| All comments about wmiprvse.exe: |
 Alex | Windows Management Instrumentation (services.msc) See also: Link |
 tarence | W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE See also: Link |
| Joe | When installed came up with sharing violations |
 lee | it kept shuttin my computer down i found it and deleted it of my pc and startin to run fine without shuttin down occurin |
| Mike | eat up all memory and caused win2k3 main services failed to run |
 | win 2000 in winmgmt.exe use search feature text only then you will see the winmgt.exe if you have mor than one delete capital letter one.then open goto properties type in do not load then admin in pharentacies this should do the trick. |
| Cy | Memory Eater that loads when using 3dmark programs |
| rob | its an ok thing. these other guys who have problems iwth it are duchebags. and no, i can't spell |
| ©bROTHER | Loaded with ACDSee |
| Daniel | Appeared after installing SMS 2003 client. Polls computer for hardware/software inventory. |
| | spikes processor to %100 usage with 2003 server enterprise edition |
| Gary | This file is attacked by Trojan.Gletta.A, it would eat all the memory on my win2k3 box and cause services to fail |
| Russ | If found in windows\system32 then delete it and search for other viruses and Trojans, if its in windows\system32\wbem then check the version and that its a Microsoft file (check the properties) and this should be left where it is. |
| seanick | WMI is very cool. but what is "wmiprvse.exe -Embedding"? |
| Dennis | Started up with Windows XP home, then exited after a few minutes...tracked file...harmless MS exe |
| gaming | I have this file located in C:\WINDOWS\system32\wbem folder, it is from WinXPsp2 |
| Steph | Well if it isn't dangerous its at least extremely annoying. |
| Pepsibot | I found it in the system32\wbem folder. Apparently a search on wbem with google reveals that it is associated with Sun Microsystem's Java. Nothing to fear. |
| alex | Keeps 'ecountering problems' and closing. Buggers some games. |
| knighTslayer | This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty |
| | Windows Management Instrumentation Private Server. |
| Wizard of Zo | xp/w2k system executable. Used to run background tasks |
 Fu Kerr | This appears to be launching a brand new files called tipyno.exe this file causes popups and maybe more, and until this site have been unable to find what causes them. |
| Tano | It really is a windows process, but be wary, as it's possible to be used inside a network, to monitor your processes by a sysadmin. |
| dog | This exe also appears to load when waupdt is running. (windows automatic update) It closes itself when the AU finishes checking the windows update database. See also: Link |
| Kaled | Periodically grabs loads of cpu time and works the disk. It pauses when task manager is activated. It vanishes and reappears. |
| | XP SP2 is taking forever to start up and this seems to be one of the problems |
| anonymous | starts when runnning tasklist /svc in cmd prompt. located in ..\wbem |
| Reign | Hi this file come from SP2 i see this from the install date. |
 mike | located in ..\system32\wbem folder - new since sp2.... |
| | it alerts me when a change occurs in WXP operating system. |
| D. | Legitimate part of windows |
| -=(TherMite)=- | This program allows you to query/update information from the Common Information Model. It's basically a standardized database with standard namespaces which can be found across multiple OS's. It allows programmers/System Administrators to inventory/debug/etc. SMS 2K3 has inventory tools which use WMI to monitor your computer. It's not *that* dangerous. It has built-in security to make you authenticate to windows but... I included a link to Microsoft's website that gives much more information on WMI See also: Link |
| Jeep | It's lunched from a Microsoft game used by Direct Play 9 See also: Link |
| | same over here - dozens of wmiprvse.exe tasks eat up all memory on my w2k3 Server, generate 100% Server load and DHCP and WWW-Services refuse to start. |
| | i use winXP Pro ,it appears for a few minute after starting up windows,then excited . |
| | appeared lately and caused my mouse to lag. |
| | Doesn't seem to cause any problems, comes and goes as it sees fit |
| Bill Haughee | causing problems |
| Ryan | Pops up randomly without me doing anything and lose connection for brief second, Errors occur with online games |
| anonymous | Restarts my PC every 5 or 8 Minutes. Stupid Trojan acting like Blaster/Sasser (Crashes RPC). Even In safe mode & networking! |
| mike | attached to the dotnetfx download from microsoft, started running after the install simultaneously with dllhost.exe very irritating, if you don't need it get rid of it (remote access issues). |
| Nate | Not needed and can also be a virus, stop process now. |
| slinky | This file (or something else related to a folder on my system called srchasst) is causing ads to pop up when im doing searches on google. Like, something about freedictonary.com and it just uses whatever you searched for in the title of the ad. also its slowing my ie down to almost stopping point and im on cable. HELP? |
| :: Virus Guard :: | got 2 hits from search results (cpu), one .exe and one .pf |
| Seb | It is a windows file but some viruses do seem to hijack it. See also: Link |
| Yeah | Appears after installing part or whole of Microsoft Visual Studio .NET 2002 and higher versions. Supposedly is there to facilitate Client/Server development schemes. Annoying. |
| AlleyKat | On my PC, it's the Win XP one - but its run for no good reason, getting caught by my firewall: wmiprvse.exe (cnmub5i.dll). I don't trust it, and have no problems terminating it. More info on WHY or for what its needed would be appreciated. |
| perry | It is a legitimate file for sp2, but slows startup significantly. |
| | I hate it! It keeps lagging my connection! It causes a two to five second connection lag. It's not much, but it makes me keep loosing connection in certain MMORPGs. Very annoying, and is more persistent than a virus. |
