Anti-Spy.Info > File library > wmiprvse.exe

Information about wmiprvse.exe file

File: wmiprvse.exe
Name: Windows Management Instrumentation
Product: Windows
Manufacturer: Microsoft
Risk factor (Virus/Trojan/Spyware): Rating

Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur.

In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.
Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.
Note: wmiprvsw.exe is the Sasser worm!

Note: The wmiprvse.exe file file should appear only the C:\Windows\System32\ folder. If you happen to find this file in a different folder, it is possible that your wmiprvse.exe is in reality a malicious file. Many trojans and viruses try to cloak their real identity by using the names of legitimate files. Any time that you encounter a suspicious process, you should verify the digital signature and the file path, for example using Anti-Spy.Info.

Virus with same name:
W32/Sonebot-B -

User feedback

There were 604 user requests for that file. 39 users classify it as harmless. 5 users classify it as not so dangerous. 30 users classify it as neutral. 15 users considered the file to be suspicious. 25 users classify it as bad and recommend to delete wmiprvse.exe. 27 users didn't classify it ("don't know").

RatingWindows Management Instrumentation (services.msc)  link for more info Alex
Rating W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE  link for more info tarence
RatingWhen installed came up with sharing violations Joe
Ratingit kept shuttin my computer down i found it and deleted it of my pc and startin to run fine without shuttin down occurin lee
Ratingeat up all memory and caused win2k3 main services failed to run Mike
Rating win 2000 in winmgmt.exe use search feature text only then you will see the winmgt.exe if you have mor than one delete capital letter one.then open goto properties type in do not load then admin in pharentacies this should do the trick.
RatingMemory Eater that loads when using 3dmark programs Cy
Ratingits an ok thing. these other guys who have problems iwth it are duchebags. and no, i can't spell rob
RatingLoaded with ACDSee ©bROTHER
RatingAppeared after installing SMS 2003 client. Polls computer for hardware/software inventory. Daniel
Ratingspikes processor to %100 usage with 2003 server enterprise edition
RatingThis file is attacked by Trojan.Gletta.A, it would eat all the memory on my win2k3 box and cause services to fail Gary
RatingIf found in windows\system32 then delete it and search for other viruses and Trojans, if its in windows\system32\wbem then check the version and that its a Microsoft file (check the properties) and this should be left where it is. Russ
RatingWMI is very cool. but what is "wmiprvse.exe -Embedding"? seanick
RatingStarted up with Windows XP home, then exited after a few minutes...tracked file...harmless MS exe Dennis
RatingI have this file located in C:\WINDOWS\system32\wbem folder, it is from WinXPsp2 gaming
RatingWell if it isn't dangerous its at least extremely annoying. Steph
RatingI found it in the system32\wbem folder. Apparently a search on wbem with google reveals that it is associated with Sun Microsystem's Java. Nothing to fear. Pepsibot
RatingKeeps 'ecountering problems' and closing. Buggers some games. alex
RatingThis .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty knighTslayer
RatingWindows Management Instrumentation Private Server.
Ratingxp/w2k system executable. Used to run background tasks Wizard of Zo
RatingThis appears to be launching a brand new files called tipyno.exe this file causes popups and maybe more, and until this site have been unable to find what causes them. Fu Kerr
RatingIt really is a windows process, but be wary, as it's possible to be used inside a network, to monitor your processes by a sysadmin. Tano
RatingThis exe also appears to load when waupdt is running. (windows automatic update) It closes itself when the AU finishes checking the windows update database.  link for more info dog
RatingPeriodically grabs loads of cpu time and works the disk. It pauses when task manager is activated. It vanishes and reappears. Kaled
RatingXP SP2 is taking forever to start up and this seems to be one of the problems
Ratingstarts when runnning tasklist /svc in cmd prompt. located in ..\wbem anonymous
RatingHi this file come from SP2 i see this from the install date. Reign
