subject: WMIPRVSE - A Program or Worm Virus? [print this page] WMIPRVSE - A Program or Worm Virus? WMIPRVSE - A Program or Worm Virus?
As a part of the Windows Management Instrumentation Provider Services, the program is vital to Windows XP/2003 service. This means, the program wmiprvse will start whenever the software needs its facilities.
With the file itself, there's really no problem with it. The only problem would be with the WMI provider. Other problems would be with the hardware or if there is an incompatibility that's causing the "excess usage".
The first thing you need to do is to check if the Windows update has WMI related fixes. If there isn't any, you can look at a few of your hardware. Check the network card installed. It is possible that the drivers installed for your network card are not good for it. Another reason is if there's a problem with the chipset. To resolve this, you can replace the network card.
You can also determine if this is the actual problem by removing the hardware from the system. Then you can check if the driver is already uninstalled in Windows XP. If the problem is still there and you've already updated the drivers, it is already a good idea to replace your network card.
So is wmiprvse a virus or not?
According to reports, it is a network work that has the IRC bot. It also features a backdoor functionality which enables unauthorized remote access to the infected PC.
What this worm does is it copies itself to "network shares" through weak passwords. It then initiates a remote background process before connecting to a remote IRC server. Afterwards, it joins a specific channel.
How do you remove it then?
You can just follow guides on how to remove worms. You can:
? Check your administrator password.
? Review network security.
? Edit registry entries (if there are entries present).
? Click "START/RUN" at the taskbar.
? Type "REGEDIT" and then hit "ENTER". You will notice the registry editor pop out.
Make sure you make a backup before you edit registry. You can do this by clicking "EXPORT REGISTRY FILE" on the Registry Menu. Click "ALL" in the Export Range panel. Hit "SAVE REGISTRY AS BACKUP". Then locate "HKEY_LOCAL_MACHINE entries:
