What is the WMIPRVSE process in the Win7 system?

Win7 system users in the computer Task Manager to see a process called Wmiprvse, do not know what this is the process, fear will be a virus, also dare not casually delete or disable, then how to do good ?

Origin and function

The WmiPrvSE.exe process program file is a system process defined by Microsoft for its published Windows operating system, officially described as WMI Provider Host (Windows Management Instrumentation Master), WMI, Windows Management Instrumentation (Windows Management specification). Its functionality will be used to handle WMI operations through the WinMgmt.exe program, which allows WMI to manage and control the running environment so that system administrators can query and modify information on the desktop, on applications, and on the web. Windows program developers can use the WmiPrvSE.exe development application to monitor the destination program, alerting users to the occurrence of important events on the system.

Because WMI belongs to a shared services host with several other services, starting with Windows XP to avoid stopping all services when a provider fails, the provider is loaded into a separate service host: WMI Provider host, or WmiPrvSE.exe program, The WMI core WinMgmt.exe is mounted to the local shared services host named Svchost.exe. This process can have multiple instances running under different accounts: such as NetworkService, LocalService, or the current user name.

As a program of the Windows system itself, the WmiPrvSE.exe process is usually safe to run, and it is not recommended to end the services.exe process, or to move the location of this process's program file, if it does not appear in the context of a virus infection or excessive CPU footprint.

Where this process is located: C:windowssystem32wbem (the beginning of C indicates the partition letter of the system installation)

WmiPrvSE.exe virus

Any Windows system's own process is the target of Trojan virus infection, they usually use the same or similar name or directly inject or replace the original real WmiPrvSE.exe program to confuse users. The associated virus has been intercepted by antivirus vendors, not as W32/sillyfdc-aw (the worm connects devices by moving drives, such as USB flash drives and external hard drives, by creating a Autorun.inf file to automatically infect the system), W32/sonebot-b (A backdoor Trojan, allowing remote attackers to send commands, the infected computer commonly known as broiler). If your system has the following conditions, it may be infected with the associated virus:

See too many WmiPrvSE.exe running at the same time in Task Manager (this may also be the case of rogue software); This process is not in the C:WINDOWSSYSTEM32WBEM directory; It is also possible for WmiPrvSE.exe to occupy too much system resources; The system appears the error prompt of this process;

If the above situation, please update anti-virus software virus database on the overall killing of the computer, if necessary, can consider reloading system. In addition, this process may have excessive memory footprint in Windows XP Service Pack 2, which is a known issue, with a patch KB925623 on Microsoft's Web site to address this issue.

How to prevent Wmiprvse.exe processes

Run REG add "hklmsoftwaremicrosoftwindows ntcurrentversionimage File Execution Optionswmiprvse.exe in cmd"/V debugger/t re G_SZ/D debugfile.exe/f

Re-enable Wmiprvse.exe Process method: Run REG add "Hklmsoftwaremicrosoftwindows ntcurrentversionimage File Execution in cmd Optionswmiprvse.exe "/F

. Solution:

Wmiprvse.exe is a system-service process, and you can end the task, and the process disappears naturally. Disable the Windows Management Instrumentation Driver Extensions Service or change to manual specific: desktop-My Computer-management-services and applications-there is a Windows Management inside the service Instrumentation Right-disable on it. The second method is better for personal use after feeling. To dismiss the command method: the same operation copy the bottom of the life [1][2][3] to paste input, enter OK. You can, reg add "hklmsoftwaremicrosoftwindows ntcurrentversionimage File Execution Optionswmiprvse.exe"/F