Ratinglocated in ..\system32\wbem folder - new since sp2.... mike
Ratingit alerts me when a change occurs in WXP operating system.
RatingLegitimate part of windows D.
RatingThis program allows you to query/update information from the Common Information Model. It's basically a standardized database with standard namespaces which can be found across multiple OS's. It allows programmers/System Administrators to inventory/debug/etc. SMS 2K3 has inventory tools which use WMI to monitor your computer. It's not *that* dangerous. It has built-in security to make you authenticate to windows but... I included a link to Microsoft's website that gives much more information on WMI  link for more info -=(TherMite)=-
RatingIt's lunched from a Microsoft game used by Direct Play 9  link for more info Jeep
Ratingsame over here - dozens of wmiprvse.exe tasks eat up all memory on my w2k3 Server, generate 100% Server load and DHCP and WWW-Services refuse to start.
Ratingi use winXP Pro ,it appears for a few minute after starting up windows,then excited .
Ratingappeared lately and caused my mouse to lag.
RatingDoesn't seem to cause any problems, comes and goes as it sees fit
Ratingcausing problems Bill Haughee
RatingPops up randomly without me doing anything and lose connection for brief second, Errors occur with online games Ryan
RatingRestarts my PC every 5 or 8 Minutes. Stupid Trojan acting like Blaster/Sasser (Crashes RPC). Even In safe mode & networking! anonymous
Ratingattached to the dotnetfx download from microsoft, started running after the install simultaneously with dllhost.exe very irritating, if you don't need it get rid of it (remote access issues). mike
RatingNot needed and can also be a virus, stop process now. Nate
RatingThis file (or something else related to a folder on my system called srchasst) is causing ads to pop up when im doing searches on google. Like, something about and it just uses whatever you searched for in the title of the ad. also its slowing my ie down to almost stopping point and im on cable. HELP? slinky
Ratinggot 2 hits from search results (cpu), one .exe and one .pf :: Virus Guard ::
RatingIt is a windows file but some viruses do seem to hijack it.  link for more info Seb
RatingAppears after installing part or whole of Microsoft Visual Studio .NET 2002 and higher versions. Supposedly is there to facilitate Client/Server development schemes. Annoying. Yeah
RatingOn my PC, it's the Win XP one - but its run for no good reason, getting caught by my firewall: wmiprvse.exe (cnmub5i.dll). I don't trust it, and have no problems terminating it. More info on WHY or for what its needed would be appreciated. AlleyKat
RatingIt is a legitimate file for sp2, but slows startup significantly. perry
RatingI hate it! It keeps lagging my connection! It causes a two to five second connection lag. It's not much, but it makes me keep loosing connection in certain MMORPGs. Very annoying, and is more persistent than a virus.
RatingAs mike says above, it can also be found in C:\Windows\system32\wbem\ Sean Et Cetera
RatingBig Brother software AB
RatingI have had XP machine for 3 months. Only attempt of process to access web was when performing Windows Automatic Update for first time tonight. Seems harmless, 0% cpu and 4.6 Meg memory usage. Mick
RatingIt, together with svchost.exe , is working my hardisk so much that battery life on my laptop is down to 1/3 of what it could be. O
Rating all the sudden my cpu was running full tilt and i had a new process... checked my updated schedule and it is definitely associated
RatingI found this with a virus! as you said, this relates to SP2, something i didnt trust anyway. AdarkA h8s MS
RatingNot much, but it doesnt seem to do anything Pyrothekilla
RatingSeit "Cole2k Media Codec Pack". NAV meint das es kein Virus ist .... mAd
RatingIt is from WinXP Service Pack2 Don
RatingStarts when you opent 3dmark and ends when you close 3dmark GFX
RatingI found it running right after booting up, then it vanished. joe
Ratingcan i kill the svc without problems or not? Tim
RatingYou see it with Winxp SP2 because Windows Firewall, and the Security Center uses it. Oprime
Ratingok, I know for sure it isn't part of xp2 cause I don't have xp2 on ths machine and I have WMIPRVSE.EXE running in the background. Just goes to show that you can't really trust anything on these boards. Jesseq
