What is tmiardy.sys?

tmiardy.sys is part of Windows (R) Win 7 DDK driver and developed by Windows (R) Win 7 DDK provider according to the tmiardy.sys version information.

tmiardy.sys's description is "CbFlt Filter Driver"

tmiardy.sys is usually located in the 'c:\windows\help\miardy\' folder.

Some of the anti-virus scanners at VirusTotal detected tmiardy.sys.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

VirusTotal report

46 of the 74 anti-virus programs at VirusTotal detected the tmiardy.sys file. That's a 62% detection rate.

Scanner	Detection Name
Ad-Aware	Trojan.GenericKD.31783691
Alibaba	Packed:Win32/VMProtect.cdfd2c98
ALYac	Trojan.GenericKD.31783691
Antiy-AVL	GrayWare/Win32.InstallCore
APEX	Malicious
Arcabit	Trojan.Generic.D1E4FB0B
Avast	Win64:Trojan-gen
AVG	Win64:Trojan-gen
Avira	TR/Black.Gen2
Baidu	Win32.Packed.VMProtect.a
BitDefender	Trojan.GenericKD.31783691
Bkav	W64.HfsAutoA.
Comodo	Malware@#21jks4u6nmop1
CrowdStrike	win/malicious_confidence_60% (W)
Cybereason	malicious.9ea515
Cylance	Unsafe
Cynet	Malicious (score: 85)
Emsisoft	Trojan.GenericKD.31783691 (B)
Endgame	malicious (high confidence)
ESET-NOD32	a variant of Win32/Packed.VMProtect.ABD
F-Secure	Trojan.TR/Black.Gen2
FireEye	Generic.mg.9cbe3369ea515b54
Fortinet	W32/VMProtBad.A!tr
GData	Trojan.GenericKD.31783691
Ikarus	Trojan.Win32.VMProtect
Jiangmin	HackTool.FlyStudio.ezj
K7AntiVirus	Trojan ( 005658c21 )
K7GW	Trojan ( 005658c21 )
Kaspersky	HEUR:Trojan.Win32.Generic
McAfee	Artemis!9CBE3369EA51
McAfee-GW-Edition	Artemis!Trojan
Microsoft	PUA:Win32/InstallCore
MicroWorld-eScan	Trojan.GenericKD.31783691
NANO-Antivirus	Trojan.Win64.Black.foagei
Paloalto	generic.ml
Panda	Trj/CI.A
Qihoo-360	HEUR/QVM200.0.ECE9.Malware.Gen
Rising	Trojan.Generic!8.C3 (CLOUD)
Sangfor	Malware
Sophos	Mal/VMProtBad-A
Symantec	Trojan.Gen.MBT
Tencent	Win32.Trojan.Falsesign.Hxgo
Trapmine	malicious.high.ml.score
Yandex	Trojan.Agent!P3IOaKkf1HA
Zillya	Trojan.Generic.Win32.685668
ZoneAlarm	HEUR:Trojan.Win32.Generic

Sandbox Report

The following information was gathered by executing the file inside Cuckoo Sandbox.

Summary

ERROR: Failed to execute process.

Generic

[
    {
        "process_path": "C:\\Windows\\System32\\lsass.exe",
        "process_name": "lsass.exe",
        "pid": 476,
        "summary": {},
        "first_seen": 1592869986.328125,
        "ppid": 376
    }
]

