- Описание
- Разбираемся
- Вывод
Приветствую друзья! Сегодня поговорим про одну неизвестную программу, которую можно обнаружить на компьютере. Под неизвестными программами спокойно может быть вирус или потенциальное опасное ПО, поэтому лучше разобраться.
Описание
RemoteFXvGPUDisablement.exe — компонент, позволяющий нескольким виртуальным машинам получить доступ к одному графическому адаптеру (GPU).
В настоящее время Microsoft эту программу не развивает, в ней нашли какие-то уязвимости.
Виртуальная машина? Это что еще такое? Это просто еще один компьютер, который имеет свой процессор, диск, обьем оперативки, сетевую карту, видеокарту и все остальное. Только одно но — это виртуальный ПК, то есть программно создан. Таких ПК может быть несколько. Все они (гостевые системы) используют ресурсы физического ПК (хост). Компонент RemoteFXvGPUDisablement.exe как раз нужен, чтобы виртуальные ПК могли корректно использовать видеокарту физического компьютера. Это если простыми словами, образно говоря))
Разбираемся
- Удалось выяснить, запускаться данный компонент может из системной папки C:\Windows\System32\. И нужен он чтобы можно было установить общий доступ к одному графическому адаптеру для нескольких виртуальных машин.
- Сам компонент представляет из себя драйвер RemoteFX vGPU, который входит в состав встроенного средства виртуализации Hyper-V. Если вы этим средством не пользуетесь — достаточно снять галочку напротив Hyper-V в окошке Компоненты Windows (Win + R > appwiz.cpl > Включение или отключение компонентов Windows). Если Hyper-V вам нужен, тогда можно попробовать отключить драйвер RemoteFX для самой видеокарты — откройте консоль PowerShell от имени Администратора, далее выполняем команду
Get-VMRemoteFXPhysicalVideoAdapter, нажимаем энтер и находим название видеокарты, на которую привязан драйвер. После того как нашли — выполняем команду отвязки драйвераDisable-VMRemoteFXPhysicalVideoAdapter -Name "NVIDIA Geforce GTX 970"PS: только в кавычках вы указываете найденное название видеокарты. - Скажу на заметку — если вы обычный пользователь ПК, играете в игры, смотрите фильмы, веб-сайты, то на 99% что Hyper-V вам не нужен. Поэтому спокойно отключайте через Компоненты Windows.
- Компания Майкрософт драйвер RemoteFX vGPU, а соответственно и программу RemoteFXvGPUDisablement.exe — развивать не будет из-за наличия уязвимостей (исправлять видимо не хотят). Начиная с Windows 10 версии 1809 и Windows Server 2019 — RemoteFX вообще удален уже.
- Если запускается черное окно командной строки с упоминанием RemoteFXvGPUDisablement.exe — это ненормально. Но не вирус, просто некий системный глюк. Можете попробовать открыть раздел реестра HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\termsrv\RemoteFX и удалите там задачи. После — в директории C:\Windows\System32\ удалите экзешник RemoteFXvGPUDisablement.exe и библиотеку remotefxvgpudisablement.resources.dll.
- Радикальный метод отключения RemoteFXvGPUDisablement.exe: просто откройте диспетчер, найдите процесс или перейдите в папку Windows\System32 и там найдите файл. Теперь его просто переименуйте, например в RemoteFXvGPUDisablement.exe_ или RemoteFXvGPUDisablement_ — после этого он никак не сможет запуститься. А если не захочет переименоваться — скачайте утилиту Unlocker, которая позволяет переименовывать любые системные файлы/папки.
Внимание! Перед всякими удалениями или отключениями создайте заранее точку восстановления на всякий случай!
Некоторые пользователи сообщают, что у них появляется подобное окно на некоторое время:
RemoteFXvGPUDisablement.exe — вирус? Нет, вряд ли. Но при подозрениях — лучше просканируйте ПК лучшими антивирусными утилитами, это AdwCleaner, HitmanPro и Dr.Web CureIT.
Заключение
Главное выяснили:
- RemoteFXvGPUDisablement.exe — системный компонент, необходимый для доступа нескольких виртуальных машин к одному графическому адаптеру.
Удачи и добра, до новых встреч друзья!
На главную!
