Onedrivepatcher.exe on Win 11


banger

banger

Well-known member
Member
VIP
Local time
9:51 PM
Posts
200
OS
Solus Plasma
Just remoted into my Laptop which is in the other room and when the login completed I was presented with a Windows dialog (signing authorisation) and a blank background. It said do you want to run Onedrivepatcher.exe which I thought was strange as I havent used the laptop in a couple of weeks.

Searching the web reveals it is a sophisticated malware file although what it does is unclear. I presume it encrypts onedrive files for ransom.

So not taking any chances - in the process of resetting the laptop from the cloud and when thats done updating.

Thoughts?

Found the file in the Onedrive folder under my username OnedrivePatcher.exe it is digitally signed my Microsoft on the 15 April 2026 so could it be legit? Searches say no.
 

My Computers

System One System Two

  • OS
    Solus Plasma
    Computer type
    PC/Desktop
    Manufacturer/Model
    Novatech BB90014
    CPU
    Intel Core i5 9400F
    Motherboard
    Gigabyte H310M S2H 2
    Memory
    Corsair 32 gb Vengeance
    Graphics Card(s)
    Nvidia GT1030
    Sound Card
    On board Realtek
    Monitor(s) Displays
    Dell 2412M Sharpscreen
    Screen Resolution
    1920x1080
    Hard Drives
    Corsair MP510 NvME 1tb
    Crucial MX500 500gb
    WD 2.5Tb
    Hitachi Deskstar 500
    PSU
    Novatech 800W
    Case
    Novatech
    Cooling
    3 x front fans, 1 rear
    Keyboard
    Logitech G11
    Mouse
    Logitech G203
    Internet Speed
    1000/110 Mbps
    Browser
    Vivaldi
    Antivirus
    ClamTK
  • Operating System
    win 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel i5
    Motherboard
    HP Intel
    Memory
    8gb Hynix
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    HP
    Screen Resolution
    1920x1081
    Hard Drives
    Samsung 256
    PSU
    HP
    Case
    HP
    Cooling
    Single fan
    Keyboard
    HP
    Internet Speed
    80/20
    Browser
    Firefox
    Antivirus
    Win Defender
I would not trust it. Wipe your drive and reformat/re-install.
 

My Computers

System One System Two

  • OS
    Windows11 Pro 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Alienware Aurora R16
    CPU
    Intel Core i9 14900F (24 -Core, 68 MB Total Cache)
    Motherboard
    Dell Alienware
    Memory
    32GB DDR5
    Graphics Card(s)
    RTX 4080 Super w/581.95
    Sound Card
    Realtec
    Monitor(s) Displays
    Corsair XENEON 32QHD165
    Screen Resolution
    2560 X 1440
    Hard Drives
    1-2TB Samsung 990 Pro PCIe NVMe M2 SSD
    1-4TB Samsung 990 Pro PCIe NVMe M2 SSD
    PSU
    1000 Watt Platinum Dell
    Case
    Alienware
    Cooling
    Liquid Closed Loop
    Keyboard
    Corsair Strafe RGB
    Mouse
    Logitech MK270 Wireless
    Internet Speed
    100Gb's Down-20 Up
    Browser
    Firefox 152.0
    Antivirus
    Defender
    Other Info
    Very Quiet And Fast
    CyberPower UPS CP1500PFCLCD
  • Operating System
    PClinuxOS Mate (2025.7)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Intel
    CPU
    13th Gen Inter(R) Core(TM) i3-1315U
    Motherboard
    Intel
    Memory
    64 GB DDR4 @3200 MHz.
    Graphics card(s)
    Internal
    Sound Card
    None
    Monitor(s) Displays
    Dell 2419HGCF
    Screen Resolution
    1920 X 1080
    Hard Drives
    SAMSUNG 980 PRO SSD 2TB, PCIe 4.0 M.2 2280
    PSU
    Chicony 30 Watt
    Case
    Small
    Keyboard
    Dell
    Mouse
    Razor
    Internet Speed
    1GB
    Browser
    Slimjet
That is what I am doing.
 

