Virus reported in WMI Explorer

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
trwood
Posts: 14
Last visit: Tue Jan 31, 2023 7:10 pm

Virus reported in WMI Explorer

Post by trwood »

To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build: WMI Explorer Version 2.2.76
64 bit version of product:
Operating system:
Windows 7 fully patched
64 bit OS:

*** Please add details and screenshots as needed below. ***
Microsoft Security Essentials is reporting multiple instances of a trojan following install.

MSE Version details
Antimalware Client Version: 4.10.209.0
Engine Version: 1.1.14600.4
Antivirus definition: 1.263.494.0
Antispyware definition: 1.263.494.0
Network Inspection System Engine Version: 2.1.14202.0
Network Inspection System Definition Version: 118.5.0.0
2018-03-19 14_09_08-Microsoft Security Essentials.png
2018-03-19 14_09_08-Microsoft Security Essentials.png (158.74 KiB) Viewed 18941 times
User avatar
Alexander Riedel
Posts: 8575
Last visit: Sat Nov 02, 2024 12:15 pm
Answers: 23
Been upvoted: 42 times

Re: Virus reported in WMI Explorer

Post by Alexander Riedel »

The file indicated is a WMI cache file, which is generated on your computer and not shipped with the product.
I am quite certain it is a false positive, since the file is not really executable in any way.
It is a text file, you can open those files in any editor to check, they contain information about the WMI class with some partial HTML around it for display purposes.
Since this occurs on your machine, I would suggest to submit the file to Microsoft for verification:
https://www.microsoft.com/en-us/wdsi/filesubmission
just to be on the safe side.
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
Alexander Riedel
Posts: 8575
Last visit: Sat Nov 02, 2024 12:15 pm
Answers: 23
Been upvoted: 42 times

Re: Virus reported in WMI Explorer

Post by Alexander Riedel »

no malware.png
no malware.png (28.89 KiB) Viewed 18920 times
Alexander Riedel
SAPIEN Technologies, Inc.
User avatar
trwood
Posts: 14
Last visit: Tue Jan 31, 2023 7:10 pm

Re: Virus reported in WMI Explorer

Post by trwood »

Thanks Alexander.
After sending the report, I looked a bit deeper and realised as you pointed out, the file is a local one.
I will submit to MS today.
Thanks for the prompt response.
Tom
This topic is 6 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.