| Sean Et Cetera | As mike says above, it can also be found in C:\Windows\system32\wbem\ |
| AB | Big Brother software |
| Mick | I have had XP machine for 3 months. Only attempt of process to access web was when performing Windows Automatic Update for first time tonight. Seems harmless, 0% cpu and 4.6 Meg memory usage. |
| O | It, together with svchost.exe , is working my hardisk so much that battery life on my laptop is down to 1/3 of what it could be. |
| | all the sudden my cpu was running full tilt and i had a new process... checked my updated schedule and it is definitely associated |
| AdarkA h8s MS | I found this with a virus! as you said, this relates to SP2, something i didnt trust anyway. |
| Pyrothekilla | Not much, but it doesnt seem to do anything |
| mAd | Seit "Cole2k Media Codec Pack". NAV meint das es kein Virus ist .... |
| Don | It is from WinXP Service Pack2 |
| GFX | Starts when you opent 3dmark and ends when you close 3dmark |
| joe | I found it running right after booting up, then it vanished. |
| Tim | can i kill the svc without problems or not? |
| Oprime | You see it with Winxp SP2 because Windows Firewall, and the Security Center uses it. |
| Jesseq | ok, I know for sure it isn't part of xp2 cause I don't have xp2 on ths machine and I have WMIPRVSE.EXE running in the background. Just goes to show that you can't really trust anything on these boards. |
| Jonathan | causes me to blue scrren/advanced system info had ? al by it and has slowwed comp and ups processor to 100% |
| prikolist | pops up when after windows update ran (after restart, which is quite strange), mysteriously closed soon after i opened task manager, but really harmless |
| dc4bs | Showed up first time for me with Razor Diamondback mouse driver installation,,, |
| Rick | all I know is I have never seen it running before in task manager... I noticed this 6 hrs after alarm clock was due to go off (I use WMP and Task Scheduler to run MP3s as an alarm clock). but... if wmiprvse.exe is indeed a virus, it's very very very freakin annoying |
| Zazu | I found if you lose this file it becomes nearly impossible to install anything or even update windows. |
| Axel | wird bei Neustart ausgeführt, Netzwerkdienst aber in lokale Dienste nicht aufgeführt |
| J!km!l | It is a standard windows system proces for updating the system |
| Blacknote | Loaded with NEROVISION 3.0.1.14... anyway the prog crash and no occurs in the event viewer... does it really need to anything? |
| poll | you can't simply terminate it with the taskmanneger it starts automaticly again |
| kev | Seems to have become activated after setting up SMS 2003 pn the network |
| AxelC | DCOM-Server See also: Link |
| DoublyHateMS | continually locks the task bar and quick launch buttons and wont allow me access to the c drive |
| MagicMarker | it wasnt in the directory you said it should be, i denied it internet access, well see what happens now |
| christopher | Slowed my dual core 1.7 Mhz system down to PIII 500 Mhz speeds - pausing/stopping this service did the trick |
| wmi hater | Appeared after installing Adobe Acrobat Reader 7. Eats up ALL my cpu time. |
| scott | This stupid file keeps starting up while i play games online,we use Revrend anti-cheat program.Every stinkin time it starts(wmiprvse.exe) my computer lags big time . |
| Raffi | There is a trojan that attaches itself to this file, but otherwise, it is a legitimate part of Windows XP. |
| Marco | When I stop it, the SP security center also stops. I keep it running |
| Sita | I am a blind computer user and I use the screen reading software, this wmiprvse.exe process will actually crash jaws if I have to many internet operations running |
| AL. | If you go to Windows Update , and then close de window "update" it will disappear. |
| DH | It brings up the cpu usage to 100% and restarts the system after every 8 - 10 mnts. Very much annoying |
| | It's making my computer shut down |
| Zuwxiv | Causes random popups with Google; destroyed display settings along with direct3d related programs. |
| Lazaro Freire | It seems to be dangerous. It´s consuming all my cpu time. When I delete or rename the process, it comes again. I think it coul be a virus, but I didn´t find what... |
| | After updating Windows XP with SP2 my PC takes about 3 minutes to sort itself out before I can do anything. I had a look in the process information and it this CSRSS.exe file. Most annoying. |
| vince | firewall detected it, for some reason accepted it, now i cannot take it out of the "allowd connections", although it not clearly says allowd. since then the calculator keeps poping up unasked |
| seoguru | Check your taskmgr if it has 2 instances, one as SYSTEM other with your user. There should be one with SYSTEM, the other effects your system and CPU to go up 100% by suspecting other processes. |
| Nate | i know i disabled it in the services and nothing happend. also i never did notice it there till today when i got a worm and it even started to show up in the processes.. killed it and everything fine. |
| | Windows Management Instrumentation. On XP SP2, the Windows Firewall + Connection Sharing Service depends on this one. Very annoying. Disable both in Adminstrative Tools/Services but first install a couple of real firewalls! |
| DNA9000 | Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur. |
| IRNBRU | I spot it after the firewall poped up, it was in the windows xp sp2 directory |
| DuKe4TrANcE | i know that u can`t delete it or shutting down . it`s very annoying ! |
| dbCooper | Trend Micro asked me to delete it to help resolve a problem with PcCillin and internet behind a router... |
| Twig | I see it on Taskmanager&ProcessExplorer all the time; it don't use any CPU time while I'm watching |
| Tom | I'm running WinXP Pro SP2 and I got 2 of 'em. Their in system32/wbem and SP2 i381 folders. |
| T-Rust | legit part of winxp-sp2... |
| Wayne | it's a windows system process |
