Windows Driver Foundation

Hello Bitdefender Community,

While checking my computer, I discovered a suspicious process that is not visible in the Task Manager, but I managed to identify it using the Sysinternals Process Explorer tool. Details about this process are presented in Image 1.

Upon inspecting the characteristics of this process, I found more information, including TCP/IP connections, presented in Image 2. During the process's execution, I encountered various issues, and ultimately, I obtained additional information, as shown in Images 3 and 4.

In the search for information about this potential virus, I found only one article written just 2 months ago, indicating that this process is indeed a virus and is not detected by antivirus solutions as such. However, when scanning my computer with VirusTotal and Malwarebytes, Bitdefender did not identify this process as a virus.

I managed to create a specific dump file for this process (not entirely possible), and I will attach it to this message (Windows Driver Foundation (WDF).dmp).

In Images 5-6, it can be observed that this file is detected by Total Commander but is impossible to locate.

I would greatly appreciate any advice or assistance that the community can provide regarding identification.


Comments

  • Here you can see a part of the log file for this process that I found after some time.


  • Conclusion: It is a miner that is currently undetected by any antivirus solution. However, the token I found within it has been in the database since 2020, initially associated with another application. I attempted to make requests to it using POSTman, but I received an operating system error.

    I identified the process similarly by tracing its origin program. Ultimately, I found a method to change the email associated with it. In conclusion, I located the log file for this process at

    C:\Users\user\AppData\Local\EmailSender (this directory could only be accessed through the command prompt, as it did not appear in Total Commander, etc.)

    Subsequently, I examined the API calls it made to api.peer2profit.global and understood that it is merely a traffic miner and does not copy any information from the computer.

    PS: In the end, I discovered the Procmon application from Microsoft, which allowed me to perform all these operations in a few minutes instead of hours.

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    In that case, i think that the best option for you is to contact Bitdefender Consumer Support, as the support engineers could take a deeper look at the issue, so do the steps below.

    First, take screenshot(s) of the issue,

    create a log file on your Windows device using Bitdefender Support Tool, by following these steps:

    and

    create a log file on your Windows device using BDsysLog, by following these steps:

    Next, contact Bitdefender Consumer Support by e-mail:

    with short description of the issue.

    After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.

    Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.

    Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.

    Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.

    NOTE: If any of the log file is larger than 25MB, you can upload the log file here:

    After the upload is done, you will get a notification with the file's URL and then you can share the file's URL with the Bitdefender Consumer Support.

    Regards.

  • Thank you for the response, but in my case, the dump file created is over 270 MB, which is why I couldn't upload it anywhere.

  • Hi @Alifa23,

    I've replied to you on the other thread as well 🙂

    You can create a ticket first, or get in touch with the Support teams via chat. They can offer additional ways to upload the dump file.

    Regards

    Premium Security & Bitdefender Endpoint Security Tools user