Per this reddit thread, it appears that cpuid.com is redirecting CPU-Z and HWMonitor downloads to a third party URL and antivirus identifies it as a virus.
Those apps need to hook into low-level processes, so the antivirus app might see a false positive. On the other hand, that would be a great attack vector, so I would think caution would be warranted.
> This has the description "Установка — HWiNFO Monitor, версия 1.63" in it. Now I'm pretty sure CPUID is based out of France, so the presence of Russian there is not great. The term "HWiNFO" is not right here either, it's a completely different tool.
> The file is built with a customised "wrapped" Innosetup often used by malware, making it difficult to extract. "Real" Hwmonitor just uses regular InnoSetup and can be extracted with simple and common tools.
> Their site has been hacked is the simplest explanation.
And
> Apparently there's several sandbox detection methods in it. If you ran it, assume you are compromised as there's several persistent processes installed. Start reinstalling your windows and remember to use the "log out everywhere" feature on all websites to refresh your login tokens and reset your passwords.
Per this reddit thread, it appears that cpuid.com is redirecting CPU-Z and HWMonitor downloads to a third party URL and antivirus identifies it as a virus.
Those apps need to hook into low-level processes, so the antivirus app might see a false positive. On the other hand, that would be a great attack vector, so I would think caution would be warranted.
Someone a bit further down the thread took a look, it is definitely malware.
> Download link on https://www.cpuid.com/softwares/hwmonitor.html goes to https://pub-45c2577dbd174292a02137c18e7b1b5a.r2.dev/hwmonito... which is obviously unusual.
> This has the description "Установка — HWiNFO Monitor, версия 1.63" in it. Now I'm pretty sure CPUID is based out of France, so the presence of Russian there is not great. The term "HWiNFO" is not right here either, it's a completely different tool.
> The file is built with a customised "wrapped" Innosetup often used by malware, making it difficult to extract. "Real" Hwmonitor just uses regular InnoSetup and can be extracted with simple and common tools.
> Their site has been hacked is the simplest explanation.
And
> Apparently there's several sandbox detection methods in it. If you ran it, assume you are compromised as there's several persistent processes installed. Start reinstalling your windows and remember to use the "log out everywhere" feature on all websites to refresh your login tokens and reset your passwords.