wmiprvse.exe

by **augie** » Sat Feb 11, 2006 9:09 pm

ZA has asked to let this through and as this is the first time I've ever gotten it I'm worried. I have googled it and I found that it may be a " virus, spyware, trojan or worm!" as it's coming from a partition other than C:\Windows\System32. I have just installed Messenger 7.5 to E: instead of C: as that was the default for some reason, could this be the reason? Thanks for any help.

by **SCgone** » Sat Feb 11, 2006 9:15 pm

I would deny it and see what happens. wmiprvsw.exe is the Sasser worm. You're sure it didn't have the "w" on the end aren't you?

by **augie** » Sat Feb 11, 2006 9:21 pm

Bell1 wrote:I would deny it and see what happens. wmiprvsw.exe is the Sasser worm. You're sure it didn't have the "w" on the end aren't you?

I did deny it and it was an 'e' on the end and I don't have any Sasser symptoms yet and I'm updated with all my security apps along with Windows itself. I shouldn't have it and never did have Sasser from day 1.

Anyways, I'll wait until it asks again and post the path that Process Viewer shows. Thanks.

by **jrfree1** » Sat Feb 11, 2006 9:35 pm

wmiprvse.exe, if it is a legit file, is for the Windows Management Instrumentation and there are times when it will request network access for legit reasons. For XP, the only locations for this file should be Windows\System32\dllcache, and Windows\System32\wbem. As it is a Windows System file, any application that makes calls to it should use the versions in the wbem folder, and I do not know of any reason a legit program would place a copy of it anywhere else.

If you are running XP with SP2 and all the latest updates, the file version should be: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

For Vista 5270 the file version should be: 6.0.5270.9 (winmain_idx03.051214-1910)
Also, if you have Vista Installed, you may find the file in the \build\repository folder, or the \Windows\sxs folder.

by **augie** » Sat Feb 11, 2006 10:40 pm

Thanks jrfree1, everything seems fine except that I don't have a dllcache folder, only the wbem. My XP is on drive 'E' and Vista is loaded on 'C'. I think what happened was when I initially loaded XP, I had my IDE hooked up along with my SATA and was having trouble assigning 'C' to my SATA, so I loaded XP on 'E' I think and therefore why Vista is on 'C'. There was probably some user error here too as when I was doing all this I was nearly falling off my chair with fatigue. :oops:

I'll never do that again when loading OS's. LOL, I just noticed that AVG scans 'C', not much there to scan there eh? :roleeyes

Thanks for everyone's time. :embarrassed:

by **Synaptic** » Thu Feb 16, 2006 8:36 pm

The dllcache folder is there, it's just got super hide on it. You can reveal it by going to the same place as to reveal Hidden Files and Folders, and unselect Protect System Folders. These superhidden folders will then appear as blue.

by **augie** » Thu Feb 16, 2006 8:50 pm

Thanks for this synaptic. LOL, makes me wonder how after nearly four years of using XP that I never saw it, or at least have it register in my brain.

by **NT50** » Fri Feb 17, 2006 1:48 am

Straight from www.processlibrary.com

Process File: wmiprvse.exe
Process Name: Microsoft Windows Management Instrumentation

Description: wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated.

by **augie** » Fri Feb 17, 2006 6:11 am

NT50 wrote:Straight from www.processlibrary.com

Process File: wmiprvse.exe
Process Name: Microsoft Windows Management Instrumentation

Description: wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated.

Thanks NT50, I saw that also, what got me going was that after near four years of using XP, it wanted 'net access. That's the part I don't get. Why now? :confused

by **SCgone** » Fri Feb 17, 2006 11:46 am

augie wrote:
NT50 wrote:Straight from www.processlibrary.com

Process File: wmiprvse.exe
Process Name: Microsoft Windows Management Instrumentation

Description: wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated.

Thanks NT50, I saw that also, what got me going was that after near four years of using XP, it wanted 'net access. That's the part I don't get. Why now?

All part of your new plan for world domination. :()

Seriously, maybe it's something you changed on one of your installed programs or a program that updated automatically and added something, like Windows? maybe.

Technology, Support, and News Forum

wmiprvse.exe

wmiprvse.exe

Who is online