Re: Re:Intel needs to fix performancedriverextension.inf, which causes WINRING0.G trojan detection

AlHill · ‎08-08-2025

Intel's performancedriverextension.inf is consistantly seen as a trojan virus winring0.g.

If you remove performancedriverextension.inf, windows update conveniently installs it again as "intel corporation - extension 1.0.0.38".

The only way to stop this is to hide 1.0.0.38 with wuShowHide after you remove driver and reboot. If you run Windows Update after you remove performancedriverextension.inf but before you hide it, it will return and Windows Defender will flag it as a trojan, and will keep flagging it.

No amount of quarantines and reboots will stop this until you remove and hide the driver.

This is likely detected by other antimalware tools as well.

I am just reporting this. The only action is for Intel to fix it.

Doc (not an Intel employee or contractor)
[AI is the same as snake-oil]

RandyT_Intel · ‎08-10-2025

Hi @AlHill,

Acknowledged. I’ll check this concern internally and coordinate with the development team. While I don’t have a specific ETA for feedback at the moment, please rest assured that your insights and recommendations are valued and will be shared accordingly. Thank you for your patience and understanding.

Regards,

Randy T.

Intel Customer Support Technician

Treiberprofi · ‎03-19-2026

Es hilft nichts das zur Kenntnis zu nehmen, es ist auch beim Neuesten Treiber das Gleiche: Installation, schwerwiedgendes Virus (Trojaner oder Indianer oder wasa weiß icdh ) Problem und der wird vom Defender gelöscht und gleich wird vom Updater gemeldet : Neuer Grafik-Treiber und das ganze Spiel geht von vorne los, 24 Stunden am Tag usf.

Support gibts keinen bei Intel, schon viele Male gemeldet. Da kommen dann Antworten mit denen der Nutzer nichts anfangen kann. Und die gar nicht helfen! ....zig Nutzer haben das Problem immer wieder, es ist Intel auch bekannt. Aber um die Kunden zu ärgern wird da nichts unternommen. Entweder es ist gewollt oder man ist bei Intel wirklich so blöd! Dies beiden Möglichkeiten gibt es nur.

Fakt ist, dass von solchen Idioten bei mir nichts mehr ins Haus kommt und jeder wird vor Intel von mir gewarnt, wegen der Kundenfreundlichkeit, -es ist echt zum kotzen und man braucht eine Menge Zeit um den Blödsinn jedesmal wieder zum Stillstand zu bringen.

Den Updatedienst habe ich deaktiviert, nun ist Ruhe. Diese scheiß neuen Treiber verändern auch nichts merkbar am System!

Es hat nichts mit Digitalisierung zu tun, das ist Kindergarten in höchster Vollendung!

Falls jemand auf die Idee kommt ich hab noch nichts versucht: Den Updater hab ich zig mal neu installiert, den Treiber direkt geladen von der Intel Update-Seite es ist immer das Gleiche.

Allen Viel Spass die diesen Murksd laufend angedreht bekommen und sich ärgern müssen. Danke Intel! Schlaft weiter!

Mir ist mal der Kragen geplatzt!

RandyT_Intel · ‎08-12-2025

Hi @AlHill,

To help me look into this further, could you please provide the following:

What is the make and model of your system?
When did the issue first start?

The file performancedriverextension.inf is usually found in Intel NUC systems, so confirming your setup will help us investigate properly.

Looking forward to your response!

Regards,

Randy T.

Intel Customer Support Technician

AlHill · ‎08-12-2025

Randy, none of that matters. Whether or not it is a NUC is not the issue. The issue is that it is an Intel provided driver that has a known issue. I get the feeling you simply want to dismiss this as "we do not support the NUC anymore".

To investigate, just install that driver on any machine that has Windows Defender.

Doc (not an Intel employee or contractor)
[AI is the same as snake-oil]

RandyT_Intel · ‎08-13-2025

Hi @AlHill,

I will conduct a more in-depth analysis of this concern. I’ll provide an update once further information and findings become available.

Regards,

Randy T.

Intel Customer Support Technician

Treiberprofi · ‎03-19-2026

Analysierst du noch? Oder bist du eingeschlafen? Das Problem besteht immer noch! Ich glaube eher du bist ein Spinner und willst dich nur hervortun, passiert ist ja noch nichts außer immerzu diese Märchen. Das ist dir seit min einem halben Jahr bekannt und immer noch wird dieser Mist angeboten und dem User untergejubelt.

Nicht jammern, wäre alles so wie es sein soll, gäbe es die vielen User nicht, die hier ihre Meinung los geworden sind, die intel aber einen Scheiß interessieren!

Bernard_A · ‎08-14-2025

I also fighting for this like cancer. Two weeks ago only infected with 4 unit then become 12 in just few days the now i got 22 of them. Mixed with NUC gen 10 to gen 13.

https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5

RandyT_Intel · ‎08-18-2025

Hi @AlHill,

I want to inform you of a recent change in Microsoft Defender's behavior, which began around March 2025. Microsoft Defender has started flagging the WinRing0 driver as a potential security threat. This driver is commonly used by fan control and system monitoring applications, including NUC Software Studio.

