Phyneas 0 Posted December 11, 2019 Share Posted December 11, 2019 Hi, This morning I got a pop-up from ESET (see attached pictured) telling me that a potentially unsafe application had been found, called cpuz139_x64.sys. I assumed that it was from CPU-Z, which I formerly used, so I uninstalled CPU-Z but the problem was still there. I had ESET clean the file and restart, and the file was successfully deleted before the restart, but after the restart it had been re-created. I then tried restarting in Safe Mode and manually deleting the file and was able to do so, but on restarting to Normal Mode it had been recreated, so I went back into Safe Mode and deleted it again, then restarted to Safe Mode and it had not been recreated, then when I restarted to Normal Mode after that, it had been re-created. My question therefore is: 1) Is this a false-positive? 2) If it isn't a false positive, how do I trace it back to whatever is recreating it each time and solve the problem? Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,915 Posted December 13, 2019 Administrators Share Posted December 13, 2019 The detection is correct, the driver can be exploited. If you want to exclude it from detection, you can unfold Advanced options, check the appropriate box there and click "Ignore". Link to comment Share on other sites More sharing options...
itman 1,628 Posted December 13, 2019 Share Posted December 13, 2019 (edited) I will also add it appears the CosairLink4 software via an installed service is recreating CPU-Z driver at boot time. Therefore, the only way to permanently eliminate the Eset alerting would be to uninstall the CosairLink4 software. Edited December 13, 2019 by itman Link to comment Share on other sites More sharing options...
Recommended Posts