Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee has quarantined WMIPrvSe.EXE


  • Please log in to reply
5 replies to this topic

#1 JayGeeBee

JayGeeBee

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:30 PM

Posted 09 May 2018 - 11:04 AM

For two days McAfee has quarantined WMIPrvSe.EXE. I have googled this but cannot find an explanation.

I have been advised to post to seek a solution here as malware is suspected.

Many Thanks

JB



BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:30 PM

Posted 09 May 2018 - 12:41 PM

From the web:

WmiPrvSE.exe is not a virus or a malware. Windows® Management Instrumentation (WMI) is a component of the Microsoft Windows operating system that provides management information and control in an enterprise environment. WmiPrvSE.exe high CPU usage problem caused by bad startup program.

 

Use the programs below to clean, remove adware and remove malware.

 

 

Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the

Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of Google Chrome and Avast.

After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.

CCleaner - PC Optimization and Cleaning - Free Download

 

Malwarebytes - Clean Mode

  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update its database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

Download AdwCleaner by Xplode onto your desktop. (compatible with Windows 7, 8 and 10)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Post the three lists mentioned below using CCleaner.

Open CCleaner and click on Tools. Choose Startups. On that page you will see a list of Windows Startups and at the top tabs for each browser and Scheduled Tasks.

At the bottom right of that page you will see a button when clicked will allow you to Copy and Paste the list of Windows Startups and Scheduled Tasks into your next

post. Please do that.

 

Open CCleaner and click on Tools. Choose Uninstall. On that page you will see a list of programs installed on your computer and at the bottom right of that page you

will see a button when clicked will allow you to Copy and Paste that list in your next post. Please do that.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 JayGeeBee

JayGeeBee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:30 PM

Posted 10 May 2018 - 11:10 AM

Thank you BC Advisor. I have CCleaner and Malwarebytes installed. Yesterday evening I ran Malwarebytes and it quarantined 5 files. Since then McAfee has not quarantined anything and all seems OK ATM.

Again many thanks

JB

 

Malwarebytes Report for 9/5/2018

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/9/18
Scan Time: 5:16 PM
Log File: 4dc343f6-53a4-11e8-8cbe-b06ebfcc6412.json
Administrator: Yes

-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.5044
License: Free

-System Information-
OS: Windows 10 (Build 16299.371)
CPU: x64
File System: NTFS
User: FRODO2\John

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 294748
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 1 min, 35 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
PUP.Optional.DriverToolkit, HKU\S-1-5-21-4192141123-2108691203-3141613695-1001\SOFTWARE\DriverToolkit, Quarantined, [876], [512874],1.0.5044

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 4
RiskWare.BitCoinMiner, C:\PROGRAMDATA\MICROSOFT WINDOWS\SYSTEM\WUAUCLT.EхE, Quarantined, [908], [495887],1.0.5044
RiskWare.BitCoinMiner, C:\PROGRAMDATA\MICROSOFT WINDOWS NT\SERVICE\SPPSVC.EхE, Quarantined, [908], [495887],1.0.5044
RiskWare.BitCoinMiner, C:\USERS\JOHN\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\TRUSTEDINSTALLER.EXE, Quarantined, [908], [495887],1.0.5044
RiskWare.BitCoinMiner, C:\USERS\JOHN\APPDATA\LOCAL\MICROSOFT\WINDOWS\EXPLORER\TASKMGR.EхE, Quarantined, [908], [495887],1.0.5044

Physical Sector: 0
(No malicious items detected)


(end)

 

CCleaner Scheduled

No    Task    CCleanerSkipUAC    Piriform Ltd    "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
Yes    Task    McAfee Remediation (Prepare)    McAfee, Inc.    C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
Yes    Task    McAfeeLogon    McAfee, Inc.    C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe /platui
Yes    Task    NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
No    Task    NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe"
Yes    Task    NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
Yes    Task    NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes    Task    NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes    Task    NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes    Task    NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes    Task    NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon
No    Task    OneDrive Standalone Update Task-S-1-5-21-4192141123-2108691203-3141613695-1001    Microsoft Corporation    %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
 

CCleaner Windows Startups

No    HKLM:Run    CanonQuickMenu    CANON INC.    C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
Yes    HKLM:Run    IJNetworkScannerSelectorEX    CANON INC.    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"
Yes    HKLM:Run    RTHDVCPL    Realtek Semiconductor    "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
Yes    HKLM:Run    SecurityHealth    Microsoft Corporation    %ProgramFiles%\Windows Defender\MSASCuiL.exe
Yes    Startup Common    NextPVR Tray.lnk    Menten Holdings Ltd    C:\Program Files (x86)\NPVR\NTray.exe

 

Copy of ADWCleaner[S00].txt

# -------------------------------
# Malwarebytes AdwCleaner 7.1.1.0
# -------------------------------
# Build:    04-27-2018
# Database: 2018-05-10.1
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-10-2018
# Duration: 00:00:10
# OS:       Windows 10 Home
# Scanned:  40842
# Detected: 1


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\John\AppData\Local\DriverToolkit

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


 


Edited by JayGeeBee, 10 May 2018 - 11:35 AM.


#4 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:30 PM

Posted 10 May 2018 - 12:44 PM

Coin miners have been known to destroy a cpu...overheating actually causing fires.

 

Using NoScript in Firefox will stop the malicious scripts from running. Takes a while to learn to use it properly

but it is well worth it. NoScript Security Suite :: Add-ons for Firefox

 

If you don't have an ad blocker installed I suggest using Adblock Plus.

Adblock Plus :: Add-ons for Firefox     Adblock Plus - Chrome Web Store

Adblock Plus for Edge browser   Adblock Plus for IE

 

You can block the ad and tracking cookies from installing on your computer by blocking third party cookies.

How to disable third-party cookies in all major web browsers

Once you have blocked the install of those cookies then run CCleaner to remove the existing ones.

 

Disable these Tasks: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    Task    NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Yes    Task    NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes    Task    NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
Yes    Task    NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
Yes    Task    NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
Yes    Task    NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}    NVIDIA Corporation    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe --logon

 

Suggest Disabling these Startups: Use CCleaner by clicking on each item and choosing Disable on the right.

Yes    HKLM:Run    IJNetworkScannerSelectorEX    CANON INC.    C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
Yes    HKLM:Run    iTunesHelper    Apple Inc.    "C:\Program Files\iTunes\iTunesHelper.exe"

 

After completing the above and rebooting...let me know of any problems.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 JayGeeBee

JayGeeBee
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:30 PM

Posted 11 May 2018 - 10:51 AM

I have adjusted my startup/ scheduled stuff as advised. I do have AdBlock running I do not have NoScript but I will read about it. I suspect I collected the malware when I read an article about Bit Coins on a TV Program Dragons Den link. This is a UK entrepreneur program. The link was a scam has I have since found out.

Thanks for your advise and patience getting to the bottom of this problem.

JB



#6 buddy215

buddy215

  • Moderator
  • 13,261 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:03:30 PM

Posted 11 May 2018 - 12:37 PM

NoScript would of blocked the malicious script(s) responsible for infecting your computer by just visiting a website.

It will block all scripts. Some scripts are needed to run on websites. The learning bit is recognizing which scripts are

needed and allowing them to run.

 

You're welcome...happy surfin'....safe surfin'


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users