems to tend to give false positives. I have to be very

careful with it. The fact that it keeps coming back has me a little

suspicious that it is a system file & not a worm.

 

 

"Malke" <malke@invalid.invalid> wrote in message

news:OD$ggsUgIHA.3352@TK2MSFTNGP04.phx.gbl...<span style="color:blue">

> Warren wrote:

><span style="color:green">

> > One of my spyware scanners keeps identifying this file in WindowsSystem

> > as

> > a worm. I quaranteen the file but it keeps coming back.

> >

> > Is this a false positive or have I got a serious problem ? If a serious

> > problem where is it coming from ?</span>

>

> A quick Google tells me that hwinfod.vxd is one of the driver files</span>

created<span style="color:blue">

> by Microsoft System Information Tools.

>

> http://support.microsoft.com/kb/188133

>

> However, since you didn't tell us what spyware scanner identifies the file

> as a worm and because malware can call itself anything, you may want to

> upload the file to Virus Total for identification. Virus Total will submit

> the file to numerous antivirus companies and send you a report.

>

> http://www.virustotal.com/

>

> Additionally, you may wish to perform more thorough scans for viruses and

> malware with other tools:

>

> http://www.elephantboycomputers.com/page2....emoving_Malware

>

> Malke

> --

> MS-MVP

> Elephant Boy Computers

> www.elephantboycomputers.com

> Don't Panic!</span>

[Guest David H. Lipman]

From: "Warren" <nospam@nospam.com>

 

| Thanks Malke, I've give thaat site a try. The tool that I'm using was

| XoftSpySE, which seems to tend to give false positives. I have to be very

| careful with it. The fact that it keeps coming back has me a little

| suspicious that it is a system file & not a worm.

|

 

It is JUNK. It had been listed as a Rogue on SpyWare warrior but was de-listed.

However based upon new information, it should be re-listed. Unfortunately Spyware Warrior's

Rogue list is out-of-date.

 

Remove XoftSpy!

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Warren]

Well Virus Total came out negative so I think it's safe to say it's okay.

 

"Warren" <nospam@nospam.com> wrote in message

news:ugOTRKYgIHA.2004@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> Thanks Malke, I've give thaat site a try. The tool that I'm using was

> XoftSpySE, which seems to tend to give false positives. I have to be very

> careful with it. The fact that it keeps coming back has me a little

> suspicious that it is a system file & not a worm.

>

>

> "Malke" <malke@invalid.invalid> wrote in message

> news:OD$ggsUgIHA.3352@TK2MSFTNGP04.phx.gbl...<span style="color:green">

> > Warren wrote:

> ><span style="color:darkred">

> > > One of my spyware scanners keeps identifying this file in</span></span></span>

Windows\System<span style="color:blue"><span style="color:green"><span style="color:darkred">

> > > as

> > > a worm. I quaranteen the file but it keeps coming back.

> > >

> > > Is this a false positive or have I got a serious problem ? If a</span></span></span>

serious<span style="color:blue"><span style="color:green"><span style="color:darkred">

> > > problem where is it coming from ?</span>

> >

> > A quick Google tells me that hwinfod.vxd is one of the driver files</span>

> created<span style="color:green">

> > by Microsoft System Information Tools.

> >

> > http://support.microsoft.com/kb/188133

> >

> > However, since you didn't tell us what spyware scanner identifies the</span></span>

file<span style="color:blue"><span style="color:green">

> > as a worm and because malware can call itself anything, you may want to

> > upload the file to Virus Total for identification. Virus Total will</span></span>

submit<span style="color:blue"><span style="color:green">

> > the file to numerous antivirus companies and send you a report.

> >

> > http://www.virustotal.com/

> >

> > Additionally, you may wish to perform more thorough scans for viruses</span></span>

and<span style="color:blue"><span style="color:green">

> > malware with other tools:

> >

> > http://www.elephantboycomputers.com/page2....emoving_Malware

> >

> > Malke

> > --

> > MS-MVP

> > Elephant Boy Computers

> > www.elephantboycomputers.com

> > Don't Panic!</span>

>

></span>

[Guest Warren]

Yes I've heard some very negative comments, like yours. Do you know of any

specific reference material I can read ? Other antispyware engines don't

flag it as a potential problem.

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:eZ2SXNYgIHA.3940@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> From: "Warren" <nospam@nospam.com>

>

> | Thanks Malke, I've give thaat site a try. The tool that I'm using was

> | XoftSpySE, which seems to tend to give false positives. I have to be</span>

very<span style="color:blue">

> | careful with it. The fact that it keeps coming back has me a little

> | suspicious that it is a system file & not a worm.

> |

>

> It is JUNK. It had been listed as a Rogue on SpyWare warrior but was</span>

de-listed.<span style="color:blue">

> However based upon new information, it should be re-listed. Unfortunately</span>

Spyware Warrior's<span style="color:blue">

> Rogue list is out-of-date.

>

> Remove XoftSpy!

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

></span>

[Guest David H. Lipman]

From: "Warren" <nospam@nospam.com>

 

| Yes I've heard some very negative comments, like yours. Do you know of any

| specific reference material I can read ? Other antispyware engines don't

| flag it as a potential problem.

|

 

The only public information is that on SpyWare Warrior.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

 

I don't have any other public data.

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest David H. Lipman]

From: "Warren" <nospam@nospam.com>

 

| Well Virus Total came out negative so I think it's safe to say it's okay.

|

 

Yes !

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest Warren]

Good read thanks David. And thank you for all the helpful information.

 

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:u2pnbyYgIHA.2540@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> From: "Warren" <nospam@nospam.com>

>

> | Yes I've heard some very negative comments, like yours. Do you know of</span>

any<span style="color:blue">

> | specific reference material I can read ? Other antispyware engines</span>

don't<span style="color:blue">

> | flag it as a potential problem.

> |

>

> The only public information is that on SpyWare Warrior.

> http://www.spywarewarrior.com/rogue_anti-spyware.htm

>

> I don't have any other public data.

>

> --

> Dave

> http://www.claymania.com/removal-trojan-adware.html

> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

>

></span>

[Guest David H. Lipman]

From: "Warren" <nospam@nospam.com>

 

| Good read thanks David. And thank you for all the helpful information.

|

 

YW

 

As I noted, SpyWare Warrior is unfortunately out-of-date.

There are many rogues not listed. :-(

 

 

--

Dave

http://www.claymania.com/removal-trojan-adware.html

Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Guest C.B.]

Warren,

 

I wouldn't even consider using XoftSpySE as it is provided by the same

company that provides RegCure. There's no way in hell I would ever use a

product from ParetoLogic. Actually, ParetoLogic has used the "delisting" of

its software as a rogue as an excuse that it is legitimate. I read and

responded to the thread from one of ParetoLogic's representatives but I

can't seem to remember which discussion group it was in and I can't seem to

locate it.

However, don't let me influence your purchasing decisions. My opinion

of ParetoLogic is mine alone.

 

C.B.

 

 

--

It is the responsibility and duty of everyone to help the underprivileged

and unfortunate among us.

 

"Warren" <nospam@nospam.com> wrote in message

news:ugOTRKYgIHA.2004@TK2MSFTNGP05.phx.gbl...<span style="color:blue">

> Thanks Malke, I've give thaat site a try. The tool that I'm using was

> XoftSpySE, which seems to tend to give false positives. I have to be very

> careful with it. The fact that it keeps coming back has me a little

> suspicious that it is a system file & not a worm.

>

>

> "Malke" <malke@invalid.invalid> wrote in message

> news:OD$ggsUgIHA.3352@TK2MSFTNGP04.phx.gbl...<span style="color:green">

>> Warren wrote:

>><span style="color:darkred">

>> > One of my spyware scanners keeps identifying this file in

>> > WindowsSystem

>> > as

>> > a worm. I quaranteen the file but it keeps coming back.

>> >

>> > Is this a false positive or have I got a serious problem ? If a

>> > serious

>> > problem where is it coming from ?</span>

>>

>> A quick Google tells me that hwinfod.vxd is one of the driver files</span>

> created<span style="color:green">

>> by Microsoft System Information Tools.

>>

>> http://support.microsoft.com/kb/188133

>>

>> However, since you didn't tell us what spyware scanner identifies the

>> file

>> as a worm and because malware can call itself anything, you may want to

>> upload the file to Virus Total for identification. Virus Total will

>> submit

>> the file to numerous antivirus companies and send you a report.

>>

>> http://www.virustotal.com/

>>

>> Additionally, you may wish to perform more thorough scans for viruses and

>> malware with other tools:

>>

>> http://www.elephantboycomputers.com/page2....emoving_Malware

>>

>> Malke

>> --

>> MS-MVP

>> Elephant Boy Computers

>> www.elephantboycomputers.com

>> Don't Panic!</span>

>

> </span>