Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WSCSVC.EXE found as a user in WMI control.


  • Please log in to reply
1 reply to this topic

#1 pwilson47

pwilson47

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:10:32 AM

Posted 15 June 2017 - 06:57 AM

I was trying to learn about how I could secure WMI Control and was looking at the properties of the "ServiceModel" and noticed two odd users. One was WSCSVC.EXE and the other II_IUSRS. So I came here and looked up WSCSVC.EXE in the undesirable startup section and it said it was a password stealing Trojan. Don't worry I'm typing on my phone instead of the outer. But I was wondering what I should do. I have scanned my computer with G-data and that is it. Please help. Thanks

BC AdBot (Login to Remove)

 


#2 pwilson47

pwilson47
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas, TX
  • Local time:10:32 AM

Posted 15 June 2017 - 07:04 AM

I forgot one thing. I was looking at my c:\Windows\System32\wbem folder and noticed the file wbemtest.exe which according to Microsoft should not be on my computer at all because it grants users WMI control. Im running Windows 10 home x64 by the way.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users