Anybody heard of wmiprvse.exe

[Cactustactical]

One of our shopping cart pc's is now slower than molasses in January. We were looking for viruses and found that the Microsoft system file, wmiprsvse.exe is running as a process and chewing up over 50-60% of the cpu constantly. I shut the process down and it re-starts itself immediately.

Anybody have any ideas what is going on with this file?

[North]

I mainly use two computers. One is Xp and office 2003, the other is Vista with Office 2007. I just checked both and neither have that running.

I found this online

wmiprvse.exe is not a virus, and it is not unusual to have more than one instance of this program running. This is a new file that was introduced in windows XP/2003. It is the Windows Management Instrumentation Provider Service and it is an essential Windows XP/2003 service which will start whenever software requirires its facilities.

There is almost never a problem with the file itself. Uusually there is a problem either with the WMI provider process or a hardware problem or incompatability that is causing the excess usage.

First see if windows update has any WMI related fixes. If there is no luck there you need to look at some of your hardware. Particularly any network card that may be installed. It may be that the drivers for you network card are bad or it could be a problem with the chipset itself. If it is a problem with the chipset, the only fix is to replace the network card. The way to tell if this is the problem, is to remove the hardware from your system and make sure that the driver is uninstalled in windows xp. If your problem does not return and you already tried updating the drivers, it's time to replace the network card.

http://www.computing.net/answers/windows-x...-pc/101319.html

[gamingoddess]

I had a similar problem in the middle of February. My desktop (which is only a year old) started running very slowly to the point where I had to "end task" just about everything to get the computer running like I wanted. I noticed that wmiprvse.exe was appearing in my task management and tried to end its activity just like you. For me the solution was further decreasing the amount of programs that started using msconfig. I eventually narrowed down the culprit to a movie player that had somehow gone corrupt. Since I played all of my videos on it, once I used it once during a login session, my computer would slow down substantially until I restarted my computer. After uninstalling/reinstalling the said program my computer has run like a champ again. I say take a look of what you were using before the problems started surfacing...it could simply be a program hanging your entire computer.

[Cactustactical]

I had a similar problem in the middle of February. My desktop (which is only a year old) started running very slowly to the point where I had to "end task" just about everything to get the computer running like I wanted. I noticed that wmiprvse.exe was appearing in my task management and tried to end its activity just like you. For me the solution was further decreasing the amount of programs that started using msconfig. I eventually narrowed down the culprit to a movie player that had somehow gone corrupt. Since I played all of my videos on it, once I used it once during a login session, my computer would slow down substantially until I restarted my computer. After uninstalling/reinstalling the said program my computer has run like a champ again. I say take a look of what you were using before the problems started surfacing...it could simply be a program hanging your entire computer.

We had to re-install QB Point of Sale as a client on this PC a few weeks ago and my thoughts are now similiar to what you mentioned. QB POS is reaching out to a remote data server for the daily spend file and I am guessing that is part of the issue. My problem is that if we turn off POS, we don't even need this computer. What a mess.

But, it appears that this pc has been running at 100% capacity for several days with just IE 7 and QB POS open on it. Surprised that the cpu had not overheated.

[norbs007]

Check where the file resides. Normally it should be in System32\Wbem and ServicePackFiles\i386 in the Windows folder. If it's running somewhere else outside the System32 folder then it could be a virus. Some malware hide in the wmiprvse.exe pretext since it's a common system process to avoid immediate detection.

[Cactustactical]

Norbert,

the files sit in the i386 and wbem folders and seem to be the correct size from what I can find via Microsoft. I also find a file called wmiprsvse.es-0d449b4f.pf in the windows\prefetch directory Have not been able to find much about this as to whether it belongs or not.

I ran Macafee quick scan, spy bot, adaware and the Symantec online virus checker and they all come up negative. I could not get the Macafee full scan to run, it hangs almost immediately. Hopefully this is related to the cpu running at 100%.

Anybody else have any ideas as far as a virus or malware checker that might find something?

[fiddler]

Anybody else have any ideas as far as a virus or malware checker that might find something?

AVG, Prevx CSI, Panda and Kaspersky are all worth trying.

Hijack This might be able to identify a virus other scanners can't find but you'll need to get help to figure out what it's saying. Fortunately there are antivirus and antimalware forums full of helpful people out there. Hopefully you won't need them.

Roy

[Cactustactical]

We got the problem taken care of.

Ran 6 different anti virus scans, none of them found anything. So, I started deleting software using the control panel add / remove software function. Deleted several apps, which made no difference at all and then deleted the HP software for a laser jet which was setup as a network printer about 6 months ago. The printer used to be hooked up to this pc. After the re-start, the cpu consumption went back down to where it was supposed to.

Makes no sense, the HP software had been on this computer for at least 3 years, the printer had been moved 6 months ago and we only started having this problem about 2 weeks ago. Nothing else had changed.

Computers.

[gamingoddess]

The nice thing about this is, because of wmiprvse.exe, you probably cleaned up a lot of unnecessary apps, files, and what not. Think of it as spring cleaning. Good to know that your computer is back to full power now.

[KGentry]

Well just for information purposes - Here is some info on that -

Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur.

In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.

Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe.

Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.

Note: wmiprvsw.exe is the Sasser worm!

Note: The wmiprvse.exe file is located in the folder C:\WINDOWS\System32\Wbem. In other cases, wmiprvse.exe is a virus, spyware, trojan or worm!

[Cactustactical]

The nice thing about this is, because of wmiprvse.exe, you probably cleaned up a lot of unnecessary apps, files, and what not. Think of it as spring cleaning. Good to know that your computer is back to full power now.

LOL, may be in a week or so I might look at it from that perspective. Now I am just irritated that I had to spend time dealing with trouble shooting something that had not changed in months.