Unsolved
This post is more than 5 years old
5 Posts
0
13626
XPS 410 Runtime Error wmiprvse.exe
XPS 410 Runtime Error wmiprvse.exe
On a new 410 (received second week of Oct)... the full error is:
-------------------
Microsoft Visual C++ Runtime Library
Runtime Error!
Program: C:\WINDOWS\SYSTEM32\WBEM\wmiprvse.exe
This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information
Please contact the application's support team for more information
---------------------
It's happening several times a day, with each incident generating two of the above messages - one ontop of another.
Any ideas?
Matt Artelt
31 Posts
0
November 2nd, 2006 03:00
http://www.sophos.com/virusinfo/analyses/w32sonebotb.html
========================
This section helps you to understand how it behaves
W32/Sonebot-B is a network worm which includes IRC bot and backdoor functionality that allows unauthorised remote access to the infected computer.
This worm copies itself to network shares with weak passwords, initiates a remote background process, connects to a remote IRC server and joins a specific channel.
W32/Sonebot-B drops a copy of itself to the Windows System32 folder with the filename WMIPRVSE.EXE and sets the following registry entries to run the copy on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Kernel_check = wmiprvse.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Kernel_check = wmiprvse.exe
W32/Sonebot-B also attempts to terminate a number of processes and delete a number of files from the infected computer.
This worm may also set the following registry entries:
HKLM\System\CurrentControlSet\Services\lanmanserver\parameters\
AutoShareServer =
AutoShareWks =
HKLM\System\CurrentControlSet\Control\lsa\
RestrictAnonymous =
RestrictAnonymousSam =
========================
walts0042
5 Posts
0
November 2nd, 2006 08:00
walts0042
5 Posts
0
April 7th, 2007 17:00
Message Edited by walts0042 on 04-07-2007 02:15 PM