Help - Search - Members
Full Version: wmiadap.exe
Kaspersky Lab Forum > English User Forum > Protection for Home Users > Kaspersky Internet Security & Anti-Virus for Windows
matt_matt
Hello,
I've been using Kasperky Antivirus for a few months now and I love it.
Lately, I've been getting proactive defense info popups for the following:
Registry access to this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM\DREDGE
From this process:
C:\WINDOWS\system32\wbem\wmiadap.exe

The info states that this executable is attempting to modify the list of system startup modules.

Should I block this? It just started happening a week ago and occurs every time I reboot.

Thanks in advance.
Lucian Bara
hello
no you probably should not. are you using version 6? if so try upgrading to v7, most of those messages should dissapear: http://forum.kaspersky.com/index.php?showtopic=44499
matt_matt
QUOTE(Lucian Bara @ 27.10.2007 09:26) *
hello
no you probably should not. are you using version 6? if so try upgrading to v7, most of those messages should dissapear: http://forum.kaspersky.com/index.php?showtopic=44499

I just purchased v6. I'd rather not pay for the new version - couldn't you fix this bug (if it's a bug) in V6. Of course, if you offered me a free upgrade, I'd be happy to try that.
matt_matt
QUOTE(Lucian Bara @ 27.10.2007 09:26) *
hello
no you probably should not. are you using version 6? if so try upgrading to v7, most of those messages should dissapear: http://forum.kaspersky.com/index.php?showtopic=44499

Never mind, I just checked your site - it appears that I can upgrade for to v7 for free. I'm going to try that.
Thanks.
matt_matt
QUOTE(Lucian Bara @ 27.10.2007 08:26) *
hello
no you probably should not. are you using version 6? if so try upgrading to v7, most of those messages should dissapear: http://forum.kaspersky.com/index.php?showtopic=44499

Hi Lucian,
I upgraded to v7 and the behavior is still occurring. Whenever I reboot, I get this Riskware/Invader warning:
Intrusive process:
C:\WINDOWS\System32\svchost.exe
Process ID (PID): 1376

Attempt of process intrusion:
C:\WINDOWS\system32\wbem\wmiadap.exe
Process ID (PID): 3900

Can I trust this process? Neither svchost.exe or wmiadap.exe have been modified since 2004.
Thanks,
Matt
daved
QUOTE(matt_matt @ 15.11.2007 13:31) *
Hi Lucian,
I upgraded to v7 and the behavior is still occurring. Whenever I reboot, I get this Riskware/Invader warning:
Intrusive process:
C:\WINDOWS\System32\svchost.exe
Process ID (PID): 1376

Attempt of process intrusion:
C:\WINDOWS\system32\wbem\wmiadap.exe
Process ID (PID): 3900

Can I trust this process? Neither svchost.exe or wmiadap.exe have been modified since 2004.
Thanks,
Matt

Hi Matt,
I am still using v6. Have a similar problem w/ intrusive behavior from C:\WINDOWS\system32\svchost.exe. Also w/ WINDOWS\explorer.exe attempting to invade C:\programfiles\InternetExplorer\iexplore.exe - these two have been ongoing for several months, I just block them. A new one developed this week:
...\OpenWithList\MicrosoftOfficeWord\Shell\Edit attempting to invade C:\ProgramFiles\InternetExplorer\iexplore.exe

Did version 7.0 clean that u for you? Thanks, Dave
matt_matt
QUOTE(daved @ 15.11.2007 21:42) *
Hi Matt,
I am still using v6. Have a similar problem w/ intrusive behavior from C:\WINDOWS\system32\svchost.exe. Also w/ WINDOWS\explorer.exe attempting to invade C:\programfiles\InternetExplorer\iexplore.exe - these two have been ongoing for several months, I just block them. A new one developed this week:
...\OpenWithList\MicrosoftOfficeWord\Shell\Edit attempting to invade C:\ProgramFiles\InternetExplorer\iexplore.exe

Did version 7.0 clean that u for you? Thanks, Dave

No. v7 didn't fix it for me - it still happens. Usually, I just terminate it and nothing bad (that I'm aware of) seems to happen.
However, if you look at sites like this, it sounds as if wmiadap.exe is a standard and necessary Windows system executable:
http://www.liutilities.com/products/wintas...ibrary/wmiadap/
daved
QUOTE(matt_matt @ 15.11.2007 21:17) *
No. v7 didn't fix it for me - it still happens. Usually, I just terminate it and nothing bad (that I'm aware of) seems to happen.
However, if you look at sites like this, it sounds as if wmiadap.exe is a standard and necessary Windows system executable:
http://www.liutilities.com/products/wintas...ibrary/wmiadap/

That's what I can't figure - from what I've read they sound 'standard and necessary' - so why aren't they recognised as such by Kaspersky? Dave
Lucian Bara
invader is not the same thing as registry access. invader means a program is injecting it's code into another process. post a getsysteminfo log, it's not normal to see invader for every application, but something is deffinetly there:
http://forum.kaspersky.com/index.php?showtopic=36444
matt_matt
QUOTE(Lucian Bara @ 16.11.2007 08:41) *
invader is not the same thing as registry access. invader means a program is injecting it's code into another process. post a getsysteminfo log, it's not normal to see invader for every application, but something is deffinetly there:
http://forum.kaspersky.com/index.php?showtopic=36444

OK, I did that. This is what GetSystemInfo Parser found (2 possible problems):
1)
=> Broadcom NetXtreme 57xx Gigabit Controller New update available
Current version: 8.48.0.0 -> [ New 10.24d WHQL here ]
Available for Windows XP

and
2)
=> Spybot - Search & Destroy Reason: [ Spybot / Product name ]

The Broadcom error doesn't make any sense because I don't have any Broadcom hardware.
The other seems to be occuring because I have Spybot installed. I use Spybot to find and remove spyware and it's not currently running
on my machine.

Now what?
Lucian Bara
post the link to the log here
matt_matt
QUOTE(Lucian Bara @ 22.11.2007 03:58) *
post the link to the log here

Here's my log info:
http://gsi.kaspersky.fr/lire.php?hl=en&...fd5c1b651b0dc4#
richbuff
Spybot is a possible factor, is it running realtime?
matt_matt
QUOTE(richbuff @ 3.12.2007 22:19) *
Spybot is a possible factor, is it running realtime?

No, I'm not running Spybot in realtime right now.
I think I figured it out - I was just looking at all my running processes and installed software and found this:
http://www.wavesys.com/products/ets.html
I uninstalled it and rebooted and haven't seen the invader alert in Kaspersky.
Fingers crossed.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.