Page 1 of 1

Virus reported in WMI Explorer

Posted: Sun Mar 18, 2018 8:29 pm
by trwood
To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build: WMI Explorer Version 2.2.76
64 bit version of product:
Operating system:
Windows 7 fully patched
64 bit OS:

*** Please add details and screenshots as needed below. ***
Microsoft Security Essentials is reporting multiple instances of a trojan following install.

MSE Version details
Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.14600.4
Antivirus definition: 1.263.494.0
Antispyware definition: 1.263.494.0
Network Inspection System Engine Version: 2.1.14202.0
Network Inspection System Definition Version: 118.5.0.0
2018-03-19 14_09_08-Microsoft Security Essentials.png
2018-03-19 14_09_08-Microsoft Security Essentials.png (158.74 KiB) Viewed 2912 times

Re: Virus reported in WMI Explorer

Posted: Sun Mar 18, 2018 9:27 pm
by Alexander Riedel
The file indicated is a WMI cache file, which is generated on your computer and not shipped with the product.
I am quite certain it is a false positive, since the file is not really executable in any way.
It is a text file, you can open those files in any editor to check, they contain information about the WMI class with some partial HTML around it for display purposes.
Since this occurs on your machine, I would suggest to submit the file to Microsoft for verification:
https://www.microsoft.com/en-us/wdsi/filesubmission
just to be on the safe side.

Re: Virus reported in WMI Explorer

Posted: Sun Mar 18, 2018 10:34 pm
by Alexander Riedel
no malware.png
no malware.png (28.89 KiB) Viewed 2891 times

Re: Virus reported in WMI Explorer

Posted: Mon Mar 19, 2018 2:44 pm
by trwood
Thanks Alexander.
After sending the report, I looked a bit deeper and realised as you pointed out, the file is a local one.
I will submit to MS today.
Thanks for the prompt response.
Tom