| 80kConsultant | "This .exe was stopping admin shares, sharing, access to registry, command prompt and other applications. stop the process and clear the 'kernel checker' from the run key in the regsrty" ??? Ignore this info, you don't want to be doing that trust me. If there is a masquerading virus with this file. trust your antivirus to spot it. |
| | Not really know what it's for but it starts up with XP and then it dissapears but when it's running it shurely hogs up alot of resources I wonder if this is the cause of my online gaming problems and causes my connection to freeze if i were you guys I would google it extensively and make sure if it's ok to delete otherwise you would be up a creek without a paddle if you do and your system could go apeshit |
| Rael | The WMIPRVSE.EXE application crash when you add or remove a HDD on a WinXP SP1 system, but no effects on the system. |
| Novawatcher | Only causes problems when the is more than one copy in system. For Winsdows XP, It should be located in: C\windows\system32\wbem. Delete all other copies and it shopuld fix the hangups. Multipble copies are usually caused by downloading of music, pictures and ebooks. Note: wmiprvsw.exe is the Sasser worm! The wmiprvse.exe file is located in the c:\windows\System32 folder. |
| voodoolady | i dont have sp2 - but it loaded after i installed microsoft software - it is a microsoft monitor of some kind - if you installed anything new that is from microsoft or uses microsoft software in any way it will load - takes 4k of mem usage even when not using any MS products |
| Jason | where is the original wmiprvse.exe genuine windo2ws file spose to live as above you say Note: The wmiprvse.exe file is located in the c:\windows\System32 folder. In other cases, wmiprvse.exe is a virus then tarence below writes W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE i have it running in my taskmananger but its not in system32 folder . I think mine is the normal windows and not a virus found the virus i was looking for hotkeysvc.exe came from a link in the new msn beta when i ran it sent itself to my whole address book. |
| Someone | i dont have sp2 installed and it is in C:\Windows\system32\wbem\ folder |
| zoidberg | start with 3dmark 2001 SE |
| Floris (www.DataSmit.nl) | This file uses more cpu when i use robocopy to sync 2 servers. |
| Sterrenplukker | It keeps shutting down my Norton Anti Virus and closing my computer. Tried everything... |
| head4heights | Black Ice firewall indicates it was called from atprint.dll which is in turn associated with Webex Player. |
| Rodrigo | Puede causar problemas si es infectado por un virus, ya que se inicia al principio de la carga de windows y después debe desaparecer, si se mantiene, es porque algo raro está sucediendo y debe ser revisado con un antivirus actualizado. |
| tytlyf | Seems to appear anytime the computer needs system information, like cpu speed, temps, graphic speed, etc. Vanishes after about a minute. |
| teresa | Locks up my pc unless i go into task manager and kill it for 5 minutes every time i start up |
| MIke | Really slows down the startup process on a reboot. |
| J_D | well, definetley not from SP2 for information, Xp home Edition, just reformatted and installed and its still here!! |
| | I do not have sp2 and I run a process management software (It asks me whenever a process want to start or if it has been modified) I do not alow windows update to install anything (I don't trust it). Well my management software warned me that this file wanted to start and since i have not installed anything that would bring this file along I count it as a virus and didn't allow it to start and I have'nt experienced any problems. |
| RKelly | XP Pro - Sucks all CPU Usage on a few workstations within 15 minutes of bootup! |
| FeFe | When I tried to shut it down it keeped reappearing until I deleted it from system32\wbem just after shutting it down. Let's hope it won't appear again. :) |
| ed | loads w/ xp but dissapears after *weird* |
| Max | Dangerous only if you find the following line in the registry: Kernel_check = wmiprvse.exe |
| shitto de bago | runs when you run WINMSD |
| Craig | First saw it after loading Malicious Software detector so I think that's what it is. Only ran for about a minute then it quit. |
| (0_0) | dunno about it but wmiprvsw is a virus (sasser i think). If you have trouble,check if it's not this one instead.... |
| diowrite | This file took my dinner pizza and ate it. Then, it attacked my girlfriend and gave her Trojans. Then, it stole my car. Sheesh! At least, it is not that much of a problem like some viruses. I don't like my girlfriend that much anyway. The car, well, it is old. But the Pizza, now, that was a problem! |
| Avoid | It started showing up when I installed new drivers for VGA card, and now it runs everytime I play game, so I actually can't play them. It's like playing online game with 600 lag. Pisses me off |
| Phil | wmiprvse.exe only appeared on my processes when i had installed directx and the system need to restart. therefore i would say it holds info in relation to the start up it needs |
| Raelian777 | The original file from Microsoft gets placed in the Located at C:\WINDOWS\System32\wbem\wmiprvse.exe . If you find it anywhere else then you should be suspicious for sure. See also: Link |
| Sol Rosenberg | I like it, it is nice, and most of your computers and friends computers will have it, also many of the computers that stores sell have this item with it....Thank you |
| Amy | Its found in C:\Windows\system32\wbem\ in my Windows XP SP1 . Its run with my windows and always demands to connect to the internet |
| ifLogic | Supports Windows Internet Connection Sharing and other such services. Without it running, ICS wont be able to operate correctly. |
| fedup | One day we will need to computers, one to work on and one to run management-software/security/antivirus/defrag/antispyware |
