WBEM_ESS_OPEN_FOR_BUSINESS? A worm?

[Sunrise12]

Neither AVG, SuperSpyWare nor Malwarebytes has detected any malware in my system. (I keep the definitions updated.)

However, thanks to Process Explorer from Sysinternals, I found four suspicious Event strings in the svchost.exe and WmiPrvS.exe.

The BaseNamedObjects is named "WBEM_ESS_OPEN_FOR_BUSINESS".

That sounds too jokey to be legit.

It also says "WINMGMT_PROVIDER_CANSHUTDOWN".

A Google search did not help clear up my confusion; if anything, it left me more confused if this is a worm, which I fear it is.

I checked my boyfriend's computer and he has the exact same files in his XP computer as in my Win 7 laptop.

So, I suspect we have a worm to deal with.

Is anyone familiar with this? How can I can confirm if this is true and remove it?

Please help.

 

[Layback Bear]

I found this. It might help you understand things better.
wmiprvse.exe - What is wmiprvse.exe?

 

[Sunrise12]

Thanks, I found that too and it does not shed any light on the jokey phrase in question.

Many times malware poses as real processes and remains hidden and undetected that way.

 

[logicearth]

There is no issue here. This is a real event and not malware.
My advice, don't jump to conclusions when looking at things you do not understand.
Not everything is malware. Nor should you look for it when all your scans show nil.

 

[Sunrise12]

Thank you. I guess I am being paranoid.

I just wanted confirmation that the service/event is legit and not malware.

 

[Layback Bear]

Paranoid is another layer of security.
Happy computing.

 

[Sunrise12]

Since I have had my computer hacked, I would be stupid not to be somewhat paranoid and question things more than I did in the past.

So, yes, it's another layer of protection and better to be paranoid than trusting and naive.