Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Is wmiprvse.exe part of win 2000?

Status
Not open for further replies.

Boyds

MIS
Aug 17, 2001
57
US
I've got a user with a win 2000 pro laptop and they are having all kinds of issues. The only item in taskman I haven't noticed before in win 2000 is wmiprvse.exe. I know this is present in XP but I've never seen it in 2000 before.
I suspect some kind of trojan but I'm not sure as I can't bring up the AV software or even reload the software.

Any help would be appreciated.
 
I'm poking around to see what might run this process under Windows 2000, but I'm on a very slow connection so let me give ya some info on checking out unfamiliar processes while I dig.

When you find a name in your process list that you're not familiar with, write down the name, then search your computer for that name. In this case, seacrh on "wmiprvse".

Once you locate the actual file, right click it and choose "Proerties". There should be a "Version" tab in this window, with entries for the maker and name of the process. This can let you know at least if it's a Microsoft service or a 3rd party service. Usually, is this process is from the bad guys, it will not show names in the fields on the "Version" tab, just garbage characters, or sometimes there will not even be a Version tab.

If you decide to delete one of these executables, search on the first part of the name without the "exe" or "dll" or whatever, because you may find copies of the offending file in the Prefetch directories with a different extension, that could be a sourde of re-infection.

G.


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
There are only 10 kinds of people; those who understand binary and those who don't...
 
Thanks for the quick reply guys. I'm on a win 2000 pro machine also and this file isn't on my pc.

Actually I've already been to and according to that site, this is a file that was added to xp and 2003 to resolve some problems in 2000. So it appears that it shouldn't be on this laptop.

Well, the user isn't going to call back till tomorrow so I'll try to find some more info.

Thanks again.
 
Finding a DLL or an EXE from a leter version of Windows in an earlier version is not unheard of. MS sometimes allows you to add functionality to an existing version of Windows via an update, while it may be included in a later version.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
There are only 10 kinds of people; those who understand binary and those who don't...
 
I've got all the latest updates on my pc and that file doesn't exist on mine. I've deleted the reg entries concerning that file from the local machine/run portion of the registry and now the machine appears to be working fine. Got the new AV software installed and scanning now. I'll let you know what I find. By the way, I have found some adware. Haven't run spybot yet but I'll let you know what I find.

Thanks.
 
Here's the verdict. Some adware which I deleted.
The wmiprvse.exe file was identified as w32.hllw.gaobot.gen.
Now that the problems solved, how about some ideas about how I can get my remotes to update their *&^% virus definitions!!!

Thanks again guys.
 
Most software can be configured to auto-update, given a constant Internet connection.

Glad you tracked your problem file down.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top