As a result, this detection has caused disruptions in functionality across many applications.

As you may know, NUC Software Studio is now End of Security Support. This means it is provided "as-is," and no further updates or patches are expected. Given this situation, I recommend the following actions:

I encourage you to reach out to Microsoft to request a review or update to their Defender detection logic. This may help in resolving the issue without needing to uninstall the software.
If the detection is causing significant operational issues, you may consider uninstalling NUC Software Studio to prevent further disruptions.

I understand the inconvenience this may cause and appreciate your understanding given the current situation, I recommend to reach out directly to Microsoft Support for further assistance.

Regards,

Randy T.

Intel Customer Support Technician

Josephdk · ‎08-25-2025

None of our workstations have this software installed, and we are seeing this same Windows Defender notification across all 132 Intel NUC workstations we have in service. I have no idea why you'd expect your customers to reach out to Microsoft to resolve a purported false-positive inherent to your own product. If someone at Intel could address what process is actually using OpenHardewareMonitorLib.sys it would be easier for us as administrators to block that process from recreating the file repeatedly.

sfs1 · ‎09-20-2025

There's no need to reach out to Microsoft as they have already clarified:

"This detection is valid. The WinRing0 driver has been classified as a known vulnerability as documented in CVE-2020-14979."

It's not a false positive. It's malware.

Treiberprofi · ‎03-19-2026

Das wissen alle außer Intel! DEie wollen es nicht wissen, die verärgern lieber ihre Kunden.

Eine Kontaktaufnahme mit Microsoft ist nicht nötig, da diese bereits klargestellt haben:

„Diese Erkennung ist gültig. Der WinRing0- Treiber wurde als bekannte Sicherheitslücke eingestuft, wie in CVE-2020-14979 dokumentiert .“

Es handelt sich nicht um einen Fehlalarm. Es ist Schadsoftware.

Genau die selbe Aussage steht überall im Internet! Und der Kollege muss sich erst erkundigen!? Nein! Er muss endlich mal was tun!

Augen auf und nicht pennen! Das Problem gibt es nicht bei einem User und nicht erst seit gestern! Und der Mist wird immerzu weiter entwickelt! Wie blöd muss man sein sich so zu verhalten!

DefenseWick47 · ‎08-25-2025

I will add to this, I am also getting alerts via Defender for the same exact thing in the other persons screenshot above of the defender alert details pane, in the exact file path.

Per the latest response I will mention that the machine this alert is being generated from does NOT have whatever NUC software you made note of installed. The original poster is correct as I have also tried to manually delete it, it just comes right back and there is (from what I can tell) no direct correlation to any specific software on the machine.

The machine I have these alerts on is Model NUC11PAHi5.

We apply updates via our RMM tool or the Intel Support Assistant to which this issue has not been resolved.

microspock · ‎08-29-2025

Same here since 3 days with my NUC 11 Enthusiast (NUC11PHKi7CA), i manage to remove the "sys" file with wise delete (unlock and delete) but NUC Software studio ask to install NSS driver to run but no more defender alert. If i resinstall NSS drivers (found NSSServiceInstaller_v1.17.38.0 on ASUS site) defender became crazy again with alert asking to reboot again and again after each reboot.

sprocketoctopus · ‎09-18-2025

I am getting this too - right after some updates. NUC11PAHi5.

I think Intel should do more here to resolve this issue. This is not some old pre 7th gen machine, it's quite new!

Cheers

S.O

n_scott_pearson · ‎09-20-2025

It's not correct to call it 'malware'. In and of itself, it is a legitimate driver that has been used by many sensor monitoring, etc. applications for almost 15 years. Unfortunately, it also has a *huge* vulnerability - one so *huge* that Microsoft decided to block further usage.

This is simply a case of an entity not keeping up with the times. As malware has become smarter and smarter, the interface to this driver - and the guardrails that it implements to avoid abuse - needed to also evolve (but didn't).

Just sayin',

...S

Enthusiast · ‎09-22-2025

The NUC 12 Software Studio Service must be set to disabled in Computermanagement.

gabriel_fz · ‎09-23-2025

It seems like I was able to remove the vulnerable driver.

Here's some notes on what I've done:

1. Delete Intel NUC studio bloatware

2. In Computer Management, Disable `Intel(R) NUC Software Studio Service` and make sure it does not auto-start

3. Let Microsoft defender remove the `OpenHardwareMonitorLib.sys`

Thanks to @Enthusiast to suggesting removing the service.

Enthusiast · ‎09-26-2025

Please, problem is the not correctly working uninstallation of the NUC Software Studio, leaving the security hole active by the not disappearing service. If multi-billion-companies like Intel or ASUS stop to develop - while the machines are still sold - they should at least publish the source code, to give the community a chance to fix this pathetic error of their hobby programmers.

1ambo · ‎09-26-2025

Can confirm the three steps outlined by gabriel_fz also worked for me on an Intel NUC 13 Extreme.

Thank you so much Enthusiast and gabriel_fz!

Struggled troubleshooting this for a couple of days with this until I found this post. Was nearly at the point where I was ready to give up, buy a new SSD and reinstall. Thank you again.