Winmgmt.exe file description |
| Productname: |
|
Windows Management Instrumentation
|
| Description: |
|
Windows Management Instrumentation
|
| Company: |
|
Microsoft Corporation
|
| File size: |
|
Various |
What is winmgmt.exe?
This is a core component of the Windows Management Instrumentation. When a Windows Management Instrumentation (WMI) service is loaded, the providers are loaded separately into wmiprvse.exe. It therefore serves as a host to prevent termination of all WMI services when the provider terminates.
Essentially, it allows certain processes to run, including many system services. It is also used by applications that allow a manager to administer your system over an enterprise network. The execution of this process is not essential to the operation of the system; however, the existence of it is essential to the proper functioning of many system services. If it is not causing any problems, you should not terminate it. If you are a home user, and this process is causing problems, however, it is safe to terminate. Do not delete it, however, as it will render your system unbootable.
Dangers of winmgmt
As this is the name of a legitimate system process, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32\Wbem. Other malware will use a name that appears similar to that of the legitimate one but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as winmgmt.exe:
- W32/Tilebot-KJ (%SystemRoot%)
- This is a backdoor Trojan and worm that includes an IRC bot that allows an attacker to issue remote commands.
- W32/KillFil-EN (%SystemRoot%\System32)
- This is a dangerous Trojan that randomly deletes files from your hard drive and overwrites them with zeros, rendering them unrecoverable. It also modifies the default shell action on executables so that it is run before any executable.
- Trojan/Backdoor.Hale (%SystemRoot%\System32\Qossrv\WinMgnt.exe)
- Note that the filename has an N instead of a second M.
- W32/Bizexbot-A (%SystemRoot%\System32)
There will typically be no more than one instance of this process running at any given time. The presence of multiple instances may be indicative of a malware infection.
Common problems
- This process uses 100% of the CPU
- Ensure that you do not have a virus infection.
- If it is the real wmiprvse.exe that is using 100% CPU time, the problem can be caused by having verbose logging enabled. Run wmimgmt.msc, right-click WMI Control (Local), click Properties, and then change logging to Errors Only.
- This process starts upon boot
- This should not occur. It is likely that your system is infected with a worm or Trojan. Reboot into safe mode and run a virus scan.
|
| File type |
| Winmgmt.exe:
Executable file (can run as process)
|
|
| Automatic startup locations |
 |
001 Running Processes |
 |
010 Installed services |
|
| MD5 security rating in our database |
 |
 |
|
11 |
files (Not yet rated
and
not
signed) |
 |
|
2 |
files (Safe
and
not
signed) |
|
|
44 |
files (Safe
and
digitally
signed) |
|
|
| Some versions of this filename have not yet been checked for safety.
|
| Fix winmgmt.exe application errors: Run a registry scan |
|
| Pacman startup database |
| Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here |
|
| File versions of winmgmt.exe |
| Company |
Version |
File size |
| Microsoft Corporation |
1.50.1085.0100 |
200704 |
| Microsoft Corporation |
1.50.1085.0100 |
196706 |
| Корпорация Майкрософт |
1.50.1085.0100 |
196706 |
| Microsoft Corporation |
1.50.1085.0029 |
196685 |
| Microsoft Corporation |
1.50.1085.0070 |
196685 |
| Microsoft Corporation |
1.50.1085.0100 |
196608 |
| Microsoft Corporation |
1.50.1085.0001 |
192567 |
| Microsoft Corporation |
1.10.698.0000 |
N/A |
| Microsoft Corporation |
1.50.1085.0001 |
N/A |
| Microsoft Corporation |
1.50.1085.0009 |
N/A |
| Êîðïîðàöèÿ Ìàéêðîñîôò |
1.50.1085.0029 |
N/A |
| Microsoft Corporation |
1.50.1085.0029 |
N/A |
| Microsoft Corporation |
1.50.1085.0070 |
N/A |
| Microsoft Corporation |
1.50.1085.0100 |
N/A |
| Microsoft Corporation |
1.50.1164.0000 |
N/A |
|
|
| Digital signatures |
| |
Signer of certificate |
Issuer of certificate |
|
Microsoft Windows 2000 Publisher |
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. |
|
Microsoft Windows 2000 Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service CA SW1 |
|
|
| User comments for this file |
There are no comments yet.
|
|
| More windows files |
|
