Threats detected: Trojan:Win32/Vigorf.A

I

I just got the same thing just now. I use fan control, which is not working now.

I have the same trojan.
trojan:Win32/Vigorf.A
Windows can't seem to remove it, but after 3 or 4 attempts, it does seem to quarantine it.

will keep trying to quarantine, and hope malwarebytes finally detects it to remove in safe mode or something

I got the same message just now but for a Libre Hardware Monitor file. It's been running on this computer for a year or more, downloaded the official version and haven't re-downloaded anything recently. After I let Microsoft do the the quarantine, I can still run Libre but my CPU temps and power draw readings no longer work. When I close and re-open Libre, the same security message pops up, and briefly flashes the same info but then it goes away and says "no threats". When I click "Protection History" it says "No recent actions" as if it didn't do anything. This seems like a Microsoft problem relating to marking all WinRing applications as unsafe, unless we ALL happened to get infected on the exact same day? Has the bot net been activated?

I'm getting the same, but for file: C:\Program Files\HASS.Agent Satellite Service\Service\HASS.Agent.Satellite.Service.sys

Which would appear to be the same common controls as those other detections.

I received the same. Same file path as the author: C:\WINDOWS\system32\Drivers\WinRing0x64.sys

Seems like Microsoft doesn't like us to see and control our CPU temps and RGB on our own pc. I also have SignalRGB (it is working fine) and FanControl two most essential applications for any heavy pc users. FanControl is not able to track my CPU usage and temps since tomorrow. Having same error as you guys that's annoying!! Anyone have any solution yet??

Since today i've also started getting this warnings:

Trojan:Win32/Vigorf.A C:\Windows\SystemTemp\Tmp761C.tmp
Trojan:Win32/Vigorf.A C:\Windows\SystemTemp\Tmp3E97.tmp

And on top of that some games started crashing or just closing without any errors and as others said i also have OpenRGB/MSI Afterburner/RTSS and an app that makes my taskbar transperent.

I got this too, but for Overwolf which is known to be safe. My Microsoft defender also gave me the message that the isolation was incomplete after i reset my PC. Is this a false positive or some fort of widespread issue? I haven't been experiencing any issues otherwise.

Same thing happened and I was so scared that I was cooked that I reset my pc 😭

I've just received the same prompt. I also have OpenRGB. Is there any remedial action that need to be taken or is it safe enough to either quarantine it or just allow the application?

The usual MS Windows Defender nonsense. It is NOT a trojan, it's a vulnerability (WingRing0 which is installed and used by FanControl, it is needed for apps like FanControl/SignalRGB to work and it has ALWAYS been there).

It is considered a 'security' risk, but it's not a risk to the average PC user/gamer/etc. Only those downloading pirate software, going on 'dodgy' websites, things like that are actually at risk. Even then, whatever virus they downloaded would have to get past their anti-virus software to be able to take advantage of the vulnerability. The vulnerability has always been part of Fan Control, it's not just been added to FanControl or any other software that Windows has flagged, Windows Defender has just had an update that makes it flag the vulnerability.

I've been a PC tech for over 30 years (including employment for 17 years by two of the biggest investment banks in the world), I knew about the vulnerability before installing FanControl.

It didn't concern me then, it doesn't concern me now. If you're not a shady person that does shady things, you'll be just fine. I just Whitelisted it, no more pop-ups.

Lazy Coding By the entire RGB/Fan control industry

https://youtu.be/H_O5JtBqODA?si=sxHdULXgTgSVlnOa

I had this pop up this morning for PBO2 Tuner, a tool used to undervolt and underclock your CPU cores. Have used it since 2022 with no issue. Running a Ryzen 7 5800x3D.

