Winmgmt.exe

Printable View

August 17th, 2003, 08:12 PM
coleycole3

Winmgmt.exe

On my Windows 2000 machine I am having trouble getting anything at all to run as the process winmgmt.exe seems to be taking up almost all of the CPU resources. Can't really think of anything major I have done since the computer was last working okay. Please help if there are any ideas. Also, I have all the latest service packs/updates and no viruses as far as I can tell. At least not msblast.

Thanks.
August 17th, 2003, 08:21 PM
Tedob1

do a netstat and post it. i have a suspicion you might show a connection to an IRC server
August 17th, 2003, 08:22 PM
dcongram

Try running another AV scan from a different company. www.symantec.com - Security Response - Free online AV/Security scan (choose AV)

Or www.pc-cillin.com - House Call - Scan without registering.

I got nailed last week by a Trojan.......and my 'Panda' (daily updated) didn't catch it.
August 17th, 2003, 08:34 PM
Tedob1

i suspect it might be the muma worm or something similar. if a trojan scan finds a virus it would still leave the ftp server running if installed and still connect to an irc to let its makers know your open.
August 17th, 2003, 08:50 PM
coleycole3

i will try these solutions as soon as possible. another thing though. the only time i can use the keyboard is to tab through the options when i hit alt-ctrl-del. it won't even let me type in a program to run there. maybe this is trait of a certain virus you guys may know of these. thanks for all your help and please keep the suggestions coming while i am trying these out here in the next hour or so!
August 17th, 2003, 09:17 PM
Tedob1

do you have w2kpro or home edition? eitheir way the three finger salute should bring up the task manager in home ed and an option box in pro. neither one allows you to type a program to run unless your talking about the add button. To run a program you press the <windows button then "R"> kill WinMgmt in services.msc or taskmanager>>services until you find out what it is
August 25th, 2003, 02:59 PM
stanger

first question is: is this winmgmt really the orig. w2k service - i don't think so...
so don't kill the w2k service called winmgnt.
better you get pstools from winternals
i think it's the best way to show running processes and kill them if suspicious.
August 25th, 2003, 03:15 PM
nihil

Try getting AdAware6 from lavasoft, Spybot Search & Destroy and update, then run them. I would also suggest Hijack This v1.96 by merijn. http://www.spywareinfo.com

The last one shows you stuff that is running on your box that other tools might miss.

What I am suggesting is that the first step should be to eliminate the possibility of malware running on your box. stanger has a good point.................your version may have been infected/hijacked?

You have a lot of other good ideas posted here to follow up.

Good Luck
August 25th, 2003, 04:08 PM
stanger

hmmm...i have to correct me...
first question is : how many winmgmt.exe exists on ya system?
so do somethin like: dir /s c:\winmgnt.exe
i'm shure you will find more than one...
should be in
c:\WINNT\ServicePackFiles\i386\
c:\WINNT\system32\wbem
replace all found winmgmt.exe with the one stored in c:\WINNT\ServicePackFiles\i386\
this should help :)