| Baldy Gitt | It showed up after something blocked my email client and dissappeared again shortly afterwards |
| Cade | Its in the C:\Windows\System32\wbem folder. It seems harmless enough. |
| poofingers | we know nothing about this file but we think rob is the douchebag |
| bridge | it is a real big one, chuck norris used it in one of his episodes See also: Link |
| Mld_As | in system32/devmon (or something like that) |
| thor | system process See also: Link |
| stripwax | This loads and unloads itself automatically in Windows XP, because it is a separate process used just to handle management requests. 100% safe on uninfected systems. If it seems to stay loaded for ever, eating memory or CPU, then your version of wmiprvse is probably not the original Microsoft version (i.e. your file has been replaced by a virus) |
| windowsxp | Used by built in Windows XP firewall, ICS (internet connection sharing), Security Centre, etc, among other things. Stopping the Windows Management Instrumentation service should stop wmiprvse from running- but might also prevent firewall, ICS and Security Centre for working to. Disable it at your own risk. |
| CyD3r_DrYnK3r | After reading all of the above posts I have no doubt in my mind that it is messing with my online gaming, it keeps shutting me down. I have never seen it before in task manager and do not know where it has come from. I try and delete it but it keeps reappearing. Please help!!! |
| Maya75 | "technology for accessing management information in an enterprise environment" "most useful in enterprise applications." To turn it off, Start - Run - services.msc - double-click on "Windows Management Instrumentation" and set disabled See also: Link |
| ad13 | Loaded by any programs which use WMI. This is basically anything that polls hardware devices on windows these days. Like all processes, viruses occasionally use this file name. You need to check that its in %system32%\wbem |
| rod in slc ut | somehow my programs ive installed dont work or cant be uninstalledfron add/removeand to use the programs i gotta reinstall over the missing files to get tthem to run for a lil bit before they disapear again |
| | the exception unknown software exception (0x0000409) occurred in the application at location 0x716714a1 |
| Digi | Once a day it would stop my wireless USB, I would need to reboot.... DELETED! |
| PhiLPhiL | On all my computers It's in this folder: C:\Windows\system32\wbem\ |
| EXO | ran for a minute or so at 50% CPU utilization ... then shut down |
| BEN DORIN | it started after installatio of a bluetooth mouse from logitech See also: Link |
| | Mine won't quit at all. Disallows sharing with p2p programs |
| | not a memory eater uses no cpu/ram/pagefile |
| nEopSYkO | Windows Management Instrumentation |
| Keld | Only what i read on this page |
| Frenulum | Malicious Software detector |
| Julio | searching the file name |
| Skw | Argh... this WMIPRVSE.EXE messed my network, until I blocked it with firewall. Now everything works fine. |
| Carmine | Horrible, this file seems to eat up cpu and mem. It appeared in windows task manager 32 times and spiked my cpu usage to 100%, don't know what it is but this is why I normally have a mac running OSX and yellowdog... |
| The Don | well if it eats ram, not present on a fresh install, delete the f++ekr. |
| paul | showshifter runs slow and crashes if this is running |
| dude | Makes a pc at work crash every single night . I check the logs the next day and it tells me stories about DCOM and insufficient memory and our friend wmiprvse.exe -embedding. Its not as cool as some of you make it to be. |
| Silly | It pops up sometimes, uses all available memory and CPU power and dissapears after a while. A very usefull enterprise tool on a stand-alone system... Acutally I think it's an advertisement for Linux. |
| bocher | I found if stop this process I get no sound on my computer. |
| Adam | found in system32\wbem\ folder. Unsure |
| 1xm1n | If you dissable it in Services.msc you wont get any info on you CPU or ram in system info. Infact any programme that will show you System info and the chances are you will get nothing. 3D mark is one example also.So more or less as far as I can see its just a tool to show system info. I dissable it in services.msc and it never ever show up. I dont need anything to tell me what I have under the hood and have it take valuiable usage at the same time. Just dissable it in services.msc as its 100% usless. |
| UD | wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated. |
| m0n | This is a management file! You use it to get system information over a network or locally. We used this in our company a few times to find out what users had what software installed. This would only cause a problem IF it was infected, or corrupted itself whiel installing osmething! |
| mrx.t | Wmiprvse.exe is used by DELL. Remove OMCI will fix See also: Link |
| Oli | Windows Management Instrumentation is a core part of administer windows. It's mostly used for writing applications to administer computers/servers. If you're more of a normal user and it's eating up resources, try stopping and disabling it via the services tool under computer management. However, there will be a few apps that do hook into WMI and therefore depend on it. Windows itself runs fine without it running as, at the end of the day, it's just an interface for applications. |
| Hammer92 | Standard MS process |
| Oli | Windows Management Instrumentation is a core part of administer windows. It's mostly used for writing applications to administer computers/servers. If you're more of a normal user and it's eating up resources, try stopping and disabling it via the services tool under computer management. However, there will be a few apps that do hook into WMI and therefore depend on it. Windows itself runs fine without it running as, at the end of the day, it's just an interface for applications. |
| Arttu Korhonen | Read above, but are You sure it is a virus if it is not in system32? I have it under the system32 in wbem directory. |
