wmiprvse - wmiprvse.exe

wmiprvse - wmiprvse.exe

wmiprvse.exe (wmiprvse stands for Microsoft Windows Management Instrumentation ) is a generic process that manages clients in Windows XP. It is automatically launched the first time a client application connects, and is used to monitor system resources.

It is an essential system process which may not be terminated.

However, it may also be the Trojan horse W32/Sonebot-B, which creates a copy of itself in the folder %Windows%\System32, with the filename WMIPRVSE.EXE. The following entry in the registry confirms that the Trojan is present:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Kernel_check = wmiprvse.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Kernel_check = wmiprvse.exe
Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.

Related

This document, titled « wmiprvse - wmiprvse.exe », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).