Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wmi provider host service WmiPrvSE.exe constantly using 3 to 25 p. of my cpu


  • Please log in to reply
3 replies to this topic

#1 michael4321

michael4321

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 18 December 2015 - 02:46 AM

Hello,

 

I read on http://www.file.net/prozess/wmiprvse.exe.html that my file size of wmiprvse.exe of 372.736 Bytes equals

one of the sizes under the section Viren mit gleichem Dateinamen which translates to english Viruses with same filename...

 

I scanned my system with malwarebytes anti malware and I have avast free antivirus on my pc. Please someone can help me?

 

 



BC AdBot (Login to Remove)

 


#2 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:01 PM

Posted 18 December 2015 - 05:34 PM

Hello michael4321, and welcome to Bleeping Computer!! :thumbsup:
 

I read on http://www.file.net/prozess/wmiprvse.exe.html that my file size of wmiprvse.exe of 372.736 Bytes equals
one of the sizes under the section Viren mit gleichem Dateinamen which translates to english Viruses with same filename...

A couple of things here: I don't find file.net to be the best source of technical information because it's not always accurate. More importantly, I don't see the filesize of 372736 anywhere on that page! Where exactly do you see that number?
 
It's common for that service to spike CPU usage sometimes, and 3%-25% is not a problem if it comes back down again. If it's 25% all the time, then I would start to worry. :)
 
But there's an easy way we can quickly get several opinions on that file:

  • Go to VirusTotal.com
  • Click the "Choose File" button.
  • Navigate to the file WmiPrvSE.exe and click Open.
  • Click the "Scan It" button (***Note: If it says this file has already been scanned, please click "Reanalyze").
  • When it is finished scanning please provide a link to the results page in your next reply.

==========

Also...
 

I scanned my system with malwarebytes anti malware

Was anything detected?? If so, please copy and paste the logfile into your next reply. If you don't know where to find it, let me know!

 

==========

 

Depending on the VirusTotal results, we'll go from there. :wink:

 

Do you have any other problems with your computer?

 

bloopie



#3 michael4321

michael4321
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:01 PM

Posted 22 December 2015 - 12:36 PM

Hello,

 

thank you for the quick reply to my topic and sorry that it took me so long to write back.

I compared the file size of wmiprvse.exe on another desktop pc and it was the same size to mine version on my computer.

 

On the page I've listed in my last post there is a section called Woran erkennt man die verdächtigen Varianten?

somewhere in this section is a blue highlighted text -> "8 weitere varianten" you have to click on it to expand some hidden text.

 

I scanned the file with VirusTotal, but it says it is not harmful to my pc and part of the windows operating system.

 

MalwareBytes Logfile mbam-log-2015-12-18 (07-55-19).xml:

 

 

<?xml version="1.0" encoding="UTF-16" ?>
- <mbam-log>
- <header>
  <date>2015/12/18 07:55:22 +0100</date>
  <logfile>mbam-log-2015-12-18 (07-55-19).xml</logfile>
  <isadmin>yes</isadmin>
  </header>
- <engine>
  <version>2.2.0.1024</version>
  <malware-database>v2015.12.18.01</malware-database>
  <rootkit-database>v2015.12.16.01</rootkit-database>
  <license>free</license>
  <file-protection>disabled</file-protection>
  <web-protection>disabled</web-protection>
  <self-protection>disabled</self-protection>
  </engine>
- <system>
  <hostname>GIVEMEPINK-PC</hostname>
  <ip>10.72.125.97</ip>
  <osversion>Windows 7 Service Pack 1</osversion>
  <arch>x64</arch>
  <username>GiveMePink86</username>
  <filesys>NTFS</filesys>
  </system>
- <summary>
  <type>threat</type>
  <result>completed</result>
  <objects>333458</objects>
  <time>339</time>
  <processes>0</processes>
  <modules>0</modules>
  <keys>2</keys>
  <values>0</values>
  <datas>0</datas>
  <folders>0</folders>
  <files>2</files>
  <sectors>0</sectors>
  </summary>
- <options>
  <memory>enabled</memory>
  <startup>enabled</startup>
  <filesystem>enabled</filesystem>
  <archives>enabled</archives>
  <rootkits>disabled</rootkits>
  <deeprootkit>disabled</deeprootkit>
  <heuristics>enabled</heuristics>
  <pup>enabled</pup>
  <pum>enabled</pum>
  </options>
- <items>
- <key>
  <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASAPI32</path>
  <vendor>PUP.Optional.SearchProtect.AppFlsh</vendor>
  <action>success</action>
  <hash>8ffa871f3259c373d05545be23e19a66</hash>
  </key>
- <key>
  <path>HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\CltMngSvc_RASMANCS</path>
  <vendor>PUP.Optional.SearchProtect.AppFlsh</vendor>
  <action>success</action>
  <hash>2366277f0a81af87b4713bc8db29de22</hash>
  </key>
- <file>
  <path>C:\Users\GiveMePink86\AppData\Local\Temp\+BbhycLd.exe.part</path>
  <vendor>PUP.Optional.Amonetize</vendor>
  <action>success</action>
  <hash>2069fcaa345762d4933dd9d22ed308f8</hash>
  </file>
- <file>
  <path>C:\Users\GiveMePink86\AppData\Local\Temp\is-18UV9.tmp\SOInstaller.exe</path>
  <vendor>PUP.Optional.SearchProtect.AppFlsh</vendor>
  <action>success</action>
  <hash>ddac51551a71a3933ff87536aa57ed13</hash>
  </file>
  </items>
  </mbam-log>


#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:01 PM

Posted 22 December 2015 - 02:18 PM

Hello again,
 
It's my pleasure, and don't worry about the delays. :wink:
 
==========
 

On the page I've listed in my last post there is a section called Woran erkennt man die verdächtigen Varianten?

somewhere in this section is a blue highlighted text -> "8 weitere varianten" you have to click on it to expand some hidden text.

Ah...I see now...missed that part! Thanks! :blush:
 

I compared the file size of wmiprvse.exe on another desktop pc and it was the same size to mine version on my computer.
I scanned the file with VirusTotal, but it says it is not harmful to my pc and part of the windows operating system.

Okay, then you should be good to go! :)

 

As you can see Virustotal will scan the file with several different antivirus vendors, so if it's not detected by them, then 99.9% of the time you can be sure it's safe (there can be times that AV vendors could be fooled, but this file is certainly not one of them). :thumbup2:

==========

That MBAM log is very hard to read, but it looks like it removed 3 Search Protect entries. If you're not experiencing any problems with your computer, then you should be fine. :)

 

However, if you'd like me to give your machine a quick 'once-over'...simply post back and let me know!

 

...Otherwise...Stay Safe! <--Everyone Read This!! :thumbsup:

 

Best Regards,

 

bloopie






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users