Results 1 to 9 of 9

Thread: Winmgmt.exe

  1. #1

    Question Winmgmt.exe

    On my Windows 2000 machine I am having trouble getting anything at all to run as the process winmgmt.exe seems to be taking up almost all of the CPU resources. Can't really think of anything major I have done since the computer was last working okay. Please help if there are any ideas. Also, I have all the latest service packs/updates and no viruses as far as I can tell. At least not msblast.

    Thanks.
    A+, Network+ Certified.

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    do a netstat and post it. i have a suspicion you might show a connection to an IRC server
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Aug 2001
    Posts
    267
    Try running another AV scan from a different company. www.symantec.com - Security Response - Free online AV/Security scan (choose AV)

    Or www.pc-cillin.com - House Call - Scan without registering.

    I got nailed last week by a Trojan.......and my 'Panda' (daily updated) didn't catch it.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i suspect it might be the muma worm or something similar. if a trojan scan finds a virus it would still leave the ftp server running if installed and still connect to an irc to let its makers know your open.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  5. #5
    i will try these solutions as soon as possible. another thing though. the only time i can use the keyboard is to tab through the options when i hit alt-ctrl-del. it won't even let me type in a program to run there. maybe this is trait of a certain virus you guys may know of these. thanks for all your help and please keep the suggestions coming while i am trying these out here in the next hour or so!
    A+, Network+ Certified.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    do you have w2kpro or home edition? eitheir way the three finger salute should bring up the task manager in home ed and an option box in pro. neither one allows you to type a program to run unless your talking about the add button. To run a program you press the <windows button then "R"> kill WinMgmt in services.msc or taskmanager>>services until you find out what it is
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    first question is: is this winmgmt really the orig. w2k service - i don't think so...
    so don't kill the w2k service called winmgnt.
    better you get pstools from winternals
    i think it's the best way to show running processes and kill them if suspicious.
    Industry Kills Music.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Try getting AdAware6 from lavasoft, Spybot Search & Destroy and update, then run them. I would also suggest Hijack This v1.96 by merijn. http://www.spywareinfo.com

    The last one shows you stuff that is running on your box that other tools might miss.

    What I am suggesting is that the first step should be to eliminate the possibility of malware running on your box. stanger has a good point.................your version may have been infected/hijacked?

    You have a lot of other good ideas posted here to follow up.

    Good Luck

  9. #9
    Senior Member
    Join Date
    Aug 2003
    Posts
    185
    hmmm...i have to correct me...
    first question is : how many winmgmt.exe exists on ya system?
    so do somethin like: dir /s c:\winmgnt.exe
    i'm shure you will find more than one...
    should be in
    c:\WINNT\ServicePackFiles\i386\
    c:\WINNT\system32\wbem
    replace all found winmgmt.exe with the one stored in c:\WINNT\ServicePackFiles\i386\
    this should help
    Industry Kills Music.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •