> I figured that some applications call "WMIprsv" and/or "wmiaprsv"
> even I told the service-panel (with admin rights) to never use WMI.
> What I think about this just delaying shit is is that it just waits
> for an iNET-connection (which I wont allow anyway)...
> My question on this just is: "how to get rid of it!"
> I tried to delete all this 'wbem'-files but they seem to be immortal.
> So my thinking about M$ got one more task, how to prevent [stuff] ...
Yes. WinXP/7/Vista system files seem to be "immortal". They
are detected as missing and then restored for you ...
It's MS' gift to the world!
I'm not fully up to date on WinXP/7/Vista. I've only used them a few times.
I think these are your options:
1) run msconfig
2) login as administrator, delete files
3) delete appropriate registry key (regkey) using regedit
4) start the task manager, kill WMI processes
'msconfig' should allow you to disable any startup applications. I don't
know if WMI stuff is included. There are many webpages on how to use
'msconfig' on the Internet.
As I understand it, WinXP would allow you to use the administrator account
as your personal Windows account, if you chose to do so. Supposedly,
Win7/Vista will not let you use the administrator account as your personal
Windows account, ever. So, you have to login as adminstrator, selectively,
when needed. As administrator, you should be able to delete system files.
I think ... maybe ... maybe not.
It's likely there is a registry key that can be deleted to prevent WMI stuff
to start.
You probably need responses from others to provide more information. Or,
you may need to search the Internet for more information.
> I figured that some applications call "WMIprsv" and/or "wmiaprsv"
> even I told the service-panel (with admin rights) to never use WMI.
> What I think about this just delaying shit is is that it just waits
> for an iNET-connection (which I wont allow anyway)...
> My question on this just is: "how to get rid of it!"
> I tried to delete all this 'wbem'-files but they seem to be immortal.
> So my thinking about M$ got one more task, how to prevent shit ...
> __
> wolfgang
If this is a new phenomena...
Check another user on that system.
If it is effecting just the one user,
Delete that account after copying/backing up
desired files and data.
Create a new account. Copy back the files and data.
(Excessive but easy).
HTH
Dan
>> I figured that some applications call "WMIprsv" and/or "wmiaprsv"
>> even I told the service-panel (with admin rights) to never use WMI.
>> What I think about this just delaying shit is is that it just waits
>> for an iNET-connection (which I wont allow anyway)...
>> My question on this just is: "how to get rid of it!"
>> I tried to delete all this 'wbem'-files but they seem to be immortal.
>> So my thinking about M$ got one more task, how to prevent [stuff] ...
> Yes. WinXP/7/Vista system files seem to be "immortal". They
> are detected as missing and then restored for you ...
> It's MS' gift to the world!
They seem to be 'undeletable' at all, because they are there again
immediatly after deletion followed by 'actualise view'
> I'm not fully up to date on WinXP/7/Vista. I've only used them a few > times.
> I think these are your options:
> 1) run msconfig
> 2) login as administrator, delete files
> 3) delete appropriate registry key (regkey) using regedit
> 4) start the task manager, kill WMI processes
AD 4) that's what I do, but then it's already to late for the app
to start within certain time :)
> 'msconfig' should allow you to disable any startup applications. I don't
> know if WMI stuff is included. There are many webpages on how to use
> 'msconfig' on the Internet.
This wbem-story isn't a startup item. I see it in the task-manager after
I close the net-connection and right after some application starts.
And the delayed startup of the latter made me search for who does it.
> As I understand it, WinXP would allow you to use the administrator account
> as your personal Windows account, if you chose to do so. Supposedly,
> Win7/Vista will not let you use the administrator account as your personal
> Windows account, ever. So, you have to login as adminstrator, > selectively,
> when needed. As administrator, you should be able to delete system files.
> I think ... maybe ... maybe not.
Yeah, but I'm always admin on this machine (XPpro) anyway.
> It's likely there is a registry key that can be deleted to prevent WMI > stuff
> to start.
Couldn't find it the registry, perhaps it's hidden below another name.
> You probably need responses from others to provide more information. Or,
> you may need to search the Internet for more information.
>> My question on this just is: "how to get rid of it!"
> If this is a new phenomena...
It's not new at all, I just wondered why some programs
failed to start within a given timelimit
> Check another user on that system.
> If it is effecting just the one user,
> Delete that account after copying/backing up
> desired files and data.
> Create a new account. Copy back the files and data.
> (Excessive but easy).
Thanks, I'm the only user here, even seen twice by windoze :)
On Saturday, November 3, 2012 5:09:14 AM UTC-5, wolfgang kern wrote:
> Rod Pemberton replied:
> >> I figured that some applications call "WMIprsv" and/or "wmiaprsv"
> >> even I told the service-panel (with admin rights) to never use WMI.
> >> What I think about this just delaying shit is is that it just waits
> >> for an iNET-connection (which I wont allow anyway)...
> >> My question on this just is: "how to get rid of it!"
> >> I tried to delete all this 'wbem'-files but they seem to be immortal.
> >> So my thinking about M$ got one more task, how to prevent [stuff] ...
> > Yes. WinXP/7/Vista system files seem to be "immortal". They
> > are detected as missing and then restored for you ...
> > It's MS' gift to the world!
> They seem to be 'undeletable' at all, because they are there again
> immediatly after deletion followed by 'actualise view'
> > I'm not fully up to date on WinXP/7/Vista. I've only used them a few
> > times.
> > I think these are your options:
> > 1) run msconfig
> > 2) login as administrator, delete files
> > 3) delete appropriate registry key (regkey) using regedit
> > 4) start the task manager, kill WMI processes
> AD 4) that's what I do, but then it's already to late for the app
> to start within certain time :)
> > 'msconfig' should allow you to disable any startup applications. I don't
> > know if WMI stuff is included. There are many webpages on how to use
> > 'msconfig' on the Internet.
> This wbem-story isn't a startup item. I see it in the task-manager after
> I close the net-connection and right after some application starts.
> And the delayed startup of the latter made me search for who does it.
You might try: open a command prompt, >netstat -bvn
which gives the current Active Connections and their PID number. Then look in the Windows Task Manager for the same PID number to see what process is using it. For me, I have an PID entry of an Active Connection, currently on the XPpro box, of 1404. This matches the PID in the windows task manager of jqs.exe <java quick starter>. The thing is that you have to check netstat while the Connection is open. Some process don't stay active.
But I don't show a current process in the Windows Task Manager named wbem or whatever. Perhaps it is because this user isn't admin, or the process has closed already.
This tells me that WMI is an architecture woven into windows. So I wouldn't try to dismantle it, but would try to find the offending application.
One thing that creating a new user account does is it baselines the initial processes listed in Windows Task Manager, the new user gets the original baseline (defaults) of processes. Not all later installed processes get carried over into it. You might try creating a new admin user and compare the loaded processes of the windows task manager with that of your current user. And see if the bad behavior is absent in the new user. My process lists are all different among the 4 user accts. here, yet I am the only operator of this machine.
I like Frank's idea too. I spend more time on this debian linux box than on the XP box nowadays.
On Tue, 30 Oct 2012 19:40:28 +0100, "wolfgang kern" <nowh...@never.at>
wrote:
>I figured that some applications call "WMIprsv" and/or "wmiaprsv"
>even I told the service-panel (with admin rights) to never use WMI.
>What I think about this just delaying shit is is that it just waits
>for an iNET-connection (which I wont allow anyway)...
>My question on this just is: "how to get rid of it!"
>I tried to delete all this 'wbem'-files but they seem to be immortal.
>So my thinking about M$ got one more task, how to prevent shit ...
>__
>wolfgang
i can speak for MS Windows 7 in a mini-pc x86 32bit cpu, wi-fi etc;
some time ago when i run that machine the first time there were
some process that wrote, in the disk many data...
so i begin to block OS services, until the mini pc did not write more
in the disck that so big data etc; i don't remember what service;
than block all server services for internet and block wi-fi services
so that if someone want to connect to internet: it were impossible
without know how sane services...
now i had to use wi-fi, so i had to run many services; so some
problems begin again...[i not remember what services, and the pc could
be misconfigurated too] the first problem it seems mswinext "MSN
toolbar"
write big data in the disk
the second some process connect i don't know where and not always
send or riceve at last 1Mb of data, not want by me[i would see it some
connection ago...]
i believe the MS OS has many services, it would be good to know
the list of services for make the OS only run, [without internet, wi-fi, touch screen [that here i not have],
search built in OS functions that store path etc etc]
the only disk, screen, keyboard, mause
the list services need for internet
the list services need for act this pc as server
etc
the little experience with window phone is very good...
easy to use,
fast, no Mb send or receive from the net i not confirm...
very good; i prefer follow facebook from windows phone than
from a pc... less MBs and easy to use more than internet pages
> [about WMI...]
>>> My question on this just is: "how to get rid of it!"
>> If this is a new phenomena...
> It's not new at all, I just wondered why some programs
> failed to start within a given timelimit
>> Check another user on that system.
>> If it is effecting just the one user,
>> Delete that account after copying/backing up
>> desired files and data.
>> Create a new account. Copy back the files and data.
>> (Excessive but easy).
> Thanks, I'm the only user here, even seen twice by windoze :)
> __
> wolfgang
It could be a virus/trojan.
Open your Task Manager and under Processes, look for
svchost.exe *32 or just svchost *32
If you find it, and it is very active...
I would create a new user and delete your current one.
The 32 bit version of svchost.exe is found in C:\Windows\SysWOW64
It really shouldn't be on with a 64bit system.
I had a virus that wasn't detected by my AV or "Windoze" Defender
or my 2 firewalls. It was using the 32bit svchost.exe for an
extreme amount of bandwidth that I couldn't stop until...
I deleted that user, Which was my main user.
Now I have 4 users on MY laptop,
Programmer, personal, misc, and my Admin account.
Just today I was on my personal user (as I am now) and I was
searching for a Doctor for my kid and one page I loaded jumped me
into some trap I was lucky to get out of before it hog tied me again!
If I have to delete my personal user again, At least I don't have
to move as many files around
<Rosa...@nospicedham.invalid.invalid> wrote:
>the second some process connect i don't know where and not always
>send or riceve at last 1Mb of data, not want by me[i would see it some
>connection ago...]
there is a process continue send or riceve data from internet until
connection is close
but when
i activate administrative "Gestione attività windows" this process
send recive nothing, so i can not identify it...
if the process would be active with "netstat -bvoa" i would identify
it...
<dsutNO...@nospicedham.tcSPAM3net.com> wrote:
>On 11/3/2012 6:19 AM, wolfgang kern wrote:
>> Dan Sutter wrote:
>> [about WMI...]
>>>> My question on this just is: "how to get rid of it!"
>>> If this is a new phenomena...
>> It's not new at all, I just wondered why some programs
>> failed to start within a given timelimit
>>> Check another user on that system.
>>> If it is effecting just the one user,
>>> Delete that account after copying/backing up
>>> desired files and data.
>>> Create a new account. Copy back the files and data.
>>> (Excessive but easy).
>> Thanks, I'm the only user here, even seen twice by windoze :)
>> __
>> wolfgang
>It could be a virus/trojan.
>Open your Task Manager and under Processes, look for
>svchost.exe *32 or just svchost *32
svchost.exe would be a OS program, where is the problem?
i don't identify the problem with that program...
> On Sun, 04 Nov 2012 21:24:40 -0500, Dan Sutter
> <dsutNO...@nospicedham.tcSPAM3net.com> wrote:
>> On 11/3/2012 6:19 AM, wolfgang kern wrote:
>>> Dan Sutter wrote:
>>> [about WMI...]
>>>>> My question on this just is: "how to get rid of it!"
>>>> If this is a new phenomena...
>>> It's not new at all, I just wondered why some programs
>>> failed to start within a given timelimit
>>>> Check another user on that system.
