The file egathdrv.sys, known as IBM eGatherer Kernel Module, belongs to software IBM eGatherer. This program is called Active Support because it collects system configuration information in order to help diagnosis problems reported to IBM for Microsoft Windows and Linux-based operating systems. Although a legitimate program, this application makes the computer vulnerable because Active Support allows a remote attacker to gain access through the ActiveX component of IBM eGatherer, which can be used to execute arbitrary codes on the system. It creates a specially crafted Web-page that uses the SelDebugging and RunEgatherer to write a file in the victim's startup folder once the Web page is visited. When the system restarts, the created folder is launched and enables the attacker to use the privilege of the victim to exploit this vulnerability by hosting the malicious Web page on a Web site or by sending it to a victim as an HTML email.

Most non-system processes that are running can be stopped because they are not involved in running your operating system. egathdrv.sys. is used by IBM eGatherer, If you shut down egathdrv.sys, it will likely start again at a later time either after you restart your computer or after an application start. To stop egathdrv.sys, permanently you need to uninstall the application that runs this process which in this case is IBM eGatherer, from your system.

After uninstalling applications it is a good idea to scan you Windows registry for any left over traces of applications. Registry Reviver by ReviverSoft is a great tool for doing this.

The ReviverSoft experts have not yet reviewed egathdrv.sys

A process usually a part of an installed application such as IBM eGatherer, or your operating system that is responsible for running in functions of that application. Some application require that they have processes running all the time so they can do things such as check for updates or notify you when you get an instant message. Some poorly written applications have many processes that run that may not be required and take up valuable processing power within your computer.

We have not received any complaint about this process having higher than normal impact on PC performance. If you have had bad experiences with it please let us know in a comment below and we will investigate it further.

The first thing you should do if egathdrv.sys. is causing errors on your computer is to run a Windows registry scan with Registry Reviver If you are still seeing errors after this you should uninstall the program that egathdrv.sys, belongs to, in this case IBM eGatherer