10.10.2021
Special Offer
Instructions
The following steps should fix the remotefxvgpudisablement.exe issue:
- Step 1.Download Outbyte PC Repair application See more information about Outbyte uninstall instructions EULA Privacy Policy
- Step 2.Install and launch the application
- Step 3.Click the Scan Now button to detect issues and abnormalities
- Step 4.Click the Repair All button to fix the issues
| Compatibility | Win 11, 10, 8, 7 |
| Download Size | 21.2 MB |
| Requirements | 300 MHz Processor, 256 MB RAM, 50 MB HDD |
Limitations: trial version offers an unlimited number of scans, backups and restores of your Windows system elements for free. Registration for the full version starts from USD 29.95.
EXE issues may happen due to a number of different factors. The causes mentioned below are only the most common ones. In certain cases, remotefxvgpudisablement.exe issue may occur when your computer system becomes overloaded or important program files go missing, get accidentally deleted or become corrupted. These types of malfunctions may occur on computers that do not undergo regular maintenance, which may lead to critical glitches and system malfunctions. It may be possible to resolve EXE issues with special software that repairs system elements and tunes system settings to restore stability.
The article provides details on what the issue means, potential causes, and ways to resolve the issue.
- 1Meaning of «remotefxvgpudisablement.exe» issue
- 2Causes of «remotefxvgpudisablement.exe» issues
- 3Ways to repair «remotefxvgpudisablement.exe» issues
Meaning of remotefxvgpudisablement.exe issue
.EXE is a file name extension referencing an executable file (i.e., a software program) in the Windows operating system. These files run your programs and also contain other embedded resources such as bit maps, Windows icons, etc. which the software might call and use for its user interface.
When the remotefxvgpudisablement.exe issue occurs on your computer, you are generally notified via a pop-up style warning that you’re experiencing a malfunction and what kind of EXE issue you’re having. Normally, such issues are attributed to specific software programs, the names of which should be mentioned in the warning.
No matter what EXE issue you are experiencing, the result can be a slow PC that may freeze or crash, and an overall decline in user experience.
Common causes of remotefxvgpudisablement.exe issues
EXE issues may occur for a variety of reasons. One of the common causes is the EXE file being overridden or shared with an older version of a program across other applications.
Another possibility would be the installation or uninstallation of a program that ran incorrectly, or the downloaded installer files being corrupted.
Ignoring the remotefxvgpudisablement.exe issue may eventually lead to PC slowdown or a full system crash, so fixing the issue is important to maintaining optimal computer performance.
Ways to fix remotefxvgpudisablement.exe issues
For an immediate fix of such issues, advanced PC users may be able to repair it by manually editing system elements, and others may want to hire a technician to do it for them. However, since any manipulations with Windows system elements carry a risk of rendering the operating system unbootable, whenever a user is in any doubt of their technical skills or knowledge, they may use a special type of software that is meant to repair Windows system elements without requiring any special skills from the user.
The following steps may help fix the issue:
- Download Outbyte PC Repair application Special offer. See more information about Outbyte uninstall instructions EULA Privacy Policy
- Install and launch the application
- Click the Scan Now button to detect potential issue causes
- Click the Repair All button to fix found abnormalities
The same application can be used to run preventative measures to reduce the chance of this or other system issues appearing in the future.
RemoteFXvGPUDisablement.exe file information
The process known as RemoteFXvGPUDisableTask belongs to software Microsoft® Windows® Operating System by (www.microsoft.com).
Description: The original RemoteFXvGPUDisablement.exe is an important part of Windows and rarely causes problems. RemoteFXvGPUDisablement.exe is located in a not unambiguous folder.
There is no file information. The app is launched periodically by the Windows Task Scheduler. The file is not a Windows core file.
RemoteFXvGPUDisablement.exe appears to be a compressed file.
Therefore the technical security rating is 24% dangerous.
Recommended: Identify RemoteFXvGPUDisablement.exe related errors
Important: Some malware camouflages itself as RemoteFXvGPUDisablement.exe. Therefore, you should check the RemoteFXvGPUDisablement.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer’s security. This was one of the Top Download Picks of The Washington Post and PC World.
Best practices for resolving RemoteFXvGPUDisablement issues
A clean and tidy computer is the key requirement for avoiding problems with RemoteFXvGPUDisablement. This means running a scan for malware, cleaning your hard drive using 1cleanmgr and 2sfc /scannow, 3uninstalling programs that you no longer need, checking for Autostart programs (using 4msconfig) and enabling Windows’ 5Automatic Update. Always remember to perform periodic backups, or at least to set restore points.
Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the 6resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the 7DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.