>>>> If it is effecting just the one user,
>>>> Delete that account after copying/backing up
>>>> desired files and data.
>>>> Create a new account. Copy back the files and data.
>>>> (Excessive but easy).
>>> Thanks, I'm the only user here, even seen twice by windoze :)
>>> __
>>> wolfgang
>> It could be a virus/trojan.
>> Open your Task Manager and under Processes, look for
>> svchost.exe *32 or just svchost *32
> svchost.exe would be a OS program, where is the problem?
> i don't identify the problem with that program...
certain trojans mimic system processes, like svchost.exe, because the idea is that people will selectively filter out things which look like system processes.
often, these "svchost.exe" files have a different startup path though.
> On 11/5/2012 2:38 AM, Rosario1903 wrote:
>> On Sun, 04 Nov 2012 21:24:40 -0500, Dan Sutter
>> <dsutNO...@nospicedham.tcSPAM3net.com> wrote:
>>> On 11/3/2012 6:19 AM, wolfgang kern wrote:
>>>> Dan Sutter wrote:
>>>> [about WMI...]
>>>>>> My question on this just is: "how to get rid of it!"
>>>>> If this is a new phenomena...
>>>> It's not new at all, I just wondered why some programs
>>>> failed to start within a given timelimit
>>>>> Check another user on that system.
>>>>> If it is effecting just the one user,
>>>>> Delete that account after copying/backing up
>>>>> desired files and data.
>>>>> Create a new account. Copy back the files and data.
>>>>> (Excessive but easy).
>>>> Thanks, I'm the only user here, even seen twice by windoze :)
>>>> __
>>>> wolfgang
>>> It could be a virus/trojan.
>>> Open your Task Manager and under Processes, look for
>>> svchost.exe *32 or just svchost *32
>> svchost.exe would be a OS program, where is the problem?
>> i don't identify the problem with that program...
> certain trojans mimic system processes, like svchost.exe, because the idea is that people will selectively filter out things which look like system
> processes.
> often, these "svchost.exe" files have a different startup path though.
svchost.exe is used by other programs to open communication sockets, I believe.
Many processes can run under the guise of (through) it.
It would only be suspicious if it was eating up your bandwidth, which would
show up back in Task Manager on the network tab.
When I experienced it, I would "end task" it, the network utilization would go to zero,
then if just a few moments, the utilization would start up again and looking
back a the process tab, there was svchost.exe *32 again.
It wouldn't "stay" off, but only for that one user profile.
See:
http://www.howtogeek.com/howto/windows-vista/what-is-svchostexe-and-w... Excerpt: ------------------------
So What Is It?
According to Microsoft: “svchost.exe is a generic host process name for services that run
from dynamic-link libraries”.
Could we have that in english please?
Some time ago, Microsoft started moving all of the functionality from internal Windows services
into .dll files instead of .exe files. From a programming perspective this makes more sense for
reusability… but the problem is that you can’t launch a .dll file directly from Windows, it has
to be loaded up from a running executable (.exe).
Thus the svchost.exe process was born.
End Excerpt --------------------------
It was too much to track down so I removed that user profile.
HTH
Dan
> Sorry for delayed postings. Power out here. Running off an inverter
> hooked to my idling car...
Really?? Wow! I am much obliged for the extent of your devotion,
Frank. I hope you remember that these moderation duties are not the
military. Never sacrifice refrigerator power for this rinky-dink pub.
This reminds me that I need to renew domain before the end of the
year. Also, I'm thinking of a way to expand the team so that we can
better handle these types of storms. Any suggestions and volunteers
are welcome at my e-mail box.
Hope all are well and don't get too stressed during the busy Christmas
Season.
> > Sorry for delayed postings. Power out here. Running off an inverter
> > hooked to my idling car...
> {snippage}
> This reminds me that I need to renew domain before the end of the
> year.
Well, as long as there is no human error (or natural disaster {or acts
of God}) at either the hosting site or the payment processor, this
issue should not be a problem this time around.