| hobrob | eventvwr shows loadperf then app crashes, loadperf starts wmiaprpl.exe for HD prefetching. Only process I can see tho is wmiprvse & cant kill it. 2 copies in Win x64, system32/wbem & sysWOW64\wbem, & related file in WINDOWS\Prefetch |
| NAOK | It's a problem, when 2 of these are running it stops my internet connection but it usually stops after a while and it will work again. If it's a windows file why can't i find anything about it from microsoft. |
| sparx | seems to be associated with my computer making random prompt sounds !? |
| Mason | Annoying Bastard. Takes up CPU and spins the disc. I Close it then seconds later it comes back up. |
| Chia | it ran tiwce on start up and my games are lagging. i don't know if this is the cause but it's getting really annoyed with whatever keeps doin this. No overly large CPU usage and this is on a laptop. xp on laptop. |
| Gaz | The version that comes with windows is a hardware querying tool. For example, when you right click on my computer and choose properties the WMI talks to your computer to tell you what processor you have and memory. It is also used in when using device manager. Dont know if there are virus versions which do something different |
| ike | I blocked this exe's attempt to contact the Department of Homeland Security. That's right, our computers are watching us. I have blocked several programs from trying to contact the DHS. |
| nDarkDuck | Think is what M$ useas to restart ur commputer when your trial time has expired on x64 |
| Digi.w | I don't know anything about this process, and it didn't harm my PC, I just check it for safety |
| harl | starts with emule twice, quits for one after a while and the second when exiting or killing emule as well. it doesn't do anything good nor bad, so that's a neutral. eMule seems to access to have access to it while it's loaded and especially when previewing files currently being downloaded. i've got no further idea what it'd be good for in combination with emule, and there's no other program with me so far that uses it. |
| jnic | w/XP SP2 it's sucks up 100% of my Cpu |
| leo | crashes some 3d games, remove it, nothing goods comes out of it |
| XC | Don't know it before seeing it want to log entry to network running without any reason |
| Wokka | Its one of about 50 exe files in my task manager, actually 2 of them |
| Techno | It eats up your internet speed |
| DZ | It's a useless program that SHOULD be terminated. There are exploits which cause this file to download another file off the net, as happened to me yesterday night. I wake up this morning and this process tried to download a "downloader" called wintyts32.exe but mcaffee detected it and erased it. Dangerous as hell and useless. |
| mooney | slows things down big time. disable it according to maya75 and things are back to normal |
| Eric Van der Borght | wmiprvse.exe is a part of the Microsoft Windows Operating System and deals with WMI operations thourgh the WinMgmtexe process. This program is important for the stable and secure running of your computer and should not be terminated. |
| JP | The valid version of this file loads with System Information and unloads with it as well, so far I have not seen any malicious behavior. |
| Papa | If its not in system32\wbem then its a virus! |
| Martyn Hare (NthDegree) | First of all WMI is as safe as anything, Second of all i have never had pop-ups where's your security peeps!!! It is part of windows management instrumentation, if you dont like it then run services.msc and disable it. |
| Stephen | It is continually clocking up 320 page faults a second and slowing the syste,/ |
| | Found 2!!!! file in my WBEM folder one in capital letters one in normal.. both where .exe.. i deleted the capital one because i read somewehere thats the virus file.. after doing that, the desktop still need 10 misn to load which it didnt before this thing occured |
| darkzi | Genuine M$ Process, some virii/trojan use this filename, so virus scan |
| Philip Ennis | if its in WBEM then it's cool, anywhere else its nasty |
| Kl | part of WinXP. it is needed for instance,if you run an online virus scann |
| Richard from France | Might do something more or les usefull, in order to lure users and convince them to keep it running. But probably is a spyware from Crossoft, as it opens ports in the "listening" state, and makes the light on your modem blink constantly... I'm trying to find a way to eradicate it. |
| Your Mum | This loads and unloads itself automatically in Windows XP, because it is a separate process used just to handle management requests. 100% safe on uninfected systems. If it seems to stay loaded for ever, eating memory or CPU, then your version of wmiprvse is probably not the original Microsoft version (i.e. your file has been replaced by a virus) |
| Thattus | Spikes CPU-usage to 100% every couble of seconds. Anoying little bastard. I want to get rid of it. I think I should by a mac and get rid of microsoft too. |
| Phase | mine was 126,464 bytes I turned off microsoft management instrumentation then moved it to a new folder.. my computer crashed upon reboot twice and wouldn't shut down. |
| Ben | Mine seems to pop up whenever I have hacked versions of Vegas or Acid open and the date/time has three 6's in it somewhere. That's definitely a mal software of some sort. There's the legit copy file, then there's a prefetch one. It causes my computer to slow to a crawl, with only momentary acceptance of inputs. The computer beeps a bunch in between if I click on the mouse. Under Vegas it made the computer blue screen and reboot. |
| John Steel | From the Services description for Windows Management Instrumentation (the "wmi"): Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.--It starts for a few minutes any time there is a system change, such as when I changed PRISMXL's settings in Services to manual startup. Also connected to Windows Updates, both of which run at startup. |
