Win64/CPUZ.A detected by ESET

[Phyneas 0]

Hi,

This morning I got a pop-up from ESET (see attached pictured) telling me that a potentially unsafe application had been found, called cpuz139_x64.sys. I assumed that it was from CPU-Z, which I formerly used, so I uninstalled CPU-Z but the problem was still there. I had ESET clean the file and restart, and the file was successfully deleted before the restart, but after the restart it had been re-created. I then tried restarting in Safe Mode and manually deleting the file and was able to do so, but on restarting to Normal Mode it had been recreated, so I went back into Safe Mode and deleted it again, then restarted to Safe Mode and it had not been recreated, then when I restarted to Normal Mode after that, it had been re-created. My question therefore is:

1) Is this a false-positive?

2) If it isn't a false positive, how do I trace it back to whatever is recreating it each time and solve the problem?

 

Thanks.

[Marcos 5,074]

The detection is correct, the driver can be exploited. If you want to exclude it from detection, you can unfold Advanced options, check the appropriate box there and click "Ignore".

[itman 1,659]

I will also add it appears the CosairLink4 software via an installed service is recreating CPU-Z driver at boot time. Therefore, the only way to permanently eliminate the Eset alerting would be to uninstall the  CosairLink4 software.

Edited December 13, 2019 by itman