WmiApSrv.exe???

[King112585]

Everytime I boot up my system my security suite says that an application has changed that application is "WmiPrvSE.exe" and is located in "C:\Windows\SysWOW64\wbem\". I also get another warning stating that an application is attempting to modify my system, which is potentially dangerous, that application is "WmiApSrv.exe" and is located in "C:\Windows\System32\wbem\".

Is this something that I need to be concerned about? I recently re-installed Vista so there really shouldn't be anything malicious on my system. If it is something I need to take car of how do I go about that?

 

[H2SO4]

What exactly is your "security suite"?

Those processes you listed are part of WMI (windows management instrumentation - a way for information about the system to be queried). By themselves, they are not "potentially dangerous" (that's actually a stupid thing for any "security suite" to say if it's directly targeting those two processes by name).

If the "security suite" is capable of giving you more information about what precisely it has detected, that would be useful to know. For example, if it's detecting that the wmiprvse.exe executable itself has been altered in a way that changed its content and/or its overall size, the question becomes whether the "security suite's" previous benchmark may have been an SP1 version of the file which was then updated in SP2.

 

[Flavius]

Is this something that I need to be concerned about? I recently re-installed Vista so there really shouldn't be anything malicious on my system. If it is something I need to take car of how do I go about that?

Not only viruses can cause this.There are many normal programs which modify WMI settings although sometimes this kind of modifications can cause any problems with system for example high CPU usage even in safe mode - exactly high CPU usage by DCOM Server Process Launcher.

Run cmd.exe and type:

WMIC path __Provider get name >%userprofile%\Desktop\list.txt

and attache list.txt to post.From this log will show whats programs and system features add WMI settings

 

[King112585]

H2SO4: I use the CHarter Security Suite from my internet provider.

Flavius: I tried typing in
WMIC path _Provider get name >%userprofile%\Desktop\list.txt
and got
ERROR:
Code = 0x80041002
Description = Not found
Facility = WMI

 

[Flavius]

Because you made error in typing:You should type two times down line "__" before Provider not only one "_" as you done.This command must be done exactly as I said in my previous post.Best option:Use function copy & paste and paste command from my previous post directly to cmd.exe and apply

 

[King112585]

Ok, sorry about that Flavius, my bad. Heres the list though, and thank you both for your help.

Name
ProviderSubSystem
Msft_ProviderSubSystem
MS_NT_EVENTLOG_EVENT_PROVIDER
MS_Power_Management_Event_Provider
RegPropProv
Win32_WinSAT
WmiPerfInst
RegProv
MS_NT_EVENTLOG_PROVIDER
SoftwareLicensingProduct_Provider
WmiPerfClass
VolumeChangeEvents
Standard Non-COM Event Provider
MSVSS__PROVIDER
WMIPingProvider
WMI Self-Instrumentation Event Provider
RegistryEventProvider
Cimwin32A
NamedJobObjectLimitSettingProv
RouteProvider
SCM Event Provider
WhqlProvider
DFSProvider
MS_Shutdown_Event_Provider
CIMWin32
NamedJobObjectActgInfoProv
WBEMCORE
RouteEventProvider
MSVDS__PROVIDER
NamedJobObjectSecLimitSettingProv
UserProfileProvider
MSIProv
SessionProvider
NamedJobObjectProv
WMI Kernel Trace Event Provider
SECRCW32
SystemConfigurationChangeEvents
SoftwareLicensingService_Provider
DskQuotaProvider
Win32ClockProvider
Win32_OsBaseline

 

[Flavius]

Nothing wrong I found.Try reset WMI repository

Run cmd.exe with administrative previlliges (right click on cmd.exe if you use UAC)
and type:

winmgmt /resetrepository

+restart and check result