Ratingcauses me to blue scrren/advanced system info had ? al by it and has slowwed comp and ups processor to 100% Jonathan
Ratingpops up when after windows update ran (after restart, which is quite strange), mysteriously closed soon after i opened task manager, but really harmless prikolist
RatingShowed up first time for me with Razor Diamondback mouse driver installation,,, dc4bs
Ratingall I know is I have never seen it running before in task manager... I noticed this 6 hrs after alarm clock was due to go off (I use WMP and Task Scheduler to run MP3s as an alarm clock). but... if wmiprvse.exe is indeed a virus, it's very very very freakin annoying Rick
RatingI found if you lose this file it becomes nearly impossible to install anything or even update windows. Zazu
Ratingwird bei Neustart ausgeführt, Netzwerkdienst aber in lokale Dienste nicht aufgeführt Axel
RatingIt is a standard windows system proces for updating the system J!km!l
RatingLoaded with NEROVISION anyway the prog crash and no occurs in the event viewer... does it really need to anything? Blacknote
Ratingyou can't simply terminate it with the taskmanneger it starts automaticly again poll
RatingSeems to have become activated after setting up SMS 2003 pn the network kev
RatingDCOM-Server  link for more info AxelC
Ratingcontinually locks the task bar and quick launch buttons and wont allow me access to the c drive DoublyHateMS
Ratingit wasnt in the directory you said it should be, i denied it internet access, well see what happens now MagicMarker
RatingSlowed my dual core 1.7 Mhz system down to PIII 500 Mhz speeds - pausing/stopping this service did the trick christopher
RatingAppeared after installing Adobe Acrobat Reader 7. Eats up ALL my cpu time. wmi hater
RatingThis stupid file keeps starting up while i play games online,we use Revrend anti-cheat program.Every stinkin time it starts(wmiprvse.exe) my computer lags big time . scott
RatingThere is a trojan that attaches itself to this file, but otherwise, it is a legitimate part of Windows XP. Raffi
RatingWhen I stop it, the SP security center also stops. I keep it running Marco
RatingI am a blind computer user and I use the screen reading software, this wmiprvse.exe process will actually crash jaws if I have to many internet operations running Sita
RatingIf you go to Windows Update , and then close de window "update" it will disappear. AL.
RatingIt brings up the cpu usage to 100% and restarts the system after every 8 - 10 mnts. Very much annoying DH
RatingIt's making my computer shut down
RatingCauses random popups with Google; destroyed display settings along with direct3d related programs. Zuwxiv
RatingIt seems to be dangerous. It's consuming all my cpu time. When I delete or rename the process, it comes again. I think it coul be a virus, but I didn't find what... Lazaro Freire
RatingAfter updating Windows XP with SP2 my PC takes about 3 minutes to sort itself out before I can do anything. I had a look in the process information and it this CSRSS.exe file. Most annoying.
Ratingfirewall detected it, for some reason accepted it, now i cannot take it out of the "allowd connections", although it not clearly says allowd. since then the calculator keeps poping up unasked vince
RatingCheck your taskmgr if it has 2 instances, one as SYSTEM other with your user. There should be one with SYSTEM, the other effects your system and CPU to go up 100% by suspecting other processes. seoguru
Ratingi know i disabled it in the services and nothing happend. also i never did notice it there till today when i got a worm and it even started to show up in the processes.. killed it and everything fine. Nate
RatingWindows Management Instrumentation. On XP SP2, the Windows Firewall + Connection Sharing Service depends on this one. Very annoying. Disable both in Adminstrative Tools/Services but first install a couple of real firewalls!
RatingWindows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur. DNA9000
RatingI spot it after the firewall poped up, it was in the windows xp sp2 directory IRNBRU
Ratingi know that u can`t delete it or shutting down . it`s very annoying ! DuKe4TrANcE
RatingTrend Micro asked me to delete it to help resolve a problem with PcCillin and internet behind a router... dbCooper
