devmonsrv.exe
Intel PROSet\Wireless Bluetooth by Intel Corporation (Signed)
Warning 5 antivirus scanners has detected malware in various versions of devmonsrv.exe.
Overview
devmonsrv.exe has 10 known versions, the most recent one is 2.0.0.0130. It is started as a Windows Service with the name 'Bluetooth Device Monitor' and described as “A process to monitor Bluetooth radio state and configure Bluetooth remote folders.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). This is executed as a shared service (which simply means that this service can share a process with other Win32 services). The average file size is about 922.62 KB. It is an authenticode code-signed executable issued to Intel Corporation by the certification authority Intel Corporation. Numerous variations of devmonsrv.exe have been installed with both Pharaoh Puzzle and Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology. During the process's lifecycle, the typical CPU resource utilization is about 0.0003% including both foreground and background operations, the average private memory consumption is about 2.87 MB with the maximum memory reaching around 5.7 MB and typical read I/O operations are around 13 Bytes per minute.
 Details
|
| File name: | devmonsrv.exe |
| Publisher: | Intel Corporation |
| Product name: | Intel PROSet\Wireless Bluetooth |
| Description: | Bluetooth Device Monitor |
| Typical file path: | C:\Program Files\intel\bluetooth\devmonsrv.exe |
| Certificate |
| Issued to: | Intel Corporation |
| Authority (CA): | Intel Corporation |
| Windows Service |
| Service name: | Bluetooth Device Monitor |
| Description: | “A process to monitor Bluetooth radio state and configure Bluetooth remote folders.” |
| Type: | Win32ShareProcess |
Programs installed in
(Note, the programs listed below are for all versions of Intel PROSet\Wireless Bluetooth.)
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
Pharaoh Puzzle is a casual PC video game distributed through the Game Top download portal. The trial verison of the game includes an icon on the user's desktop 'Online Free Games' which links to a par...
Behaviors
(Note, the behaviors below are for all versions of devmonsrv.exe, select a unique version for details.)
Service
Runs under 'SYSTEM\CurrentControlSet\Services' as a shared service by the Service Host (svchost.exe)
- 'Bluetooth Device Monitor'
Malware detections
Based on 40+ industry antivirus scanners, 5 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| CMC |
1.1.0.977 |
Trojan.Win32.Krap.1!O |
2.0.0.0130 |
| eSafe |
7.0.17.0 |
Win32.TRDropper |
1.0.0.0045 |
| Rising Antivirus |
25.0.0.11 |
PE:Malware.XPACK-HIE/Heur!1.9C48 |
2.0.0.0130 |
| Rising Antivirus |
25.0.0.10 |
PE:PUA.XPACK-HIE!1.9C48 |
1.0.0.0040 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0813 |
1.0.0.0045 |
All file variations of devmonsrv.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
63.64% |
|
| Windows 7 Ultimate |
24.24% |
|
| Windows 7 Professional |
12.12% |
|
Distribution by country
United States installs about 36.36% of Intel PROSet\Wireless Bluetooth.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
42.86% |
|
| Sony |
23.81% |
|
| Hewlett-Packard |
19.05% |
|
| ASUS |
9.52% |
|
| Acer |
4.76% |
|
