EvtEng.exe
Intel PROSet/Wireless by Intel Corporation (Signed)
Warning 7 antivirus scanners has detected malware in various versions of EvtEng.exe.
Overview
There are 49 versions of evteng.exe in the wild, the latest version being 16, 10, 0, 0. It is started as a Windows Service called 'Intel® PROSet/Wireless Event Log' with the name 'EvtEng' and described as “Manages the event trace messages for all the Intel® PROSet/Wireless Software components.”. . In addition, it is run under the context of the SYSTEM account with extensive privileges (the administrator accounts have the same privileges). The average file size is about 967.77 KB. The file is a digitally signed and issued to Intel Corporation by Intel Corporation. The programs Intel(R) TV Wizard, Intel® PROSet/Wireless WiFi Software and Intel® PROSet/Wireless WiFi-Software have been observed as installing specific variations of evteng.exe. During the process's lifecycle, the typical CPU resource utilization is about 0.0007% including both foreground and background operations, the average private memory consumption is about 9.26 MB with the maximum memory reaching around 15.13 MB. Addionally, typically read and write I/O disk operations is about 76 Bytes per minute for reads and 4 Bytes per minute for writes.
What is evteng.exe?
Intel PROSet/Wireless WiFi Software Event Log Service is used to set up, edit, and manage network profiles to connect to a network. It also includes advanced settings such as power management and channel selection for setting up ad-hoc networks. The WiFi Connection Utility Main Window lets users view the current connection details (signal quality, speed and current network name), scan for available WiFi networks and troubleshoot wireless connection problems.
About evteng.exe (from Intel Corporation)
“With your wireless network card, you can access wireless networks, share files or printers, or even share your Internet connection. All of these features can be explored using a wireless network in yo”
 Details
|
| File name: | evteng.exe |
| Publisher: | Intel(R) Corporation |
| Product name: | Intel(R) PROSet/Wireless |
| Description: | Intel(R) PROSet/Wireless Event Log Service |
| Typical file path: | C:\Program Files\intel\wifi\bin\evteng.exe |
| Certificate |
| Issued to: | Intel Corporation |
| Authority (CA): | Intel Corporation |
| Effective date: | Monday, October 30, 2006 |
| Expiration date: | Thursday, October 29, 2009 |
| Windows Service |
| Service name: | EvtEng |
| Display name: | Intel® PROSet/Wireless Event Log |
| Description: | “Manages the event trace messages for all the Intel® PROSet/Wireless Software components.” |
| Type: | Win32OwnProcess |
Programs installed in
(Note, the programs listed below are for all versions of Intel(R) PROSet/Wireless.)
Enables seamless setup and configuration to TVs and resolves overscan issues with a simple step-by-step guide to automatically or manually configure your PC to any TV.
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
“The Intel PROSet/Wireless software includes a suite of features which IT managers find highly desirable. These features include automatic detection of and connection to wireless access points based on...”
The Intel® PROSet/Wireless WiFi Connection Utility is used to set up, edit and manage network profiles to connect to a network. The features and implementation vary depending on which operating system...
“The Intel® PROSet/Wireless WiFi Connection Utility lets you easily manage your laptop connections to Wi-fi networks. Connecting to Wi-fi is simple, and the utility keeps track of available networks an...”
Behaviors
(Note, the behaviors below are for all versions of evteng.exe, select a unique version for details.)
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
- 'EvtEng' (Intel® PROSet/Wireless Event Log)
- EvtEng
Malware detections
Based on 40+ industry antivirus scanners, 7 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
12, 1, 1, 0 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
12, 4, 0, 0 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
12, 0, 4, 0 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
14, 3, 0, 0 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
12, 4, 3, 0 |
| ByteHero |
1.0.0.1 |
Trojan.Malware.Win32.xPack.m |
12, 1, 2, 0 |
| Clam AntiVirus |
0.97.3 |
Win.Trojan.Agent-537692 |
12, 0, 0, 0 |
All file variations of evteng.exe
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
49.61% |
|
| Windows 7 Ultimate |
18.60% |
|
| Windows 7 Professional |
9.30% |
|
| Windows 8 |
4.65% |
|
| Microsoft Windows XP |
3.88% |
|
| Windows Vista Home Premium |
3.88% |
|
| Windows 8.1 |
3.10% |
|
| Windows 8.1 Pro |
1.55% |
|
| Windows 8 Single Language |
1.55% |
|
| Windows 8 Pro with Media Center |
1.55% |
|
| Windows 7 Enterprise |
0.78% |
|
| Windows 8.1 Pro Preview with Media Center |
0.78% |
|
| Windows 8 Pro |
0.78% |
|
Distribution by country
United States installs about 47.29% of Intel(R) PROSet/Wireless.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
28.03% |
|
| Sony |
22.93% |
|
| ASUS |
12.74% |
|
| Toshiba |
8.92% |
|
| Lenovo |
8.92% |
|
| Hewlett-Packard |
8.92% |
|
| Acer |
3.18% |
|
| NEC |
2.55% |
|
| Alienware |
1.91% |
|
| Samsung |
1.91% |
|
