What is the process of WmiPrvSE in Win7 system?

The user of Win7 system sees a process called WmiPrvSE in the task manager on the computer. I don't know what process this is, I am worried that it will be a virus, and I will not delete it casually. Or disable, what should I do?

Origin and function

The WmiPrvSE.exe process program file is a system process defined by Microsoft for its released Windows operating system. The official description is: WMI Provider Host, WMI is Windows Management Instrumentation. Its functions will be used to handle WMI operations through the WinMgmt.exe program, which manages and controls the runtime environment, allowing system administrators to query and modify information on the desktop, applications and the network. Windows developers can use WmiPrvSE.exe to develop The application is used for monitoring purposes and reminds the user of important events on the system.

Since WMI is a shared service host with several other services, starting with Windows XP to avoid stopping all services when a provider fails, the provider is loaded into a separate service host: WMI Provider Host, the WmiPrvSE.exe program, WMI core WinMgmt.exe is loaded to a local shared service host named Svchost.exe. This process can have multiple instances running under different accounts at the same time: for example, NetworkService, LocalService or current user name.

As a program of the Windows system itself, the WmiPrvSE.exe process is usually safe to run. If the virus infection or excessive CPU usage is not described below, it is not recommended to use the services.exe process. End, or move the location of the process program file.

The location of this process: C: WindowsSystem32wbem (the beginning of C indicates the partition of the system installation)

WmiPrvSE.exe virus

Any Windows system's own processes are Trojan horse infection targets, they usually use the same or similar names or directly inject or replace the original WmiPrvSE.exe program to confuse users. The related virus has been intercepted by anti-virus software vendors, not as good as W32/SillyFDC-AW (the worm connects the device by creating a Autorun.inf file to automatically infect the system through a mobile drive such as a USB flash drive and an external hard drive), W32 /Sonebot-B (a backdoor Trojan that allows remote attackers to issue commands to infected computers commonly known as broilers). If your system is: The following virus may be infected:

Seeing too many WmiPrvSE.exe running in Task Manager (this may also be caused by rogue software); this process is not C: WindowsSystem32wbem directory; WmiPrvSE.exe occupies too much system resources is also possible; the system has an error message for this process;

If the above situation occurs, please update the anti-virus software virus database to perform a full-scale check and kill on the computer. Consider reinstalling the system if necessary. In addition, this process may have excessive memory usage in Windows XP Service Pack 2. This is a known issue, and there is a patch KB925623 on Microsoft's website to solve this problem.

How to disable Wmiprvse.exe process

Run reg add in CMD “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswmiprvse.exe” /v debugger /t reg_sz/d debugfile.exe /f

Re-enable Wmiprvse.exe process method: Run reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswmiprvse.exe” /f

in CMD. Solution:

wmiprvse.exe is A system service process, you can end the task, and the process naturally disappears. Disable the Windows Management Instrumentation Driver Extensions service or change to manual specific: Desktop - My Computer - Management - Services and Applications - Service has a Windows Management Instrumentation right click & mdash; disable it. Personally feel the second method after using it is good. To cancel the command method: In the same operation, copy the next life [1][2][3] to paste the input and press Enter to confirm. OK, reg add “HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswmiprvse.exe” /f