Re: WMIPRVSE trying to TFTP a lot! Why?
- From: "David H. Lipman" <DLipman~nospam~@Verizon.Net>
- Date: Tue, 10 Feb 2009 05:58:52 -0500
From: "MrBeatnik" <MrBeatnik@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Hi all,
| Not sure if this is the right place to post...
| C:\WINDOWS\system32\wbem\wmiprvse.exe is trying to use C:\WINDOWS
| \system32\tftp.exe to send data somewhere on all my machines in an
| enterprise environment.
| We use McAfee with rules to block any TFTP use, so the action is blocked. If
| it were not, I wouldn't even know that it was trying to do this. I'm sure the
| machines do not have a virus, and not compromised in any other way. It seems
| that WMIPRVSE is trying to do this "legitimately".
| Can anyone tell me:
| 1) Why it is trying to TFTP?
| 2) How I can configure it to STOP trying to TFTP?
| Thanks!
There is a strong possibility the PC is infected.
Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
Then post the contents of the HJT log in your post with a full explanation of your problem
and what you have done to date in one of the below expert forums...
{ Please - Do NOT post the HJT Log here ! }
Forums where you can get expert advice for HiJack This! (HJT) Logs.
NOTE: Registration is REQUIRED in any of the below before posting a log
Suggested primary:
http://www.thespykiller.co.uk/index.php?board=3.0
Suggested secondary:
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
Suggested tertiary:
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://aumha.net/viewforum.php?f=30
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
.
- Follow-Ups:
- Re: WMIPRVSE trying to TFTP a lot! Why?
- From: MrBeatnik
- Re: WMIPRVSE trying to TFTP a lot! Why?
- References:
- WMIPRVSE trying to TFTP a lot! Why?
- From: MrBeatnik
- WMIPRVSE trying to TFTP a lot! Why?
- Prev by Date: Re: Desktop Symbol (NOT Icon) Cannot Delete
- Next by Date: Re: Boot dvd for automatic restore image of XP
- Previous by thread: WMIPRVSE trying to TFTP a lot! Why?
- Next by thread: Re: WMIPRVSE trying to TFTP a lot! Why?
- Index(es):
Relevant Pages
|
