Solved.
Kudos1 Stats

iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 1:47AM · 7 Replies ·

I have used NPE a few times and often it flags up iqvw64e.sys as a threat.  Sometimes it successfully removes this and other times fails.  I am obviously concerned from what I have read that there really is a piece of malware hiding in this file.  On the NPE report it has no details on the file.  I have searched the c drive for the file and found it in 3 places:

c:\ProgramFiles\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1236

c:\ProgramFiles\Dell\SupportAssist

c:\Apps\334CH\includes\aa\internal

I used VirusTotal to scan each which reports them as clean.  I an not hugely IT literate so would value any feedback about how reliable these results might be.

Labels: False Positive, Norton Power Eraser [NPE], Threat Detection, Virus Scan, Windows 10
Accepted Solution
Kudos3 Stats

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 11:15AM · Edited: 16-Aug-2018 | 11:25AM · Permalink

Calvin5:

I have used NPE a few times and often it flags up iqvw64e.sys as a threat....I used VirusTotal to scan each which reports them as clean. I an not hugely IT literate so would value any feedback about how reliable these results might be.

Hi Calvin5:

There are multiple threads in this forum about Norton Power Eraser (NPE) detecting iqvw64e.sys as a possible threat on Dell computers - see frankwich32's June 2018 thread iqvw64e.sys identified as threat for one example.  More information about the Intel Network Adapter Diagnostic Driver file iqvw64e.sys (the 64-bit Intel QV Windows Module E) can be found at https://www.file.net/process/iqvw64e.sys.html.

Please note that the NPE is a very aggressive scanner that is designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan.  The NPE is prone to false positive detections and can sometimes remove important system files and registry entries (see Larry_A's thread Ran NPE and Now Computer Won't Boot to Windows for one example), and most users in this forum generally advise against using this tool for routine scanning.  From the main Norton Power Eraser Tutorials page:

"Norton Power Eraser uses aggressive methods to detect threats, and there is a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files."

If you submit your iqvw64e.sys file to Symantec for a false positive analysis at https://submit.symantec.com/false_positive/ as SoulAsylum suggested then they should be able to give you a definitive answer if this is a legitimate Intel driver used by your Dell Support Assistant software or malware trying to disguise itself as iqvw64e.sys.  You said you already uploaded the file to VirusTotal.com site (https://www.virustotal.com/#/home/upload) for a second-opinion scan, and VirusTotal has an excellent reputation for detecting suspicious files and is frequently recommended in this forum.  VirusTotal will scan the digital signature (the file's unique SHA-256 or MD-5 hash) with ~ 70 different antivirus scan engines (e.g., Bitdefender, Kaspersky, McAfee, Symantec/Norton, etc.).  A VirusTotal rating of 2/67, for example, would mean that only 2 of 67 antivirus scan engines flagged your file as suspicious / malicious and you could be relatively certain that your file was safe.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.0.88

View Accepted Solution in Context

Replies

Kudos0

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 4:50AM · Permalink

Hello Calvin. Have a look at this old CVE. Check the version of your Intel Network Diagnostics driver, update if you have one mentioned in the CVE although it should have been updated by Intel eons ago. In an older thread, we recommended downloading Malwarebytes since the customer suspected malware, and MB removed it. Please do so and let us know how things worked out.

Cheers

MS Certified Professional Windows 11 Home 22H2 x 64 build 22621.1702 - Windows 10 Pro x 64 version 22H2 / build 19045.3031 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.4.6 / Opera GX LVL4 (core: 98.0.4759.74) 64 bit-Early Access w/Norton Chrome Extensions
Kudos0

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 6:05AM · Permalink

I've downloaded the trial version of Malwarebytes and it has detected no threats.  Am i reasonably safe to assume that the file is not suspect?  I was also wondering is it worth keeping he Malwarebytes software up to date to run alongside Norton or are there issues with the two programs working together.

