File description |
Wdfmgr.exe with description Windows User Mode Driver Manager is a process file from company Microsoft Corporation belonging to product Microsoft® Windows® Operating System.
The file is
digitally signed from Microsoft Windows Component Publisher - Microsoft Timestamping Service
We do not recommend removing digitally signed files from Microsoft Windows Component Publisher
What is wdfmgr.exe?
Wdfmgr.exe is the Windows User Mode Driver Framework service. This service is installed with Windows Media Player 10 and above and allows synchronization of media content with hardware players.
This is a nonessential process and can safely be terminated. Note that by terminating it, you may be unable to synchronize your media devices with Windows Media Player until the next reboot. By disabling the service, you may be unable to do so until the service is reenabled.
Dangers of wdfmgr
As this is a legitimate process that runs on any system with Windows Media Player 10 or later installed, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32. Other malware will use a name that appears similar to it but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as wdfmgr.exe:
- W32.Agobot.TB (%SystemRoot%)
- Agobot is a backdoor Trojan that gives an attacker control over infected systems.
- W32.Tilebot.KG (%SystemRoot%)
- This is a backdoor Trojan that can spread over a network and through MSN Messenger. This Trojan also creates the file %SystemRoot%\Z058_jpg.zip.
- W32.Sdbot.ZN (%SystemRoot%\wdfmrg.exe)
- This is a worm and IRC backdoor Trojan that spreads through network shares.
- Troj/DwnLdr-FVL (%SystemRoot%\System32\wdfmgr32.exe)
- Troj/Pindow-A (%SystemRoot%\System32\wdfmgr32.exe)
There is typically only one instance of this process running at a given time. The presence of multiple instances may be an indicator of a malware infection.
Common problems
- This process is always running
- This is a known issue with Windows Media Player 10. To resolve this, go to Start -> Run -> services.msc. Change Windows User Mode Driver Framework to Manual.
- This process uses 100% CPU time
- There are many possible causes for this issue. Try disabling the Windows User Mode Driver Framework service. If this does not resolve the issue, then your system is infected with a virus or spyware.
|
Automatic startup locations |
 |
001 Running Processes |
 |
002 Autorun registry entries local machine |
 |
010 Installed services |
|
065 Image File Execution Options (debugger) |
|
166 HKCU Policies\Explorer\Run |
|
Digital signatures found for this file |
| |
Signer of certificate |
Issuer of certificate |
 |
Microsoft Windows Component Publisher |
Microsoft Timestamping Service |
|
Microsoft Windows Component Publisher |
VeriSign Time Stamping Services Signer |
|
Microsoft Windows Publisher |
VeriSign Time Stamping Services Signer |
|
|
MD5 security rating in our database |
 |
 |
|
94 |
files (Not yet rated
and
not
signed) |
|
|
1 |
files (Not yet rated
and
digitally
signed) |
 |
|
2 |
files (Safe
and
not
signed) |
|
|
42 |
files (Safe
and
digitally
signed) |
|
|
|
Some versions of this filename have not yet been checked for safety.
|
| Warning: Some malware might rename itself to wdfmgr.exe. Always make sure that your file is from a verified publisher. |
|
Application errors |
|
| User comments. |
There are no comments yet.
|
|
Database statistics
Top process list
