WBEM_ESS_OPEN_FOR_BUSINESS? A worm?

Sunrise12 · 15 Oct 2012

Neither AVG, SuperSpyWare nor Malwarebytes has detected any malware in my system. (I keep the definitions updated.)

However, thanks to Process Explorer from Sysinternals, I found four suspicious Event strings in the svchost.exe and WmiPrvS.exe.

The BaseNamedObjects is named "WBEM_ESS_OPEN_FOR_BUSINESS".

That sounds too jokey to be legit.

It also says "WINMGMT_PROVIDER_CANSHUTDOWN".

A Google search did not help clear up my confusion; if anything, it left me more confused if this is a worm, which I fear it is.

I checked my boyfriend's computer and he has the exact same files in his XP computer as in my Win 7 laptop.

So, I suspect we have a worm to deal with.

Is anyone familiar with this? How can I can confirm if this is true and remove it?

Please help.

Layback Bear · 15 Oct 2012

I found this. It might help you understand things better.
wmiprvse.exe - What is wmiprvse.exe?

Sunrise12 · 15 Oct 2012

Thanks, I found that too and it does not shed any light on the jokey phrase in question.

Many times malware poses as real processes and remains hidden and undetected that way.

logicearth · 15 Oct 2012

There is no issue here. This is a real event and not malware.
My advice, don't jump to conclusions when looking at things you do not understand.
Not everything is malware. Nor should you look for it when all your scans show nil.

Sunrise12 · 16 Oct 2012

Thank you. I guess I am being paranoid.

I just wanted confirmation that the service/event is legit and not malware.

Layback Bear · 16 Oct 2012

Paranoid is another layer of security.
Happy computing.

Sunrise12 · 06 Dec 2012

Since I have had my computer hacked, I would be stupid not to be somewhat paranoid and question things more than I did in the past.

So, yes, it's another layer of protection and better to be paranoid than trusting and naive.