Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wmiapvse.exe


  • Please log in to reply
10 replies to this topic

#1 athelos

athelos

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 04:17 PM

Right, it was complete luck that i spotted this. When i first log in there is a process in the task manager which flashes up for the breifest of seconds before dissappearing. It looks like

wmiapvse.exe

Though it could be slightly different, like i said it only comes up for like half a second. As far as i know it only comes up when logging on. (im gonna log off now and see what happens.) I know there is a proccess wmiprvse.exe but this one DEFINATELY had an a in it.

Ive tried google it but the only other result i get is in spanish and it seems it was unresolved. Does anyone know anything about this?

Im going to try logging off now. see you lot in a bit.

Thanks.
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

BC AdBot (Login to Remove)

 


m

#2 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 04:37 PM

Okey. So it doesnt appear when i log off. I still cant manage to read it. sometimes i miss it completely and others i just cant read it quick enough. any suggestions?

Edit: Oh and btw im using Prevx1, avg antivirus & avg antispyware (both free), and also super-antispyware. I also regulary do panda scans. I did a pandascan this morning and it turned out clean.

Edited by athelos, 23 February 2007 - 04:39 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,239 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:41 AM

Posted 23 February 2007 - 04:45 PM

Well so far the one without the A is a worm or trojan if you searsh in the Startup List at top of page. Run your AV and this in safe mode after d'load and update

Free Home user version

http://www.superantispyware.com/

How to start Windows in Safe Mode

EDIT Didn't see you post back while I was looking at list

Edited by boopme, 23 February 2007 - 04:50 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 04:56 PM

Ahh d$!nit!! Sorry. Its just that ive been going by these:

neuber.com

liutilities.com

and they say theyre fine....I dont mean to second guess you or the BC team but can someone double check this for me please. Thanks.
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#5 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:41 AM

Posted 23 February 2007 - 04:59 PM

If you do a search on your computer, where is this file situated?
Does it take a lot of your CPU?

#6 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 05:10 PM

Okey. I couldnt find the one with the a in it but i found 4 cases of wmiprvse.exe!!!

C:\$NtServicePackUninstall$
C:\WINDOWS\Prefetch
C:\WINDOWS\ServicePackFiles\i386
C:\WINDOWS\system32\wbem

It would seem im infected *sighs*.

Edit: Fozzie, most of the time there is two of the same processes running (wmiprvse.exe i mean). I dont think they take too much CPU usage though. Theyre not showing up at the moment.

Edited by athelos, 23 February 2007 - 05:12 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#7 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 05:16 PM

Quick question. I dont really use my computer for anything important. I think the most important thing i have on here is my CV (which i have a written copy anyway). What im saying is im not bothered if i lose information. Therefore, if i simply reinstalled windows would the problem be dealt with?
Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#8 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:41 AM

Posted 23 February 2007 - 05:18 PM

If you wouldn't mind that would be the "quickest "way. Make sure you do a fresh intall. First download all the drivers you require and put them on a memory stick

#9 athelos

athelos
  • Topic Starter

  • Members
  • 140 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 AM

Posted 23 February 2007 - 05:21 PM

Ok thank you. As usuall you are as quick as ever Fozzie *bows*. Also thank you Boopme. It would appear you were right!! I'll never be able to trust anything again.......ever!! :thumbsup: lol, thanks again.

Edit: Oh, and quick quesion(s). By fresh install you mean what exactly? Video cards etc? Also, if i download the drivers onto a memory stick is it safe from the worm getting onto the stick?

Edited by athelos, 23 February 2007 - 05:23 PM.

Don't worry about the world coming to an end today. It's already tomorrow in Australia.
--Charles Schultz

#10 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:09:41 AM

Posted 23 February 2007 - 05:33 PM

Edit: Oh, and quick quesion(s). By fresh install you mean what exactly? Video cards etc? Also, if i download the drivers onto a memory stick is it safe from the worm getting onto the stick?

Yes, but to be sure scan the stick prior to transferring anything. The best idea ofcourse would be to download it via a clean computer...

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:41 AM

Posted 23 February 2007 - 05:35 PM

wmiprvse.exe is a host process for Windows Management Instrumentation provider services. Like svchost there may be more than one instance of it running on your system. The locations you identified finding copies are all legit. If it were in you Windows system32 folder, then it would be malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users