Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: WBEM_ESS_OPEN_FOR_BUSINESS? A worm?

15 Oct 2012   #1
Sunrise12

Win 7 64
 
 
WBEM_ESS_OPEN_FOR_BUSINESS? A worm?

Neither AVG, SuperSpyWare nor Malwarebytes has detected any malware in my system. (I keep the definitions updated.)

However, thanks to Process Explorer from Sysinternals, I found four suspicious Event strings in the svchost.exe and WmiPrvS.exe.

The BaseNamedObjects is named "WBEM_ESS_OPEN_FOR_BUSINESS".

That sounds too jokey to be legit.

It also says "WINMGMT_PROVIDER_CANSHUTDOWN".

A Google search did not help clear up my confusion; if anything, it left me more confused if this is a worm, which I fear it is.

I checked my boyfriend's computer and he has the exact same files in his XP computer as in my Win 7 laptop.

So, I suspect we have a worm to deal with.

Is anyone familiar with this? How can I can confirm if this is true and remove it?

Please help.


My System SpecsSystem Spec
.
15 Oct 2012   #2
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

I found this. It might help you understand things better.
wmiprvse.exe - What is wmiprvse.exe?
My System SpecsSystem Spec
15 Oct 2012   #3
Sunrise12

Win 7 64
 
 

Thanks, I found that too and it does not shed any light on the jokey phrase in question.

Many times malware poses as real processes and remains hidden and undetected that way.
My System SpecsSystem Spec
.

15 Oct 2012   #4
logicearth

Windows 10 Pro (x64)
 
 

There is no issue here. This is a real event and not malware.
My advice, don't jump to conclusions when looking at things you do not understand.
Not everything is malware. Nor should you look for it when all your scans show nil.
My System SpecsSystem Spec
16 Oct 2012   #5
Sunrise12

Win 7 64
 
 

Thank you. I guess I am being paranoid.

I just wanted confirmation that the service/event is legit and not malware.
My System SpecsSystem Spec
16 Oct 2012   #6
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Paranoid is another layer of security.
Happy computing.
My System SpecsSystem Spec
06 Dec 2012   #7
Sunrise12

Win 7 64
 
 

Since I have had my computer hacked, I would be stupid not to be somewhat paranoid and question things more than I did in the past.

So, yes, it's another layer of protection and better to be paranoid than trusting and naive.
My System SpecsSystem Spec
Reply

 WBEM_ESS_OPEN_FOR_BUSINESS? A worm?




Thread Tools





Similar help and support threads
Thread Forum
blaster.worm help
my laptop wont do anything. I keep getting a message saying blocked by w32/blaster.worm. Can you please pretty please help me
System Security
More RDP Worm Variants?
The ISC (Internet Storm Center, a part of SANS) has this posted as of a today: With the release of the "Morto" worm last month , more attention is being paid to malware scanning for RDP . Today, we had a reader report a possible new version of the Win32/Morto RDP brute forcing worm. The worm...
System Security
worm blaster
my husbands computer got the worm blaster. the computer was working fine in the am.and i had only searched walmart .com. at noon when he turned it on it said it was infected and wouldnt let us go to anything. i am running avg(updated) and mcfee on it. now all of his desktop icons are gone and i...
System Security
I Think I May Have A Worm or Virus
Hey I've been getting ICMP flood errors lately, and now today hardly any of the services on my machine work like Windows Audio and I can't enable the audio services, etc... And the services keep getting disabled like security center and stuff. And I can only choose Windows Classic and the High...
System Security
Worm vb-740
I use ClamWin AV (latest, up-to-date version) Windows 7 (Build 7100) Anyone else find one of these in a virus scan? It wasn't there until after i did a Windows Update! Scan Started Mon Jun 01 13:26:54 2009 ---------------------------------------
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 09:01.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App