Taskbar Crashes - Quarantine and Deletion for Vulnerable Drivers

Avast Free Antivirus / Premium Security
1

I have recently updated Avast and get the following popup every time I restart. (See Attached)
If I understand correctly, Avast blocks the driver and doesn’t delete it or stop it from starting up. Then since the driver is stored in the System32 folder the PC is slowed down to block it every time even after the original application that used it is removed. Which may result in many processes crashing at startup. It makes no sense for Avast to slow down your PC to the point of crashing it every time you start it without giving the option to remove it or quarantine it. Since for the people who want to allow it there is an option, then there should also be an option for the people who want to remove it.

(Update) I have since removed the driver in question. However, in the aftermath, there was still a 1-minute delay when loading the taskbar. After a bit of troubleshooting, I have found that after the incident when the Web Account Manager Microsoft Service is enabled, the taskbar takes about one more minute to load. Unfortunately disabling the service is by no means a workaround as you are forced to a local account, some restrictions, and even night light mode and other processes will be slowed down and start quite a bit later.

2

This issue is very complex, anyone who can help and support you, get in touch with them, and I think you will have better results for this problem.

3

Best suggestion is to upload your detected system file to VirusTotal.com https://www.virustotal.com

Reply by placing the url scan results in your next reply.

Possible detection of miner software?: https://www.malwaretips.com/blogs/remove-winring0x64-sys/

A scan at VirusTotal will clarify.

Malwarebytes: https://www.malwarebytes.com/cybersecurity/computer/what-are-computer-drivers
https://forums.malwarebytes.com/topic/298671-exploit-detections-of-vulnerable-drivers/

and https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html

The last article discusses how device drivers can be changed to maliciously control a system at the kernel level.

Makes sense that this WinRing0x64.sys driver could interfere with normal Windows operation and removing it might have damaged your system even more.

Await your reply.

See an earlier thread posted here in this forum starting on February 9, 2023: https://forum.avast.com/index.php?topic=322571.0