My Computers

System One System Two

  • OS
    Solus Plasma
    Computer type
    PC/Desktop
    Manufacturer/Model
    Novatech BB90014
    CPU
    Intel Core i5 9400F
    Motherboard
    Gigabyte H310M S2H 2
    Memory
    Corsair 32 gb Vengeance
    Graphics Card(s)
    Nvidia GT1030
    Sound Card
    On board Realtek
    Monitor(s) Displays
    Dell 2412M Sharpscreen
    Screen Resolution
    1920x1080
    Hard Drives
    Corsair MP510 NvME 1tb
    Crucial MX500 500gb
    WD 2.5Tb
    Hitachi Deskstar 500
    PSU
    Novatech 800W
    Case
    Novatech
    Cooling
    3 x front fans, 1 rear
    Keyboard
    Logitech G11
    Mouse
    Logitech G203
    Internet Speed
    1000/110 Mbps
    Browser
    Vivaldi
    Antivirus
    ClamTK
  • Operating System
    win 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel i5
    Motherboard
    HP Intel
    Memory
    8gb Hynix
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    HP
    Screen Resolution
    1920x1081
    Hard Drives
    Samsung 256
    PSU
    HP
    Case
    HP
    Cooling
    Single fan
    Keyboard
    HP
    Internet Speed
    80/20
    Browser
    Firefox
    Antivirus
    Win Defender
banger said:
That is what I am doing.
Click to expand...

Good for you. OneDrivePatcher.exe is not legitimate. It is consistently identified as malware used in DLL‑sideloading attacks. I totally agree with not taking chances. Clean install windows is only way to go IMO..
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 25H2 26200.8655
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26200.8457
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26200.8457
Onedrivepatcher.exe IS legitimate provided it's signed by the certificate with the thumbprint b5c5a90d5ad78261da8436383764546d784fecf7 . There are versions that are malware (those are signed by untrusted certificates or no cert signing)
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
Current valid version of OneDrivePatcher.exe from a fresh OneDrive install

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
neemobeer said:
Onedrivepatcher.exe IS legitimate provided it's signed by the certificate with the thumbprint b5c5a90d5ad78261da8436383764546d784fecf7 . There are versions that are malware (those are signed by untrusted certificates or no cert signing)
Click to expand...
What hash is that as the sha256 is totally different and after reset it is still there.
 

My Computers

System One System Two

  • OS
    Solus Plasma
    Computer type
    PC/Desktop
    Manufacturer/Model
    Novatech BB90014
    CPU
    Intel Core i5 9400F
    Motherboard
    Gigabyte H310M S2H 2
    Memory
    Corsair 32 gb Vengeance
    Graphics Card(s)
    Nvidia GT1030
    Sound Card
    On board Realtek
    Monitor(s) Displays
    Dell 2412M Sharpscreen
    Screen Resolution
    1920x1080
    Hard Drives
    Corsair MP510 NvME 1tb
    Crucial MX500 500gb
    WD 2.5Tb
    Hitachi Deskstar 500
    PSU
    Novatech 800W
    Case
    Novatech
    Cooling
    3 x front fans, 1 rear
    Keyboard
    Logitech G11
    Mouse
    Logitech G203
    Internet Speed
    1000/110 Mbps
    Browser
    Vivaldi
    Antivirus
    ClamTK
  • Operating System
    win 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel i5
    Motherboard
    HP Intel
    Memory
    8gb Hynix
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    HP
    Screen Resolution
    1920x1081
    Hard Drives
    Samsung 256
    PSU
    HP
    Case
    HP
    Cooling
    Single fan
    Keyboard
    HP
    Internet Speed
    80/20
    Browser
    Firefox
    Antivirus
    Win Defender
Depends which version you have this is from 26.070.0414.0001
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
neemobeer said:
Current valid version of OneDrivePatcher.exe from a fresh OneDrive install

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
Click to expand...
Well the sha256 matches the hash on virustotal you linked to so looks like its legit.
 

