How to Remove the Wmiprvse.EXE Virus
The wmiprvse.exe virus has two possible ways of appearing on your computer. One is a more obvious wmiprvsw.exe and the other is a worm that appears as the standard wmiprvse.exe process and is also known as SONEBOT-B. In either case, removing the wmiprvse.exe without using antivirus software is not very difficult and can be done without causing any harm to your computer. If you do make a mistake and end processes that are vital to your computer or remove registry keys that are vital, the System Restore tool will act as a safety net.
Things You'll Need
- External hard drive
- Thumb drive
Back up any files, pictures, videos or other data that you wouldn't want to lose if your computer crashed completely. Store these files on an external thumb drive or hard drive that will not be affected by the computer's crashing.
Restart the computer in Safe Mode before you proceed. This will run only the most basic of computer programs on your computer but will still run the wmiprvse.exe virus.
Press "Ctrl + Alt + Delete" on your computer keyboard and then select "Start Task Manager" to open the Task Manager.
Click on the "Process" tab and locate the wmiprvse.exe, wmiprvsw.exe or SONEBOT-B.exe processes on the list of processes.
Right-click on the wmiprvsw.exe or SONEBOT-B.exe process and then select "End Process" to stop the process entirely. Note that if you have the SONEBOT-B version of the virus, you will either have both the wmiprvse.exe process and the SONEBOT-B.exe process or just the wmiprvse.exe process. If the wmiprvse.exe process is the only one showing up on your screen, then skip this step. You do not want to stop wmiprvse.exe because it belongs to the Windows Management Instrumentation and is a vital process to your operating system working correctly. If you do end this process, you'll have to restart your computer before continuing.
Click "Start" and type "SONEBOT-B" or "wmiprvsw" into the search bar, then press "Enter" to search for the virus file.
Right-click on the files named "wmiprvsw" or "SONEBOT-B" and then select "Delete" to delete these files. Again, you don't want to delete any files labeled "wmiprvse.exe" as these belong to the Windows Management Instrumentation and are vital to your operating system.
Click "Start/Run," type "regedi.exe" and click "Run" to run the Registry Edit program on your computer.
Browse through the HKEY files and delete any registry keys labeled "SONEBOT-B" or "wmiprvsw." If you delete any files or any registry keys that are vital to your operating system, or if going through this process doesn't remove the wimprvse.exe virus, you will have to use the System Restore tool to restore your computer to a time before it was infected with the wimprvse.exe virus.