wmiprvse.exe error in Windows Xp SP2
My network is composed by 10 PCs client with Xp SP2.
Recently, two PCs it presents the same error generated from "wmiprvse.exe" and reported in
https://www.experts-exchange.com/questions/21690844/wmiprvse-exe-application-error.html
wmiprvse.exe - Application Error : The instruction at "0x76f61241" referenced memory at "0x00000004". The memory could not be "written".
This file is hidden and located into the folder c:\windows\system\vbem.
I have controlled with Neuber's tool Security Task Manager and spyware removal tools like SpyBt and Lavasoft but without results: the systems seem all right; but after these controls the result didn't change, the error it is always persistent.
Many thank for your collaboration.
Cordially.
Antonio Morrocchesi
Recently, two PCs it presents the same error generated from "wmiprvse.exe" and reported in
https://www.experts-exchange.com/questions/21690844/wmiprvse-exe-application-error.html
wmiprvse.exe - Application Error : The instruction at "0x76f61241" referenced memory at "0x00000004". The memory could not be "written".
This file is hidden and located into the folder c:\windows\system\vbem.
I have controlled with Neuber's tool Security Task Manager and spyware removal tools like SpyBt and Lavasoft but without results: the systems seem all right; but after these controls the result didn't change, the error it is always persistent.
Many thank for your collaboration.
Cordially.
Antonio Morrocchesi
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dear Lee,
Many thanks for your answers.
I have recontrolled in deep the PCs and after I have followed your second suggestion and with Sysinternals Autoruns tool -> Service I have disabled (not cancelled) winmgmt service!
I have tried to Restart the PCs and the wmiprvse.exe error isn't appears!
Best regards.
Antonio Morrocchesi
Many thanks for your answers.
I have recontrolled in deep the PCs and after I have followed your second suggestion and with Sysinternals Autoruns tool -> Service I have disabled (not cancelled) winmgmt service!
I have tried to Restart the PCs and the wmiprvse.exe error isn't appears!
Best regards.
Antonio Morrocchesi
http://www.sophos.com/virusinfo/analyses/w32sonebotb.html
On the description tab:
W32/Sonebot-B is a network worm which includes IRC bot and backdoor functionality that allows unauthorised remote access to the infected computer.
This worm copies itself to network shares with weak passwords, initiates a remote background process, connects to a remote IRC server and joins a specific channel.
W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE and sets the following registry entries to run the copy on system restart:
HKLM\Software\Microsoft\Wi
Kernel_check = wmiprvse.exe
HKLM\Software\Microsoft\Wi
Kernel_check = wmiprvse.exe
W32/Sonebot-B also attempts to terminate a number of processes and delete a number of files from the infected computer.
This worm may also set the following registry entries:
HKLM\System\CurrentControl
AutoShareServer = <value>
AutoShareWks = <value>
HKLM\System\CurrentControl
RestrictAnonymous = <value>
RestrictAnonymousSam = <value>