To help you analyze the RemoteFXvGPUDisablement.exe process on your computer, the following programs have proven to be helpful: ASecurity Task Manager displays all running Windows tasks, including embedded hidden processes, such as keyboard and browser monitoring or Autostart entries. A unique security risk rating indicates the likelihood of the process being potential spyware, malware or a Trojan. BMalwarebytes Anti-Malware detects and removes sleeping spyware, adware, Trojans, keyloggers, malware and trackers from your hard drive.
Other processes
powerdvd12dmrengine.exe supremohelper.exe multiscreen.exe RemoteFXvGPUDisablement.exe quickshare.exe netfxupdate.exe popcorntimedesktop.exe launcherservice.exe ascmd.exe synth3dvsc.sys wowbrowserproxy.exe [all]
- File Path:
C:\Windows\system32\RemoteFXvGPUDisablement.exe - Description:
Hashes
| Type | Hash |
|---|---|
| MD5 | DA10AD97CE891EE6C483BF2FDE66877E |
| SHA1 | CB724F848EB36257E725F4444B0B54DA2279DD3F |
| SHA256 | A42B55BF02179C8676F260EC9FD89EC8AED9FB5117C914D928EC711D96771424 |
| SHA384 | BCE1800AF2CA295A93BC3FE2D5ABC7EBBE3898464389133E9BB19EF645C45447C7E878FE737CCDCC87051F16CE78970D |
| SHA512 | 80ECD40762D80AAE98629A0FF7A1C412F8D567E7115D13FAB36C990B59B01A12CE247004B761DAF6CA6C9BC85CD65F39EBDC1718107849582D2F82D6D974AAFF |
| SSDEEP | 192:+Y2sL84qxeU2VtRjOzRDnEtzMPUOY/0svGS0lTYwWTfWR:+VeU2hjO9Et0UOSokwWTfW |
| IMP | F34D5F2D4577ED6D9CEEC516C1F5A744 |
| PESHA1 | 078044F770D8C33CD62E9976649783EAF0F4CD7A |
| PE256 | 13FA78246B167A0714DE6EC87FADE1AEAD8D2006E33A6707E701C3605DA9F6FF |
Runtime Data
Loaded Modules:
| Path |
|---|
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll |
| C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll |
| C:\Windows\System32\ADVAPI32.dll |
| C:\Windows\System32\bcryptPrimitives.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\IMM32.DLL |
| C:\Windows\System32\kernel.appcore.dll |
| C:\Windows\System32\KERNEL32.dll |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\SYSTEM32\MSCOREE.DLL |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\SYSTEM32\MSVCR120_CLR0400.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\system32\RemoteFXvGPUDisablement.exe |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\SHLWAPI.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\system32\VERSION.dll |
| C:\Windows\System32\win32u.dll |
Signature
- Status: Signature verified.
- Serial:
3300000266BD1580EFA75CD6D3000000000266 - Thumbprint:
A4341B9FD50FB9964283220A36A1EF6F6FAA7840 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Original Filename: RemoteFXvGPUDisablement.exe
- Product Name: Microsoft (R) Windows (R) Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.1339
- Product Version: 10.0.17763.1339
- Language: Language Neutral
- Legal Copyright: Copyright (c) Microsoft Corporation. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/68
- VirusTotal Link: https://www.virustotal.com/gui/file/a42b55bf02179c8676f260ec9fd89ec8aed9fb5117c914d928ec711d96771424/detection/
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\Windows\system32\RemoteFXvGPUDisablement.exe | 82 |
Possible Misuse
The following table contains possible examples of RemoteFXvGPUDisablement.exe being misused. While RemoteFXvGPUDisablement.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| sigma | image_load_in_memory_powershell.yml | - '\WINDOWS\System32\RemoteFXvGPUDisablement.exe' # on win10 |
DRL 1.0 |
| sigma | posh_pc_susp_athremotefxvgpudisablementcommand.yml | description: RemoteFXvGPUDisablement.exe is an abusable, signed PowerShell host executable that was introduced in Windows 10 and Server 2019 (OS Build 17763.1339). |
DRL 1.0 |
| sigma | posh_pm_susp_athremotefxvgpudisablementcommand.yml | description: RemoteFXvGPUDisablement.exe is an abusable, signed PowerShell host executable that was introduced in Windows 10 and Server 2019 (OS Build 17763.1339). |
DRL 1.0 |
| sigma | proc_creation_win_susp_athremotefxvgpudisablementcommand.yml | description: RemoteFXvGPUDisablement.exe is an abusable, signed PowerShell host executable that was introduced in Windows 10 and Server 2019 (OS Build 17763.1339). |
DRL 1.0 |
