system process, wmiprvsc.exe??

[Heirloom]

Hi All,
Win XP SP2, Abit IS7, tons of freespace, 1G Ram, latest Win updates.

Wife was looking at Amazon.com and system was running at a crawl. I
looked at Task Mgr. and the first entry was <wmiprvsc.exe>, not showing any
cpu usage. As it was a new process to me, I looked it up and found it to be
associated with the Trojan AGOBOT-HZ and/or the worm SDBOT-CB. A thorough
search of the HD and the registry did not show anything and there is nothing
in the startup axis.
I am running Alwil Avast!, Spyware Blaster, Spybot S&D, Hosts file,
Adaware SE, Zone Alarm Pro and behind a router....all scans came up
negative. HJT log shows nothing suspicious, either.
My question: Is it possible the End Task entry was a result of this
Trojan/Worm attempting to enter?? I did notice my cable modem 'cable'
light was flashing during this period (it normally stays steady). A reboot
and reset of the modem and router took care of that. Thoughts???
Thank you,
Heirloom, old and suspicious

 

[Leythos]

I am running Alwil Avast!, Spyware Blaster, Spybot S&D, Hosts file,
Adaware SE, Zone Alarm Pro and behind a router....all scans came up
negative. HJT log shows nothing suspicious, either.

Run the tools in safe mode without networking support and see what they
report.

 

[Heirloom]

Thank you, Sir. I will do just that and report back. However, if there
were an infection, would I not have seen some indication in the regedit
search and looking at specific keys that should have been affected? I'll
report back with the Safe Mode results.
Heirloom, old and confused

 

[Leythos]

Thank you, Sir. I will do just that and report back. However, if there
were an infection, would I not have seen some indication in the regedit
search and looking at specific keys that should have been affected? I'll
report back with the Safe Mode results.

Possibly, but you never know. As most of the tools we use are
reactionary, there is always a chance that something can be missed.

 

[Heirloom]

Leythos,
Did the Safe Mode scans with nothing positive. Also, did another
manual search, both on the HD and in the Reg..... nothing found. The
process has not shown up in the Tasks again........I don't have a
clue......beginning to think I dreamed having seen it! Oh well, thanks for
your help.....I will continue to do more research on the 'critter.'
Heirloom, old and hates bugs

 

[Guest]

wmiprvsc.exe is a Windows process. It shows up in Local Services.
It's called WMI Performance Adapter.
Description: Provides performance library information from WMI HiPerf
providers.
Should be on your hard drive.
Here is path given by Local Services!!
C:\WINDOWS\System32\wbem\wmiapsrv.exe

other than that my knowledge of this services is Zero!

 

[Jon]

There is a valid Windows process "wmiprvse.exe" in
C:\WINDOWS\system32\wbem

Perhaps you confused one with the other (?)

Jon

Leythos,
Did the Safe Mode scans with nothing positive. Also, did another
manual search, both on the HD and in the Reg..... nothing found. The
process has not shown up in the Tasks again........I don't have a
clue......beginning to think I dreamed having seen it! Oh well, thanks
for your help.....I will continue to do more research on the 'critter.'
Heirloom, old and hates bugs

 

[Heirloom]

Thank you, Jon.
Yeah, my Google and site searches revealed that. I'm afraid that
there was no mistake in what I saw.....I wrote the filename down, verbatim,
while the End Task window was still open. Efforts since this afternoon have
been to no avail...which, in this case is good. Still no sign of the file
or the trojan/worm. I do regular updates, mtce. and scans......all the
'walls' are intact, and as this is something that has been around a while,
don't see how it could have penetrated.......??? Will just keep my guard
up and see what developes. Many thanks to all who responded.
Heirloom, old and ready to build
another box

There is a valid Windows process "wmiprvse.exe" in
C:\WINDOWS\system32\wbem

Perhaps you confused one with the other (?)

Jon