How to Remove the Wmiprvse.EXE Virus

The wmiprvse.exe virus has two possible ways of appearing on your computer. One is a more obvious wmiprvsw.exe and the other is a worm that appears as the standard wmiprvse.exe process and is also known as SONEBOT-B. In either case, removing the wmiprvse.exe without using antivirus software is not very difficult and can be done without causing any harm to your computer. If you do make a mistake and end processes that are vital to your computer or remove registry keys that are vital, the System Restore tool will act as a safety net.

...
Back up important files to a thumb drive or external hard drive for safekeeping.

Step

Back up any files, pictures, videos or other data that you wouldn’t want to lose if your computer crashed completely. Store these files on an external thumb drive or hard drive that will not be affected by the computer’s crashing.

Step

Restart the computer in Safe Mode before you proceed. This will run only the most basic of computer programs on your computer but will still run the wmiprvse.exe virus.

Step

Press "Ctrl + Alt + Delete" on your computer keyboard and then select "Start Task Manager" to open the Task Manager.

Step

Click on the "Process" tab and locate the wmiprvse.exe, wmiprvsw.exe or SONEBOT-B.exe processes on the list of processes.

Step

Right-click on the wmiprvsw.exe or SONEBOT-B.exe process and then select "End Process" to stop the process entirely. Note that if you have the SONEBOT-B version of the virus, you will either have both the wmiprvse.exe process and the SONEBOT-B.exe process or just the wmiprvse.exe process. If the wmiprvse.exe process is the only one showing up on your screen, then skip this step. You do not want to stop wmiprvse.exe because it belongs to the Windows Management Instrumentation and is a vital process to your operating system working correctly. If you do end this process, you’ll have to restart your computer before continuing.

Step

Click "Start" and type "SONEBOT-B" or "wmiprvsw" into the search bar, then press "Enter" to search for the virus file.

Step

Right-click on the files named "wmiprvsw" or "SONEBOT-B" and then select "Delete" to delete these files. Again, you don’t want to delete any files labeled "wmiprvse.exe" as these belong to the Windows Management Instrumentation and are vital to your operating system.

Step

Click "Start/Run," type "regedi.exe" and click "Run" to run the Registry Edit program on your computer.

Step

Browse through the HKEY files and delete any registry keys labeled "SONEBOT-B" or "wmiprvsw." If you delete any files or any registry keys that are vital to your operating system, or if going through this process doesn’t remove the wimprvse.exe virus, you will have to use the System Restore tool to restore your computer to a time before it was infected with the wimprvse.exe virus.