| RBH | Zone Alarm popped up said: WMIPRVSE.exe trying to modify an existing driver or servide: BITS, I'm still trying to find out what all this means |
| Insanity | It stopped my fire wall and anti viruse from starting i had to go into the task Manager and shut it down, i got a really bad back door trojan and after i removed it that was there so i suspect it can eather get infected easily it or it's a viruse |
| Old Man Dan | I know I can write programs that access hardware information about a PC, and I LIKE THAT, because I don't have to write and maintain my own programs to get hardware information about a PC. It's a keeper for me. See also: Link |
| | Stop and start Windows Management Instrumentation |
| Danny B | Ha! It's funny to see all these assumptions about what WMI Services are. Here's the bottom line, if you DON'T use Windows Firewall or Security, go ahead and disable it under your Services in 'Computer Management'. WMI keeps track of your specific hardware and some software to provide REPORTING services that help the software function. With SP2, that software is the Firewall and Security services. |
| Wickedsunny | Well ity starts when i start my yahoo messenger and there are two files in the system32 folder/wbem- 1)wmiapsrv.exe and 2) wmiprvse. now which one is harmfull i cannot say. They open in syetem, local as well as network connetions in task manager. I have disabled it in services lets see if it cause problems in online games or disappears totally. |
| TheUnknownSoldier | This file (wmiprvse.exe) is definitely getting overwritten by a worm or something, because I just reinstalled Windows XP Pro SP1, and it's there, so if you have it check it. It made a bunch of files in the %system32%\prefetch dir that will start the service no matter what i run, and if I end the svchost that this is running in, my computer shuts down after a minute... I've tracked the trojan name to be W32\SONEBOT-B, but nothing will remove it that I've found. The bastard loads in safe mode, too. I've tried DoD Wiping on it and it comes back. |
| jii | when using corel or autodesk programs eats all memory and takes lot's of cpu time |
| Spike | Anybody that rated this as low/no threat has half a clue. The rest of you MORONS who rated it as a high threat should get the hell out of the IT world. |
| stax | read all the comments here - I didn't have WMIPRVSE.EXE in the original installation of XP. I'm running XP/SP1 now and I get that file when I go to windowsupdate. it is constantly 2% cpu usage. I don't trust it |
| cjs | Hogs resources; CPU usage goes to 100%. |
| developer | Wird u.a. geladen, wenn man die Windows UpDate Site besucht. Harmlos. |
| Al Marklin | Running W2K3 Server on an underpowered server (1G P3) with Exchange Services and the usual AV/spy/firewall protections, wmiprvse.exe caused CPU to spike to 100% for long periods of time. Disabling the WMI interface through services.msc dropped CPU usage down to ~47% over the same period, |
| Andrew | This file can run duplicate programs at once and I think it tries to open a peer-to-peer connection with your default download program; whether or not its downloading more viruses or uploading information to another pc not sure. |
| asmadi | Used to pop up randomly but now become frequent. It takes up 99% of my processing without me doing anything. Very annoying especially with I am doing presentation. It becomes worst when Open source application is running. |
| Kyle | i have a svchost.exe process which launches wmiprvse.exe and msmsgs.exe whenever i start my computer. The svchost process also uses the following windows services: (DCOM Server Process Launcher, Terminal Services). I don't know if this is malicious, if it is spyware? Has anyone seen something like this? |
| njcomputernetworks | I don't like the name of the file. It seems scarry to me. I wish Microsoft named the file "fluffy Bunny.exe" instead See also: Link |
| Thomas W. | Sometimes start on Win XP home hangs with this file |
| dan | this file can be hijacked by some viruses...other than that it is a perfectly normal ms process, used mainly in big network setups for administrators, and some application plug into it so they can monitor or report via it |
| geronimo | Appeared on print server after installing MOM2005 Print service Management Pack. Immediately consumed 99%CPU. Still investigating why. |
| Bullet Head | Causes Office applications (Word, Outlook, etc.) to run in some sort of "hidden" mode. When I ended the process with task manager, the applications reappeared, but so did the process. I have to end the process every time I want to use an Office application. |
| activeco | I do not like it as it has constantly been trying to access the internet. Dissallowed. |
| ikinda | giving me enormous lag spikes and disconnections while i play wow. makes me want to go out and kill something. |
| Insomniac | Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start. See also: Link |
| Milo | intregal part of WMI, starts after some services have a head fit. its there to check all is ok |
| Tiger | After I hv killed the HPtoolkit service, it back to normal. Pls try. (it is supposed to use for HP AIO printer on the network) |
| Dan | This file can get infected with A Trojan Horse/Keylogger. SCAN, SCAN, and SCAN. See also: Link |
| | Wird mit VNCViewer ausgeführt. |
| Sheap | There is nothing wrong with wmiprvse but sometimes other programs use it and in doing so make it go nuts. Find whatever program that is and get rid of it. wmiprvse itself is almost a requirement as many things use it. |
| Name | Read this if you have windows 2003. Anyways I just virus scanned and my comp was fine. See also: Link |
| Milton | Zonealarm caught ...\system32\wbem\wmiprvse.exe trying to access 64.236.38.136:80. A web server? I conclude with a previous poster about the "big brother" thing. |
| stb | WMI Performance Adapter Service, should be located in sysroot\WINDOWS\System32\wbem\. It is part of WMI, it collects performance library info, it can be disabled. |