Signatures

[
    {
        "markcount": 3,
        "families": [],
        "description": "The executable contains unknown PE section names indicative of a packer (could be a false positive)",
        "severity": 1,
        "marks": [
            {
                "category": "section",
                "ioc": "INIT",
                "type": "ioc",
                "description": null
            },
            {
                "category": "section",
                "ioc": ".vmp0",
                "type": "ioc",
                "description": null
            },
            {
                "category": "section",
                "ioc": ".vmp1",
                "type": "ioc",
                "description": null
            }
        ],
        "references": [],
        "name": "pe_features"
    },
    {
        "markcount": 2,
        "families": [],
        "description": "The binary likely contains encrypted or compressed data indicative of a packer",
        "severity": 2,
        "marks": [
            {
                "entropy": 7.86142974058644,
                "section": {
                    "size_of_data": "0x00066e00",
                    "virtual_address": "0x0005f000",
                    "entropy": 7.86142974058644,
                    "name": ".vmp1",
                    "virtual_size": "0x00066c0c"
                },
                "type": "generic",
                "description": "A section with a high entropy has been found"
            },
            {
                "entropy": 0.9951632406287787,
                "type": "generic",
                "description": "Overall entropy of this PE file is high"
            }
        ],
        "references": [
            "http:\/\/www.forensickb.com\/2013\/03\/file-entropy-explained.html",
            "http:\/\/virii.es\/U\/Using%20Entropy%20Analysis%20to%20Find%20Encrypted%20and%20Packed%20Malware.pdf"
        ],
        "name": "packer_entropy"
    },
    {
        "markcount": 2,
        "families": [],
        "description": "The executable is likely packed with VMProtect",
        "severity": 2,
        "marks": [
            {
                "section": ".vmp0",
                "type": "generic",
                "description": "Section name indicates VMProtect"
            },
            {
                "section": ".vmp1",
                "type": "generic",
                "description": "Section name indicates VMProtect"
            }
        ],
        "references": [],
        "name": "packer_vmprotect"
    }
]

Yara

The Yara rules did not detect anything in the file.

Network

{
    "tls": [],
    "udp": [
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 710,
            "time": 1.0565719604492188,
            "dport": 5355,
            "sport": 53595
        },
        {
            "src": "192.168.56.101",
            "dst": "224.0.0.252",
            "offset": 1038,
            "time": -0.049642086029052734,
            "dport": 5355,
            "sport": 55314
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 1366,
            "time": 1.113487958908081,
            "dport": 1900,
            "sport": 1900
        },
        {
            "src": "192.168.56.101",
            "dst": "239.255.255.250",
            "offset": 2514,
            "time": 1.0670149326324463,
            "dport": 3702,
            "sport": 49152
        }
    ],
    "dns_servers": [],
    "http": [],
    "icmp": [],
    "smtp": [],
    "tcp": [],
    "smtp_ex": [],
    "mitm": [],
    "hosts": [],
    "pcap_sha256": "cffa0daec471e9bc12b2beb91dacaedcb18405dd620f33a3e2d0d620ab563852",
    "dns": [],
    "http_ex": [],
    "domains": [],
    "dead_hosts": [],
    "sorted_pcap_sha256": "3e7ad545c29459dd6a34a8fcd360d6a0b3f2e8f525e5648bbdf49967c1bca8f2",
    "irc": [],
    "https_ex": []
}

tmiardy.sys removal instructions

The instructions below shows how to remove tmiardy.sys with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the tmiardy.sys file for removal, restart your computer and scan it again to verify that tmiardy.sys has been successfully removed. Here are the removal instructions in more detail:

1. Download and install FreeFixer: http://www.freefixer.com/download.html
2. Start FreeFixer and press the Start Scan button. The scan will finish in approximately five minutes.

   
3. When the scan is finished, locate tmiardy.sys in the scan result and tick the checkbox next to the tmiardy.sys file. Do not check any other file for removal unless you are 100% sure you want to delete it. Tip: Press CTRL-F to open up FreeFixer's search dialog to quickly locate tmiardy.sys in the scan result.

   

   

   c:\windows\help\miardy\tmiardy.sys

   
4. Scroll down to the bottom of the scan result and press the Fix button. FreeFixer will now delete the tmiardy.sys file.

   
5. Restart your computer.
6. Start FreeFixer and scan your computer again. If tmiardy.sys still remains in the scan result, proceed with the next step. If tmiardy.sys is gone from the scan result you're done.
7. If tmiardy.sys still remains in the scan result, check its checkbox again in the scan result and click Fix.
8. Restart your computer.
9. Start FreeFixer and scan your computer again. Verify that tmiardy.sys no longer appear in the scan result.

• Privacy Policy