wmiprvse.exe και μεγαλο CPU Load

[sakis_the_fraud]

Γεια χαρα!

μιας και μου εσπασε λιγο τα νευρα σημερα, ειπα να το ποσταρω ωστε να υπαρχουν ολα μαζι μαζεμενα καπου για μελλοντικη χρηση.

wmiprvse.exe και μεγαλο CPU Load

λιγα λογια για την διεργασια.

The wmiprvse.exe file is otherwise known as Windows Management Instrumentation. It is a Microsoft Windows-based component that provides control and information about management in an enterprise environment.

Developers use the wmiprvse.exe file in order to develop applications used for monitoring purposes. These programs can notify users about important events related to network and file or application management right after each event occurs. With wmiprvse.exe, file managers in the enterprise environment are capable of configuring and searching for desktop system information or network and application information across the network.

The wmiprvse.exe file is placed with other services in the shared service host. This started to be applied with the release of MS Windows XP. Providers are also loaded separately in the wmiprvse.exe file since it considers the wmiprvse.exe executable as a host process.

Windows® Management Instrumentation (WMI) is a component of the Microsoft® Windows® operating system that provides management information and control in an enterprise environment. By using industry standards, managers can use WMI to query and set information on desktop systems, applications, networks, and other enterprise components. Developers can use WMI to create event monitoring applications that alert users when important incidents occur.

In earlier versions of Windows, providers were loaded in-process with the Windows Management service (WinMgmt.exe), running under the LocalSystem security account. Failure of a provider caused the entire WMI service to fail. The next request to WMI restarted the service.

Beginning with Windows XP, WMI resides in a shared service host with several other services. To avoid stopping all the services when a provider fails, providers are loaded into a separate host process named Wmiprvse.exe. Multiple instances of Wmiprvse.exe can run at the same time under different accounts: LocalSystem, NetworkService, or LocalService. The WMI core WinMgmt.exe is loaded into the shared Local Service host named Svchost.exe.

ΠΡΟΣΟΧΗ!

Ενδεχεται να ειναι και ο ιος!

Για να βεβαιωθειτε, ελέγξτε τα παρακατω:

However, it may also be the Trojan horse W32/Sonebot-B, which creates a copy of itself in the folder %Windows%\System32, with the filename WMIPRVSE.EXE. The following entry in the registry confirms that the Trojan is present:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Kernel_check = wmiprvse.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Kernel_check = wmiprvse.exe

Αν εχετε τον ιο, τα πραγματα ειναι απο εδω και περα ευκολα. Antivirus και γεια σας.

Αν ομως η διεργασια που ανεβαζει CPU load δεν ειναι ο ιος;

κανεις το εξης:

Πήγαινε: control panel--> Administrative tools --> computer management --> services & applications --> services --> windows management instrumentation και τον κλικαρεις 2 φορες. Θα δεις λοιπον οτι αυτος ειναι στο auto. Εσυ πατας stop και φευγεις από εκεί.

Μετά πας: C:\ windows --> system32 --> wbem --> Repository και σβηνεις ο,τι υπαρχει εκει μεσα. Κατοπιν κανε restart. Ότι εσβησες θα ξαναδημιουργηθεί δεν χρειάζεται να πειράξεις κάτι

Αν ομως ο υπολογιστης που "σκαλιζεις" εχει ελληνικο λειτουργικο; Για δοκιμαστε να μεταφρασετε το windows management instrumentation!!!!! Και ναι, οι ΠΑΝΕΞΥΠΝΟΙ το μετεφρασαν ετσι: "Οργανα διαχείρησης των Windows". Με λιγη φαντασια βγαινει...

Ελπιζω να βοηθησει καποτε καποιον και να μην ψαχνει ~2 ωρες για να βρει την λυση οπως εγω σημερα.