New
#1
WUDFHost.exe in the wrong folder: Is it a disguised infection?
Yesterday, WinPatrol detected that a process has enlisted itself on my Scheduled Tasks startup items. It was called WUDFHost.exe. I viewed the details and it said it was a component from Microsoft. So I dismissed it.
Some hours later, I rebooted. I noticed that my C:\ drive space usage have added about 2Gb Gb, which was odd because I haven't installed anything (in fact, I was trying to remove Java) and all my file operations were currently being held on D:\. I remembered to check out WUDFHost.exe and found that it was indeed an MS file and that it normally resides on C:\Windows\system32. I checked my C:\Windows\system32 and there was indeed my WUDFHost.exe. Then I checked the file that WinPatrol detected and it was placed in C:\Program Files (x86)\Common Files\Windows Driver Foundation. I immediately scanned that file with Norton 2012 and Malwarebytes (not at the same time, of course). They didn't think it was a threat. I then sandboxed my system just to see if any significant change will occur. There was none. So I rebooted my computer again, renamed the WUDFHost.exe in C:\Program Files (x86)\Common Files\Windows Driver Foundation and somehow I got back about 1GB of my C:\ disk space.
It's probably just nothing, but I can't leave it alone as I am getting paranoid now. What is it doing on my C:\Program Files (x86)\Common Files\Windows Driver Foundation folder? Is it safe? I can't delete it because it might actually turn out to be important. So I'll wait for some answers. For now, I'll leave under a different name.
NOTE: The WUDFHost.exe in C:\Windows\system32 and the one from C:\Program Files (x86)\Common Files\Windows Driver Foundation have different file sizes.