RatingI see it on Taskmanager&ProcessExplorer all the time; it don't use any CPU time while I'm watching Twig
RatingI'm running WinXP Pro SP2 and I got 2 of 'em. Their in system32/wbem and SP2 i381 folders. Tom
Ratinglegit part of winxp-sp2... T-Rust
Ratingit's a windows system process Wayne
Rating"This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty" ??? Ignore this info, you don't want to be doing that trust me. If there is a masquerading virus with this file. trust your antivirus to spot it. 80kConsultant
RatingNot really know what it's for but it starts up with XP and then it dissapears but when it's running it shurely hogs up alot of resources I wonder if this is the cause of my online gaming problems and causes my connection to freeze if i were you guys I would google it extensively and make sure if it's ok to delete otherwise you would be up a creek without a paddle if you do and your system could go apeshit
RatingThe WMIPRVSE.EXE application crash when you add or remove a HDD on a WinXP SP1 system, but no effects on the system. Rael
RatingOnly causes problems when the is more than one copy in system. For Winsdows XP, It should be located in: C\windows\system32\wbem. Delete all other copies and it shopuld fix the hangups. Multipble copies are usually caused by downloading of music, pictures and ebooks. Note: wmiprvsw.exe is the Sasser worm! The wmiprvse.exe file is located in the c:\windows\System32 folder. Novawatcher
Ratingi dont have sp2 - but it loaded after i installed microsoft software - it is a microsoft monitor of some kind - if you installed anything new that is from microsoft or uses microsoft software in any way it will load - takes 4k of mem usage even when not using any MS products voodoolady
Ratingwhere is the original wmiprvse.exe genuine windo2ws file spose to live as above you say Note: The wmiprvse.exe file file should appear only the C:\Windows\System32\ folder. If you happen to find this file in a different folder, it is possible that your wmiprvse.exe is a virus then tarence below writes W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE i have it running in my taskmananger but its not in system32 folder . I think mine is the normal windows and not a virus found the virus i was looking for hotkeysvc.exe came from a link in the new msn beta when i ran it sent itself to my whole address book. Jason
Ratingi dont have sp2 installed and it is in C:\Windows\system32\wbem\ folder Someone
Ratingstart with 3dmark 2001 SE zoidberg
RatingThis file uses more cpu when i use robocopy to sync 2 servers. Floris (
RatingIt keeps shutting down my Norton Anti Virus and closing my computer. Tried everything... Sterrenplukker
RatingBlack Ice firewall indicates it was called from atprint.dll which is in turn associated with Webex Player. head4heights
RatingPuede causar problemas si es infectado por un virus, ya que se inicia al principio de la carga de windows y después debe desaparecer, si se mantiene, es porque algo raro está sucediendo y debe ser revisado con un antivirus actualizado. Rodrigo
RatingSeems to appear anytime the computer needs system information, like cpu speed, temps, graphic speed, etc. Vanishes after about a minute. tytlyf
RatingLocks up my pc unless i go into task manager and kill it for 5 minutes every time i start up teresa
RatingReally slows down the startup process on a reboot. MIke
Ratingwell, definetley not from SP2 for information, Xp home Edition, just reformatted and installed and its still here!! J_D
RatingI do not have sp2 and I run a process management software (It asks me whenever a process want to start or if it has been modified) I do not alow windows update to install anything (I don't trust it). Well my management software warned me that this file wanted to start and since i have not installed anything that would bring this file along I count it as a virus and didn't allow it to start and I have'nt experienced any problems.
If you know more about wmiprvse.exe, so post it here.
Your opinion:
Your info
about that file:
Website with further details:
Your Name:

Search Results for wmiprvse.exe in

Other files

ctfmon.exe dllhost.exe kernel32.dll lsass.exe mstask.exe regsvc.exe rundll32.exe services.exe spoolsv.exe system winmgmt.exe wisptis.exe wmiexe.exe wmiprvse.exe wscntfy.exe [all]
© Anti-Spy.Info