Many thanks for your help with this matter

Kudos1 Stats

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 9:25AM · Permalink

Calvin its reasonable to say you are safe since virus total and MBAM have all stated you are clean. You can report the detection as a false positive here. It will take a few days for the analysis to complete but they will indeed report their results to you.

Cheers

MS Certified Professional Windows 11 Home 22H2 x 64 build 22621.1702 - Windows 10 Pro x 64 version 22H2 / build 19045.3031 / Norton Security Ultra - Norton 360 Deluxe ver. 22.23.4.6 / Opera GX LVL4 (core: 98.0.4759.74) 64 bit-Early Access w/Norton Chrome Extensions
Kudos0

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 9:44AM · Permalink

Thanks for all your help.  I'll report as you suggest.

Best wishes

Accepted Solution
Kudos3 Stats

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 11:15AM · Edited: 16-Aug-2018 | 11:25AM · Permalink

Calvin5:

I have used NPE a few times and often it flags up iqvw64e.sys as a threat....I used VirusTotal to scan each which reports them as clean. I an not hugely IT literate so would value any feedback about how reliable these results might be.

Hi Calvin5:

There are multiple threads in this forum about Norton Power Eraser (NPE) detecting iqvw64e.sys as a possible threat on Dell computers - see frankwich32's June 2018 thread iqvw64e.sys identified as threat for one example.  More information about the Intel Network Adapter Diagnostic Driver file iqvw64e.sys (the 64-bit Intel QV Windows Module E) can be found at https://www.file.net/process/iqvw64e.sys.html.

Please note that the NPE is a very aggressive scanner that is designed to be used as a rescue tool in emergency situations when your operating system becomes unstable or you believe you have deeply embedded malware that cannot be detected by a standard antivirus / anti-malware scan.  The NPE is prone to false positive detections and can sometimes remove important system files and registry entries (see Larry_A's thread Ran NPE and Now Computer Won't Boot to Windows for one example), and most users in this forum generally advise against using this tool for routine scanning.  From the main Norton Power Eraser Tutorials page:

"Norton Power Eraser uses aggressive methods to detect threats, and there is a risk that it can select some legitimate programs for removal. You should carefully review the scan results page before removing files."

If you submit your iqvw64e.sys file to Symantec for a false positive analysis at https://submit.symantec.com/false_positive/ as SoulAsylum suggested then they should be able to give you a definitive answer if this is a legitimate Intel driver used by your Dell Support Assistant software or malware trying to disguise itself as iqvw64e.sys.  You said you already uploaded the file to VirusTotal.com site (https://www.virustotal.com/#/home/upload) for a second-opinion scan, and VirusTotal has an excellent reputation for detecting suspicious files and is frequently recommended in this forum.  VirusTotal will scan the digital signature (the file's unique SHA-256 or MD-5 hash) with ~ 70 different antivirus scan engines (e.g., Bitdefender, Kaspersky, McAfee, Symantec/Norton, etc.).  A VirusTotal rating of 2/67, for example, would mean that only 2 of 67 antivirus scan engines flagged your file as suspicious / malicious and you could be relatively certain that your file was safe.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Premium v22.15.0.88

Kudos2 Stats

Re: iqvw64e.sys identified as a threat

Posted: 16-Aug-2018 | 11:36PM · Permalink

Many thanks to both of you to taking time to help me out.  I submitted the files as false positives as you suggest and Norton has come back to confirm that this is the case.  

My best wishes to you both

Kudos3 Stats

Re: iqvw64e.sys identified as a threat

Posted: 19-Aug-2018 | 11:29AM · Permalink

One thing to keep in mind is that NPE does not positively detect known malware - that is the job of your regular Norton Security product.  NPE instead looks for files that might warrant investigation if you suspect that you are infected and regular scans come up clean.  NPE will flag many legitimate files, so never assume that what NPE finds is truly malicious.

This thread is closed from further comment. Please visit the forum to start a new thread.