| MadCow | Stared when I was configuring my options in MSN Messneger, ZoneAlarm firewall alerted me, don't think it's a problem but checked it's locatino just to be sure. |
| | It appears when Windows Firewall is on but it seems to do other stuff aswell... |
| Stuart Rothschild IV | Two separate computers with XP Pro got the wmiprvse.exe showing up right after subscribing to a video download site. It preevents systems from running a virus scan or Spybot Search |
| Sterk | If this service is stopped, most Windows-based software will not function properly. |
| omegajohn | Don't disable it in services, disabling OMCI will stablize system |
| Markus | Bei dem Versuch msinfo32 aufzurufen um dort auf signierte Treiber zu klicken, versuchte wmiprvse.exe eine Verbindung herzustellen zu crl.microsoft.com (131.107.115.28) über den Port 80. Warum weiß ich leider selbst nicht. |
| Robert | when i start windows it eat my computer resources and cpu is at 100% 5-20 min after start ... don't know what to do :( |
| SW | Multiple instances appear during startup and then close down at end of boot sequence (Task Manager auto-boots each time I start up), Always one in 'Network service' and one in 'System'. Two, and only 2, programs on hard drive, located in C:\Windows\system32\wbem and ...\dllcache. No known problem in my operation that I have observed. |
| Neil | This is part of the OS and poses no threat. This is used to query a computer for information. See also: Link |
| Sam | Wmiprvse.exe is a windows update service that checks for updates, downloads them, installs them to your pc all depending on your automatic updates settings. My pc in different instances would run like it was at 5 % power, things took forever to load & my hard drive light was constantly on. In my runnning processes I saw that wmiprvse.exe was running, & taking up a minimal amount of cpu. I finally instead of doing a system restore to the previous day like I usually would, I waited & let my computer sit for over 20 mins, to have windows updates popup for me to install the new updates downloaded. See also: Link |
| blub | Seems to be genuie, doesnt change the fact that its annoying as hell and generates tons of errors, delte/rename the file. |
| Self Taught. | Popped up after starting Skype and Trillian, so many of the comments above seem to make sense.I have no problems with it so far. |
| daviej | If you have the real one in sys32\wbem then no probs, multiple entries or other locations then start worrying! |
| troseph | It's just a little job that loads on startup. Not a problem unless it's on the wrong directory. |
| Dong | the process closes after the OS starts about 5 minutes |
| Norcoboy | wmiprvse.exe is a legit MS file but it could be used as a portal for spyware or virus to operate. Check the link to scan your pc courtesy of MS. See also: Link |
| Cristiano | This file is provided by WINXP:\I386\wmiprvse.sy_ It's not a virus! |
| Altare | After installing .NET 2 and Visual C++ distributable, this file would be responsible for 'hardware errors' and BSODs. Disabling the two processes in the control panel allowed me to use the system again. I of course -deinstalled- .NET 2 and Visual C++ too, since I wanted a stable PC. |
| Stephen | Causes a four minute wait in loading Neverwinter Nights 2. Wait disapears entirely if I end it in Task manager. I've only got one in the system32/wbem folder. |
| DarkMortal | You can run services to disable it. But quite a few worms and trojans attack this file, I would disable it in services, I have and about it eating up memory I dont know so much about, I looked the file up, because I was doing a process watch, and it popped up while i was watching. |
| skaffa | "technology for accessing management information in an enterprise environment" "most useful in enterprise applications." To turn it off, Start - Run - services.msc - double-click on "Windows Management Instrumentation" and set disabled |
| Richard | Many other apps use this, like, remote desktop control client software, if your virus scan is up to date, this isn't a virus, secondly this is default in 3 locations if you run windows updates |
| orangemek | seems to pick up cpu usage on file transfers between workstations |
| PK | Stop wasting your life with Windows. Mac OS-X isn't prone to all these Microsoft bugs and virus'. See also: Link |
| MrCrun | If it's causing probs and you've got Zonealarm you can get Zonealarm to kill it run it tries to run. Solved my problems with Neverwinter Nights 2. (5-10 minute wait before the main menu appeared.) |
| | Didn't come up until after norton ghost was installed. |
| Ape | It takes lots of non-necessary prozess time. |
| sam the computer geek | i had a good look in my program files (C:\Windows\System32\wbem) and it seemed harmless but the basterd makes my computer take 8mins to load and its doing my head in i was thincking about useing registy clean up tools to check that its sopose to load has any body else done this |
| bw | Check Services WMI Logon tab, set hardware profile to disable, Resource hog. |
| Colin McRae | Found on my computer after turning it on. First it broke a few glasses in the kitchen, and then made a copy of itself in papier mache which it posted out (via normal snail mail). Extremely dangerous and virus-ridden. These comments are pointless. |
| Mike McMullen | Queued documents for PDFWRITER device had error condition. Deleted them and the wmiprvse problem went away. |
| Kim | this file is causing the infected computer, running XP Pro to disconnect the internet and all other computers on the network. It constantly reboots, when running Mcafee virus scan, and slows down. I will try and start in Safe Mode and do a serach for all files as named. |
| Alèx | Part of WMI, like it´s said, i am not really sure about it. Spikes processor sometimes up to 100% usage^^ |
| ahoier | From the research I've done, it's a legitimate Windows system file, but it was hogging lots of my CPU cycles...so I disabled the Windows Management Instrumentation service in services.msc (on Vista Home Basic...) |