| atomic-red-team | T1218.md | RemoteFXvGPUDisablement.exe is an abusable, signed PowerShell host executable that was introduced in Windows 10 and Server 2019 (OS Build 17763.1339). | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | One of the PowerShell functions called by RemoteFXvGPUDisablement.exe is Get-VMRemoteFXPhysicalVideoAdapter, a part of the Hyper-V module. This atomic test influences RemoteFXvGPUDisablement.exe to execute custom PowerShell code by using a technique referred to as “PowerShell module load-order hijacking” where a module containing, in this case, an implementation of the Get-VMRemoteFXPhysicalVideoAdapter is loaded first by way of introducing a temporary module into the first directory listed in the %PSModulePath% environment variable or within a user-specified module directory outside of %PSModulePath%. Upon execution the temporary module is deleted. | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | Invoke-ATHRemoteFXvGPUDisablementCommand is used in this test to demonstrate how a PowerShell host executable can be directed to user-supplied PowerShell code without needing to supply anything at the command-line. PowerShell code execution is triggered when supplying the “Disable” argument to RemoteFXvGPUDisablement.exe. | MIT License. © 2018 Red Canary |
| atomic-red-team | T1218.md | | module_path | Specifies an alternate, non-default PowerShell module path for RemoteFXvGPUDisablement.exe. If -ModulePath is not specified, the first entry in %PSModulePath% will be used. Typically, this is %USERPROFILE%\Documents\WindowsPowerShell\Modules. | String | $PWD| | MIT License. © 2018 Red Canary |
MIT License. Copyright (c) 2020-2021 Strontic.
The RemoteFXvGPUDisablement.exe process is also known as RemoteFXvGPUDisableTask and is a part of Microsoft� Windows� Operating System. This software is produced by Microsoft (www.microsoft.com). An outdated or faulty version of RemoteFXvGPUDisablement.exe can cause problems for your computer, ranging from slowness to error messages like these:
- RemoteFXvGPUDisableTask has stopped working. Windows is checking for a solution to the problem… (Windows 11, 10, 7)
- RemoteFXvGPUDisableTask has stopped working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available. (Windows 11, 10, 7)
- RemoteFXvGPUDisablement.exe has encountered a problem and needs to close.
- Access violation at address FFFFFFFF in module RemoteFXvGPUDisablement.exe. Read of address 00000000.
Special Offer
What you should know about RemoteFXvGPUDisablement.exe RemoteFXvGPUDisableTask
RemoteFXvGPUDisablement.exe is not part of Windows, but it is important nonetheless. RemoteFXvGPUDisablement.exe is found in no folder.
The RemoteFXvGPUDisablement file does not supply any version information or other description.
RemoteFXvGPUDisablement.exe appears to be a file that was compressed by an EXE-Packer. This technique is often used by trojans to keep the file size small and also hamper debugging efforts. However, this in itself is not sufficient reason to presume malicious intent, since even well-intentioned, professional software producers take advantage of compressed files.
For this reason, 30% of all experts consider this file to be a possible threat. The probability that it can cause harm is high.
If you see this file on your hard drive or in Windows Task Manager, please make sure that it is not a malicious variant. It’s a fact that many trojans try to cloak their true identity by calling themselves RemoteFXvGPUDisablement.exe. With the above information or by using tools like Security Task Manager you can determine if, in your case, the file is an undesirable variant.
What do other computer users say about RemoteFXvGPUDisablement?
The file spreads very slowly and does not often make an appearance. Therefore, feedback from other users is not yet available.
Summary:
source: file.net
How to uninstall Microsoft� Windows� Operating System
To remove RemoteFXvGPUDisableTask from your computer, please follow the manual instructions below.
- Click the Windows Start Button. You can find it in the lower-left corner of the taskbar.
- Type ‘uninstall‘.
- Click Add or remove programs.
- Now locate Microsoft� Windows� Operating System in the list of displayed applications.
- Click the program, and then click Uninstall.
How to check if RemoteFXvGPUDisablement.exe (RemoteFXvGPUDisableTask) was uninstalled completely
After uninstalling, restart your computer. Then open Windows Explorer and check if a folder with the software name still exists under C:\Program Files. Also, check the Registry for remnants of RemoteFXvGPUDisableTask. To do this, start Regedit, then look under HKEY_LOCAL_MACHINE > Software for: RemoteFXvGPUDisableTask or the name of the producer. Keep in mind that only a computer professional should delete entries in the Windows Registry directly.