wevtutil.exe might seems malicious at the first glance but in reality its an authorized file from Microsoft. This executable helps to get back the information about the publishers and event logs. However, it’s not a malware itself, developers and hackers target.exe files to lodge an attack by injecting Trojan virus. So you might find how to disable and fix whoami.exe in Windows 10.
Mainly, wevtutil.exe is an important tool that makes you able to control every particular side of Event viewer including managing the manifest that writes event and run queries. The executable also allows you to export, archive and delete logs. But when a virus infects it, Command Line Utility of Even Viewer behaves like an unpleasant Trojan horse that may affect your system badly. It can steal your personal information too by dropping down dangerous malware into the PC.
Related – How to Disable and Fix whoami.exe in Windows 10
Table of Contents
Disable and Fix wevtutil.exe in Windows 10
Here is How to Disable and Fix wevtutil.exe in Windows 10 –
Initially, you may find this procedure lengthy. But, to get rid of this Trojan horse and that too without spending a penny on unknown Removal Tools, losing your valuable data and deteriorating your computer system, won’t you follow lengthy procedures? In order to fix wevtutil.exe of Event Viewer in Windows 10, the first thing you have to do is Reboot your computer in Safe Mode.
Rebooting the System in Safe Mode with Networking
Step-1: To boot your computer in safe mode, follow the Shift + Restart combination. Click on Start menu and select the Power button. Continue pressing Shift button while clicking on Restart.
Step-2: Then Windows 10 will reboot and ask you to choose an option, select Troubleshoot.
Step-3: From the following screen, select Advanced Options.
Step-4: Subsequently, click on Startup Settings.
Step-5: Now, you will be asked to restart your computer to modify advanced boot options, including Enable Safe Mode. So, click on Restart.
Step-6: In this case, you have to reboot in with Networking, press F5 or simply 5.
You may also read – Make F8 Key Working to Boot Windows 8 into Safe Mode Easily
End wevtutil.exe in Windows 10
After your system is rebooted in Safe Mode with Networking, press CTRL + ALT + DEL simultaneously in order to open Windows Task Manager.
Click on More details if the tool is not showing details.
From the visible list, locate wevtutil.exe. Make a right click on it and select End task.
Now, close the Windows Task Manager.
Delete the Registry entries of wevtutil.exe
After performing the above steps, search for the Entries created by Command Line Utility of Event Viewer in Windows 10.
Press Windows button + R hotkey on your keyboard to open Run dialog. Type regedit into it and hit Enter.
Select Yes on the UAC prompt and once it comes into the view, navigate each of the following paths –
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Random
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings CertificateRevocation =Random
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Random
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\Random.exe
Now, detect the wevtutil.exe of Even Viewer associated files and delete them to get rid of the Trojan virus. The items will look like the following –
%AllUsersProfile%\Application Data\.dll
%Temp%\random.exe
%AllUsersProfile%\Application Data\~random
%AllUsersProfile%\random.exe
%AppData%\Roaming\Microsoft\Windows\Templates\random.exe
%AllUsersProfile%\Application Data\random
Source of malicious wevtutil.exe
Mostly, The Trojan virus invades on your device either through spam email attachments or while downloading any third party software or programs from inauthentic websites. Without letting you know, developers also inject this type of Trojan virus into your computer when you visit a website that is hacked.
The corrupted wevtutil.exe in Windows 10
Genuine wevtutil.exe in Windows 10 is a vital part of your OS, in fact, a core system file and it rarely roots any problems. Generally, the legitimate executable of Even Viewer is located in C:\Windows\System32 directory and the file’s size is 230kb. However, some malware camouflages themselves a wevtutil.exe file, especially when located outside the stipulated folder. To examine if it is a threat, check its directory by following the below steps –
Start with Opening Task Manager.
Be into the Processes tab, right-click on wevtutil.exe and Select Open file location.
If the path is C:\Windows\System32, you are safe. On the other side, you need to run a full scan with Windows Defender to remove the Trojan virus. Here’s how –
Type full scan in the Cortana search box and when the result turns up hit Enter.
Here, you will view the Windows Defender Security Center. Click on Run a new advanced scan from the Threat history section.
Now, Mark the radio button of Full scan and thereafter click on Scan now.
Some Harmful Activities of wevtutil.exe in Windows 10
Here are some activities the executable file of Even Viewer can perform when it is a harmful Trojan virus.
This harmful malware can affect your computer’s performance, change the desktop wallpaper, automatically run unknown programs, and even hijack your web browser. The attack will create many infected folders and files in your device. Moreover, the malware using this name can disable your security software, steal your individual data, and alter Windows Registry.
In simple words, this Trojan virus is your system’s enemy because it can corrupt your system and prevent the tasks from performing. To keep your OS and the data saved on it securely, you should immediately eradicate the Trojan virus wevtutil.exe from your system.
That’s all!