| Joshua | When this runs its seems to take up way more memory and process power then it should. Hard to do graphics when I have no memory! |
| CyberForceField Creator | It is not necessarily dangerous. However, even the legitimate Windows process can be used by dangerous scripts to hack your computers, it should be monitored closely, it has been used by hackers to read emails... to consider it very safe or very dangerous is not wise without more details. The truth is: it depends! Watch out! |
| Webshadow | Those having trouble with this file don't really understand how windows works and what this file's function is in the scheme of things. Most of the problems described here are actually related to resource issues (not enough memory, cpu too slow, ... you would be surprised at how much you really need to run what your doing in windows when a simple web page in Mozilla eats up 40 or more MB or RAM). In some cases the file, while legitimate and located where it should be, will show excessive CPU use if a Viral process elsewhere is calling it's services. |
| Animal | This file is part of windows but if you have office 2003 installed on XP Home it can cause problems. It use all the memory and will not shut down or release the memory. You can shut it down manually by going to Task Manager, choosing processes and ending the process. To stop it using the memory you need to goto http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us and choose the change settings or the remove hidden updates link (I can't remember which it is). Then set it to only update windows and not the office updates. I tried this and it works fine. |
| Utterkill | Its a part fo windows system - not only SP2, its not dangerous, but might be very annoying. If your svchost take a lot memory and scratch disk, try to kill wmiprvse.exe |
| googboog | it keeps trying to modify programs when i'm using the net, hogs system resources, disallowed, but it isnt dangerous or annoying if you've got a good pc. i dont have that luxury |
| swisel | Should have added - brought server to a crawl - cpu pegged at 98% |
| swisel | Fresh 2003 SBS lab install, antivirus install went bad. Working with vender on resolution. |
| clint | file is good, but process can annoying if certain permissions are not allowed for user (process will not stop trying to install over domain). people on here say it spikes processor usage? That depends on your processor and is not necessarily an issue anymore with 5.008 mb of memory it can't be doing that much? |
| SuperTech | It's simply the service that handles error reporting. Thats why it comes on and then goes away. Also why it can use so much power. |
| noname | came when changing msn messenger preferences |
| Gail | I know that after I downloaded SP for Visual Studio I suddenly had several trogans detected on my system. WMI is used by VS 2005. I have not installed the SP because of this issue. As soon as I deleted the wmiprvse file from other locations than mentioned in this post, my cpu stopped going up to 100%. |
| jimmy | The file is a part of MS update. I had this on my PC and found solution from link attached. See also: Link |
| JJ | I also killed the HPtoolkit service and it is not consuming my CPU anymore |
| paul | for those of you where this service eats all your cpu - don't monitor so many things in performance monitor! |
| | came in disguised as an attached web page w/email wmiprvse.exe[1].htm |
| humblunt | it is just an HP program that runs in the background, I think it is for the HP update's. |
| Tim7ad | Windows Management file... its harmless. If you're seeing high CPU utilization, on a server (domain controller) or other windows clients. Check your other network devices. If you have a mac, or unix running SMB(samba) with the same domain name as your Windows domain this can cause this process to go haywire. Change the name of your samba server. (e.g. a Mac Airport Extreme will grab the domain name from the DHCP server, that could be your windows server handing it out.) |
| Dali | once you kill any HP services, it immediately stops |
| Joe | My windows runs much after disabling it. |
| Neil | Can confirm, it seems to be installed with SP2 |
| socrates | I loaded the whole PD + goodies, for my HP 2605 laser printer. This thing popped up and took over my machine. I uninstalled the PD and then manually removed anything "HP" with add remove. I installed the bare minimum PD for the printer. This thing did not appear and all is now well. |
| Chase-san | This file is part of windows xp by default, the Security center, IPv6 Helper (for those on ipv6 networks, makes it so you can connect to the net), and for internet shring iss server. Generally by default, you do no have to have this file running, your security will run without Security Center, you just cannot monitor them all at once (if you call that system monitoring). If you share your internet connection over your network(e.g. its connected to your computer first), or are willing to deal with no net to the rest of the systems sharing your connection. |
| Thomas | seems to be linked to HP ToolBox software. After I killed the HP Toolbox (HPTLBX.exe) process, wmiprvse.exe dropped to zero cpu usage. |
| william | windows xp pro file comes with microsoft.NET.framework2.0 [2.0.50727] |
| Xandy | Provides a common Interface - you can disable it and only a few programs won't work - just run services.msc and set it to manual or disabled - then see how your many of your programs are still fine |
| Rob | Worked for me to - If wmiprvse.exe is eating up the processer try killing the HPTollkit - Seems to be some resource conflict. Hopefully, HP figures it out |
| Terry | Loads with Volume Shield Anti-Copy (VSAC) to prevent autocd runs and USB data theifs, but drains about 33% of CPU continuously- very bad, why i wonder. I can't end it (autoreloads) unless VSAC is exited. See also: Link |
|
|
