Hello dear community,
I have got 2 Computers: 1 Laptop and 1 Desktop-PC.
Well, several days ago I realized that on my Laptop all programs run much solwer than normal. So I called the Task-Manager of Windows and saw a process named WmiPrvSE.exe, which used about 50% of the CPU Power. So I tried to cancel the process - that didnt work; it always opened immediately again after i have closed it.
Then, straightaway after I knew this evil Process, I shut on my Desktop-Pc and searched for the process too. But on it there was not such a process.
So it has sonething to do wiv a thing which not each pc has.
I've been searching for the solution of this problem in many forums but I found no one which i could do (Backups and co.).
All i know is the stats of my Laptop:
OS: Windows 7 Professional 32-Bit
CPU: Intel Celeron 1.70 GHz
Graphics: not of matter, but i can say, its really really creepy
RAM: 2 GB
and a few other things which are not of matter if were talking about cpu usage...
Please help me; im about to get crazy about the recent Non-Power of my Laptop.
WMIPrvSe is the Windows Management Interface Provider; it is a legitimate process\service. There are any number of things that might be causing it to go nuts, things like large queries in WMI such as someone running the "Product" command against your machine to list what applications you have installed or any kind of recursive query to return close to real time data.
First make sure that you have only ONE AV product installed and that it is up to date. Then run a full scan against your machine while it is not connected to the internet. If you find anything more serious then tracking cookies, clean them up, disable system restore and run it again until it comes back negative.
Also double check what accounts are setup on this machine to make sure no one has given themselves remote access.
@ ResidentBiscuit: Normally I'd agree with your sentiment. But in this case there isn't a single post by anyone who knows what they are talking about for the entire first page that I get back in Google. It could also be doing so many number of things that the OP is probably better off paving the machine and starting over, but I'm having a slow day so I don't want to give up right away like that. This little bastard is the new rundll32.
Okay Computergeek01, ill try to scan with GData
-> Oh its more evil than the rundll32 because you can kill it but cannot kill WmiPrvSE, you only could prevent it from using your cpu in such a high level. ;)
I got the rundll32 problem as well. Every time I connect to the internet, it runs for a split second, then WHost.exe shows up. What happens next is the program downloads into C:\windows\softwareDistribution. I wrote a program to clean it up, but it's a windows program, so I terminate it, then run a batch file to clean the folder. I've given up on trying to prevent these damn things from running... Windows 8 is completely broken.
That's why I'm switching to Linux.
@ IWishIKnew: That's interesting, what do you mean by "Every time (you) connect to the internet?" Is it every time you open a browser? Or is it every time you connect to your wireless router or Ethernet cable?
I wonder if you ripped out the ACL's for that directory, so that nothing could write to it, if it would be stupid enough to keep rundll32.exe open a second longer? If it does then open up a command prompt and type:
tasklist /FI "IMAGENAME eq rundll32.exe" /M
To get a list of the DLL's loaded by that process.
Or if you prefer WMI then start WMIC in the command prompt with:
process where name='rundll32.exe' get CommandLine
To get the arguments that got passed to the rundll shell when it started. The arguments are the dll's to load into that instance when rundll32.exe starts. That will at least help you ID what is causing this to happen. Legitimate applications should not be writing to the Windows directory.
NOTE: You probably have to elevate the command shell for these to work.
Don't get upset OP, you didn't respond for a day and I have the attention span of a goldfish. No one is hijacking your thread.
What's the make and model of the system? I saw the stats above but there is a chance this might a be a HW driver issue.
Two processes that interact with this service are vbscript.exe and wmic.exe. Check to see if either of those are running and if they are, kill them. You can use the same commands I gave IWishIKnew to see what script vbscript is hosting if you find that it is indeed running.
Does this problem persist if you disconnect from your network?