2748] C:\WINDOWS\system32\wbem\wmiprvse.exe

Solved
flexi2202 -  
 fuckup -
Hello
I am currently scanning my PC with Squared and it detects this Trojan, but it's impossible to remove. What should I do?
Thank you for your help.
For your information, it is the only one detecting it... in safe mode it doesn't see it
2748] C:\WINDOWS\system32\wbem\wmiprvse.exe Detected objects: Trojan-Downloader.Win32.Small.apzd!A2

Configuration: Windows XP / Firefox 3.6

4 answers

  1. moment de grace Posted messages 29099 Registration date   Status Security Contributor Last intervention   2 274
     
    Hello

    Download ZHPDiag (by Nicolas Coolman).
    https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html

    (diagnostic tool)

    Double-click on the installation file, then install it with the default settings (Don’t forget to check "Create a desktop icon")

    Launch ZHPDiag by double-clicking the icon on your desktop (Right-click -> Run as administrator for Vista)

    Click on the magnifying glass at the top left, then let the tool scan.

    Once the scan is complete, click on the floppy disk icon and save the file to your desktop.

    Go to Cjoint: http://www.cijoint.fr/

    Click on "Browse" in the "Attach a file[...]" section

    Select the ZHPdiag.txt report that is on your desktop

    Then click on "Click here to upload the file" and copy/paste the link in your next message

    If there are issues with Cijoint.fr => use https://www.cjoint.com/

    --

    I'm searching a lot... and now I find!
    (smile)
    0
  2. flexi2202
     
    Thank you for the response
    so I clarify that in safe mode the process does not execute ... a2 squared is the only one that sees it and deletes it but it comes back every time

    here is the report
    http://www.cijoint.fr/cjlink.php?file=cj201004/cijrYv4kz3.txt

    thank you for the help
    0
    1. fuckup
       


      "Warning: if this process is located in the C:\WINDOWS\system32\ folder, then it is a virus.
      In this case, please read our corresponding page:
      http://www.generation-nt.com/w32-sonebot-b-wmiprvse-exe-processus-27403.html

      If this process is located in the C:\WINDOWS\system32\wbem\ folder, then it is a component of the Windows operating system. It is a management tool designed to group many APIs that provide access to various parts of the computer. Please keep this process."
      0
  3. moment de grace Posted messages 29099 Registration date   Status Security Contributor Last intervention   2 274
     
    ok

    1)

    * Download AD-Remover to your Desktop. (Thanks to C_XX)
    http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

    Mirror:

    https://www.androidworld.fr/

    /!\ Disconnect from the internet and close all running applications /!\

    Temporarily disable, and only for the duration of using ADremover, the real-time protection of your Antivirus and Antispyware, which can significantly hinder the search and cleaning process of the tool.

    - Double-click the Ad-remover icon located on your Desktop.
    - On the page, click the " CLEAN " button
    - Confirm the start of the scan
    - Let the tool work.
    - Post the report that appears at the end.

    (The report is also saved under C:\Ad-report(Scan/clean).Txt)

    (CTRL+A to select all, CTRL+C to copy and CTRL+V to paste)

    ........................

    2)

    delete the zhp diag report and create a new one ensuring that these lines are checked
    O1,O45,O61,O65

    .......................

    3)

    also post the latest MalwareByte's Anti-Malware report in your possession without redoing it

    --

    I search a lot... and now I find!
    (smile)
    0
  4. flexi2202
     
    Sorry for the late reply... but in the end, I had to redo my machine because Windows wouldn’t start anymore, neither in safe mode nor in normal mode.
    But thank you for your help.
    0