Just happened to me, since this has been out a couple days someone might be trying to use the vulnerability as a few remote access programs

If someone were to see this post and try to exploit the vulnerability would Windows Security stop them? There were some mysterious remote access programs running in my task manager when this trojan was quarantined (twice) and now im doing an offline scan for the rascal who's trying to steal my pc

Starting 9/4/2025 I started seeing the same warning related to Winring0 in OpenHardwareMonitorLib.sys. I had seen this in mid March and fixed it by uninstalling HWMonitor. After reading many of the comments here I decided to uninstall Nuc SW Studio, then I removed the defender exclusion I had put on OpenHardwareMonitorLib.sys, rebooted and checked the file... yes it is there and its date is the time of reboot... and NUCSoftwareStudioService is still running... but... now defender isn't flagging it even if I force it to scan that file... strange, I think. I noticed that the defender definitions were updated today, I wonder if they changed to allow this, but I think a more likely explanation is that when you uninstall the NUC SW Studio then reboot, NUCSoftwareStudioService.exe builds a new OpenHardwareMonitorLib.sys without Winring0.

Good catch but how do you deal with it. I found NUC software the root cause as well but just "allowed" the perceived threat as I find no way to update.

To MShep49: It is better to create an "exclusion" for the file than to allow the malware as that will allow the trojan in any file. Did you try uninstalling NUC SW studio? It is easy to uninstall and I had never actually used it.

For those keeping track of where it might be used.
Add Gigabyte Control Center to the list.

Easy fix is going into the Windows Defender settings and just adding the entire folder as an exemption.
Fixed it for me from annoyingly popping up.

I had the same issue since today, 20. September 2025, directly after "Cumulative Update for Windows 11 Insider Preview (KB5065786) (26220.6690)".

I had allow the "Trojan:Win32 Vigorf.A" found by Microsoft Defender on my PC without anny following problems.

Vigorf.A is a name given by anti-malware software to potentially malicious programs, which can be a trojan that steals information or a hacktool used to bypass software licensing. This type of malware is detected by antivirus programs like Microsoft Defender Antivirus and Trend Micro, and it is recommended to have your system scanned and cleaned to remove it. 

What is Vigorf.A?

• Trojan:

Vigorf.A can be a trojan, a type of malware that can perform various harmful actions, such as installing other malware, recording keystrokes, stealing browsing history, or granting remote access to your PC for a malicious hacker. 

• Hacktool:

It can also be identified as a hacktool, which is software used to "crack" programs to run without a valid license or product key. However, the use of hacktools is risky as they are often associated with other malware. 

What to do if you suspect Vigorf.A on your PC:

1. Run a full system scan: Perform a comprehensive scan using your antivirus software to detect and remove any hidden files. 
2. Remove quarantined threats: Follow the instructions to delete any files that your antivirus program has quarantined. 
3. Be cautious with unknown software: Avoid running suspicious software that could be associated with hacktools or other potentially unwanted programs. Vigorf.A is a name given by anti-malware software to potentially malicious programs, which can be a trojan that steals information or a hacktool used to bypass software licensing. This type of malware is detected by antivirus programs like Microsoft Defender Antivirus and Trend Micro, and it is recommended to have your system scanned and cleaned to remove it.  What is Vigorf.A?
   • Trojan:  Vigorf.A can be a trojan, a type of malware that can perform various harmful actions, such as installing other malware, recording keystrokes, stealing browsing history, or granting remote access to your PC for a malicious hacker. 
   • Hacktool:  It can also be identified as a hacktool, which is software used to "crack" programs to run without a valid license or product key. However, the use of hacktools is risky as they are often associated with other malware. 
   What to do if you suspect Vigorf.A on your PC:
   1. Run a full system scan:  Perform a comprehensive scan using your antivirus software to detect and remove any hidden files. 
   2. Remove quarantined threats:  Follow the instructions to delete any files that your antivirus program has quarantined. 
   3. Be cautious with unknown software:  Avoid running suspicious software that could be associated with hacktools or other potentially unwanted programs. 

i found this online if it helps u np

i just had a admin confirmation promp from my Steelseries GG app about the system monitor from Steelseries a few minutes after approving it ive also recieved a similar virus alert

Even on the exclusion list, it always go back to square one with the damn notification with the : Trojan:Win32/Vigorf.A

C:\WINDOWS\System32\DriverStore\FileRepository\performancedriverextension.inf_amd64_4307518ac694be75................

I think all this started late Aug or Sept, and if i put a premium Antivirus over Windows Defender, all scans come clean using 4 different top tier Antivirus's. I also have a intel Nuc too, i get annoyed few times a week with WD. Think i might get a paid Antivirus so WD can shut up.