What is wmiprves, How to remove wmiprves

wmiprves is a harmful program.

It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Filename: {RANDOM}.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | wmiprves

Command: %Temp%\{RANDOM}.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [wmiprves] C:\DOCUME~1\User\LOCALS~1\Temp\qh0foylxn.exe

DDS Line:

mRun: [wmiprves] C:\DOCUME~1\User\LOCALS~1\Temp\qh0foylxn.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“wmiprves”=C:\DOCUME~1\User\LOCALS~1\Temp\qh0foylxn.exe

Description: trojan that also known as Trojan-Downloader.Win32.Murlo.gvs [Kaspersky Lab], Virus.Win32.Delf.HTI [Ikarus]
Notes: installed with l84alx.exe, msgciutr.dll

How to remove: use HijackThis + Malwarebytes` Anti-malware + Kaspersky virus removal tool

This entry was posted on Sunday, July 25th, 2010 at 7:20 am and is filed under O4, Run, Trojan. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HT Logs. Tips, FAQs, Analyze.

Categories

Archives

What is wmiprves, How to remove wmiprves

wmiprves is a harmful program.

Leave a Reply