google wr64.sys?

[leinadable]

I haven't been able to find any info about this.

[DavidR]

There have been a number of these vulnerable driver detections, not just this one (other similar topics in the forum). 

The drivers can be vulnerable to bring misused, as stated in the screenshot.
As the screenshot states you can add an exception which could put your system at risk

https://www.google.co.uk/search?q=wr64.sys

From one of the hits in this search I get this:

WR64.sys is a system file that is part of the Windows operating system. It is typically located in the Windows\System32\Drivers folder and is used to support 64-bit system functions. This file is essential for the proper functioning of the operating system, and it should not be deleted or modified.

Given this is in a different location within the google folder is somewhat suspect, (no idea why it would be here and if it is legit or not.

So why it would be needed in the google\libs\ sub folder given this is meant to be a legit windows driver why wouldn't google use that?
See also - https://www.google.co.uk/search?q=google%2Flibs%2Fwr64.sys

[redwolfe_98]

the malware discussed in this article sounds like what you have:

https://www.bleepingcomputer.com/news/security/hacked-sites-caught-spreading-malware-via-fake-chrome-updates/

you should go to a malware-removal forum for help with removing the malware from your computer. there are 2 that i am familiar with, one at the malwarebytes forum and one at the bleepingcomputer forum.

alternatively, you could remove the malware by doing a clean reinstall of windows.

a clean reinstall of windows is where you wipe/erase all data from the harddrive before reinstalling windows.

doing a google-search for "wr64.sys vulnerable driver" i pulled up a few more articles that discussed VERY similar malware ie "coinminer," only being distributed in different ways, and storing the malware-files in different locations:

https://www.google.com/search?q=wr64.sys+vulnerable+driver#ip=1