wmiprvsw.exe - Dangerous
wmiprvsw.exe
Manual removal instructions:
Antivirus Report of wmiprvsw.exe:
wmiprvsw.exe
W32.Gaobot.AFC is a worm that spreads through open network shares and several Windows vulnerabilities including:
- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
- The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
- Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).
The worm also spreads through backdoors that the Beagle and Mydoom worms and the Optix family of backdoors install.
The worm can also act as a backdoor server program and attack other systems.
Additionally, the worm attempts to stop the process of many antivirus and security programs.
Copies itself as %System%\wmiprvsw.exe.
Adds the value: "System Updater Service=wmiprvsw.exe
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adds the value: "System Updater Service=wmiprvsw.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Automatic removal:
Use RegRun Startup Optimizer.
| wmiprvsw.exe | Malware |
| wmiprvsw.exe | Dangerous |
| wmiprvsw.exe | High Risk |
- The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
- The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
- Exploits the Microsoft Windows Local Security Authority Service Remote Buffer Overflow (described in Microsoft Securiy Bulletin MS04-011).
The worm also spreads through backdoors that the Beagle and Mydoom worms and the Optix family of backdoors install.
The worm can also act as a backdoor server program and attack other systems.
Additionally, the worm attempts to stop the process of many antivirus and security programs.
Copies itself as %System%\wmiprvsw.exe.
Adds the value: "System Updater Service=wmiprvsw.exe
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Adds the value: "System Updater Service=wmiprvsw.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Automatic removal:
Use RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.