My Computers

System One System Two

  • OS
    Solus Plasma
    Computer type
    PC/Desktop
    Manufacturer/Model
    Novatech BB90014
    CPU
    Intel Core i5 9400F
    Motherboard
    Gigabyte H310M S2H 2
    Memory
    Corsair 32 gb Vengeance
    Graphics Card(s)
    Nvidia GT1030
    Sound Card
    On board Realtek
    Monitor(s) Displays
    Dell 2412M Sharpscreen
    Screen Resolution
    1920x1080
    Hard Drives
    Corsair MP510 NvME 1tb
    Crucial MX500 500gb
    WD 2.5Tb
    Hitachi Deskstar 500
    PSU
    Novatech 800W
    Case
    Novatech
    Cooling
    3 x front fans, 1 rear
    Keyboard
    Logitech G11
    Mouse
    Logitech G203
    Internet Speed
    1000/110 Mbps
    Browser
    Vivaldi
    Antivirus
    ClamTK
  • Operating System
    win 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel i5
    Motherboard
    HP Intel
    Memory
    8gb Hynix
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    HP
    Screen Resolution
    1920x1081
    Hard Drives
    Samsung 256
    PSU
    HP
    Case
    HP
    Cooling
    Single fan
    Keyboard
    HP
    Internet Speed
    80/20
    Browser
    Firefox
    Antivirus
    Win Defender
Code signing certs do get compromised from time to time, but it's very uncommon and vendors are very quick to revoke certs quickly so it would show untrusted if if were malicious
 

My Computer

System One

  • OS
    Linux Mint
    Computer type
    Laptop
    Manufacturer/Model
    System76 Lemur Pro
Still dont know what triggered it and why it was asking for admin rights.
 

My Computers

System One System Two

  • OS
    Solus Plasma
    Computer type
    PC/Desktop
    Manufacturer/Model
    Novatech BB90014
    CPU
    Intel Core i5 9400F
    Motherboard
    Gigabyte H310M S2H 2
    Memory
    Corsair 32 gb Vengeance
    Graphics Card(s)
    Nvidia GT1030
    Sound Card
    On board Realtek
    Monitor(s) Displays
    Dell 2412M Sharpscreen
    Screen Resolution
    1920x1080
    Hard Drives
    Corsair MP510 NvME 1tb
    Crucial MX500 500gb
    WD 2.5Tb
    Hitachi Deskstar 500
    PSU
    Novatech 800W
    Case
    Novatech
    Cooling
    3 x front fans, 1 rear
    Keyboard
    Logitech G11
    Mouse
    Logitech G203
    Internet Speed
    1000/110 Mbps
    Browser
    Vivaldi
    Antivirus
    ClamTK
  • Operating System
    win 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    HP
    CPU
    Intel i5
    Motherboard
    HP Intel
    Memory
    8gb Hynix
    Graphics card(s)
    Intel
    Sound Card
    Realtek
    Monitor(s) Displays
    HP
    Screen Resolution
    1920x1081
    Hard Drives
    Samsung 256
    PSU
    HP
    Case
    HP
    Cooling
    Single fan
    Keyboard
    HP
    Internet Speed
    80/20
    Browser
    Firefox
    Antivirus
    Win Defender
You must log in or register to reply here.

Similar threads

Can't sync shortcut icons between Windows 11 and Windows 10 using OneDrive
Replies
0
Views
48
Fragonard
F
BitLocker automatically enabled after new Win 11 install?
Replies
16
Views
6K
JohnW63
J
How do you set up Yubikey/Smart Card for Win 11 Pro Logon?
Replies
1
Views
3K
neemobeer
neemobeer
  • Article Article
World Backup Day: OneDrive - The best backup is the one you never think about
Replies
0
Views
214
Brink
Brink
Solved Update to Win 11 But...
Replies
13
Views
294
spapakons
spapakons

Latest Support Threads

Latest Tutorials

Back
Top Bottom