File description |
Winmgmt.exe with description Windows Management Instrumentation is a process file from company Microsoft Corporation belonging to product Windows Management Instrumentation.
The file is
digitally signed from Microsoft Windows 2000 Publisher - NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
We do not recommend removing digitally signed files from Microsoft Windows 2000 Publisher
What is winmgmt.exe?
This is a core component of the Windows Management Instrumentation. When a Windows Management Instrumentation (WMI) service is loaded, the providers are loaded separately into wmiprvse.exe. It therefore serves as a host to prevent termination of all WMI services when the provider terminates.
Essentially, it allows certain processes to run, including many system services. It is also used by applications that allow a manager to administer your system over an enterprise network. The execution of this process is not essential to the operation of the system; however, the existence of it is essential to the proper functioning of many system services. If it is not causing any problems, you should not terminate it. If you are a home user, and this process is causing problems, however, it is safe to terminate. Do not delete it, however, as it will render your system unbootable.
Dangers of winmgmt
As this is the name of a legitimate system process, it is common for virus writers and spyware vendors to disguise their malware as the genuine one.
Some malicious files will have the same name but will be stored somewhere other than in %SystemRoot%\System32\Wbem. Other malware will use a name that appears similar to that of the legitimate one but with slight differences in spelling or with appended digits. The following malware is known to disguise itself as winmgmt.exe:
- W32/Tilebot-KJ (%SystemRoot%)
- This is a backdoor Trojan and worm that includes an IRC bot that allows an attacker to issue remote commands.
- W32/KillFil-EN (%SystemRoot%\System32)
- This is a dangerous Trojan that randomly deletes files from your hard drive and overwrites them with zeros, rendering them unrecoverable. It also modifies the default shell action on executables so that it is run before any executable.
- Trojan/Backdoor.Hale (%SystemRoot%\System32\Qossrv\WinMgnt.exe)
- Note that the filename has an N instead of a second M.
- W32/Bizexbot-A (%SystemRoot%\System32)
There will typically be no more than one instance of this process running at any given time. The presence of multiple instances may be indicative of a malware infection.
Common problems
- This process uses 100% of the CPU
- Ensure that you do not have a virus infection.
- If it is the real wmiprvse.exe that is using 100% CPU time, the problem can be caused by having verbose logging enabled. Run wmimgmt.msc, right-click WMI Control (Local), click Properties, and then change logging to Errors Only.
- This process starts upon boot
- This should not occur. It is likely that your system is infected with a worm or Trojan. Reboot into safe mode and run a virus scan.
|
Automatic startup locations |
 |
001 Running Processes |
 |
010 Installed services |
|
Digital signatures found for this file |
| |
Signer of certificate |
Issuer of certificate |
 |
Microsoft Windows 2000 Publisher |
NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. |
|
Microsoft Windows 2000 Publisher |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher |
VeriSign Time Stamping Service CA SW1 |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service |
|
Microsoft Windows 2000 Publisher (Europe) |
VeriSign Time Stamping Service CA SW1 |
|
|
MD5 security rating in our database |
 |
 |
|
18 |
files (Not yet rated
and
not
signed) |
 |
|
4 |
files (Safe
and
not
signed) |
|
|
45 |
files (Safe
and
digitally
signed) |
|
|
|
Some versions of this filename have not yet been checked for safety.
|
| Warning: Some malware might rename itself to winmgmt.exe. Always make sure that your file is from a verified publisher. |
|
Application errors |
|
| User comments. |
There are no comments yet.
|
|
Database statistics
Top process list
