Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wmiapsrvs.exe - malware or no?


  • Please log in to reply
2 replies to this topic

#1 sygg13

sygg13

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 December 2008 - 07:35 AM

When I log in I see "wmiapsrvs.exe " running in the task manager for a bit, and then it goes away. The process is listed as malware here on bleepingcomputer, but I can't find it in the folder specified "C:\WINDOWS\System32\drivers\wmiapsrvs.exe" If this is also potentially a legit process, where would the file be located? I also did a search for a file named "wmiapsrvs.exe" on my C and D drives and came up with zero results.

There is also a "userinit.exe" process that runs on startup as well. I know its a legit lgoin process, but can be overridden by another userinit.exe file. I have files called userinit.exe in C:/i386, C:/Window/system32, C:/windows/servicepackfiles/i386. Is it okay to have these multiples in these locations (I don't know what the i386 folder is)? There is also a file called "USERINIT.EXE-0743FDA9.pf" in the C:/Windows/prefetch folder.

Edited by sygg13, 11 December 2008 - 08:12 AM.


BC AdBot (Login to Remove)

 


#2 Luser

Luser

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Local time:08:16 PM

Posted 11 December 2008 - 08:46 AM

For wmiapsrvs.exe go see -> http://www.bleepingcomputer.com/startups/w....exe-19560.html

if you think your files have been hijacked go here - http://housecall.trendmicro.com/

Otherwise google the files :D you find information on em faster then asking here.

Dont want to get hacked or get virus : install AVG8 and spybot search and destory with teatimer and you will have a slim chance on getting infected.
Dont want to have problems with your computer?
Solution : install a good free anti virus, anti spyware & and stay away from misleading applications. Update your OS and vital programs as often as you can, to shut down those open security holes.
Stay away from shareware and trailware applications, avoid installing browser addins and toolbars. Read up on things before trying new applications.

Learn more about : Viruses, malmware & trojans | Need a bootdisk? | Want to know what that EventID mean? | Cybercrimes what is that?

#3 sygg13

sygg13
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 11 December 2008 - 01:56 PM

D'oh, the process isn't "wmiapsrvs.exe " its "wmiapsrv.exe " with no "s", aka the legit program. Retardation on my part, so I guess I'm fine.

Edited by sygg13, 11 December 2008 - 01:56 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users