In an era when the number of processor cores is aboutwill be over a hundred, and several dozens of RAM won't surprise anybody, few people remember about the “brakes” of a computer. However, sometimes the equipment itself reminds of this when a proven and tuned system suddenly starts to work incredibly slowly because of the processor load close to 100%.
Often this refers to the wmiprvse.exe process. What is it and what is it for? This is what we will discuss in this article.
Basic concepts
Let's start with the fact that this is a special systema process that is responsible for managing the connected external computer hardware (printer, for example). Some users who have seen it in the task manager immediately start to panic, thinking about the virus infection of the machine.
But this is a normal system process necessary for the stable functioning of many Windows operating system options. But do not immediately trust wmiprvse.exe. What does it mean?
Where should it be located?
The safety of this process can be consideredproven only if it is located in the "right" place. More precisely, "in the area" C: WindowsSystem32. If something similar in name is launched directly from the Windows root directory, the likelihood of a virus infection is high. So, Norton specialists point out that in most cases W32.SillyFDC or W32.Babelloh is disguised as such.
How to find out where the process starts from?
You might already notice what exactlythe location of the application being launched is important. To learn it, you should perform a few simple steps. First, press the "magic combination" Ctrl + Alt + Delete. There will be a task manager window in which we are interested in the "processes" tab. Look for wmiprvse.exe in it. What does this give us?
Щелкните по нему правой клавишей мыши, после чего Select Open Storage from the context menu. That's all. The folder where the process starts is opened. We are convinced of the authenticity of the application.
Why does the process overload the system?
It happens that the system begins to barely move astime because of wmiprvse.exe. What does it mean? Oddly enough, but the exact answer can not give even technical support from Microsoft. Users constantly describe the same type of situation: at first everything was fine, but then, for unknown reasons, the process began to load the processor by 99%.
This may be due to system updates orthe program on whose behalf this application is launched. Recall whether you have recently updated the driver to a printer or other peripheral device. If so, you should try using the old version. Often this helps, since the inadequate work of the process itself is often associated with errors in the final driver releases.
By the way, how to disable wmiprvse.exe? This is done as simply as possible: press the key combination Ctrl + Alt + Delete, after which the “Processes” tab is selected in the task manager. Find the “scoundrel” in the list that opens, right-click on it, and in the menu that appears, select the “End Process” item. Attention! If the processor is loaded 90% or more, all of these actions can take a lot of time.
Take your time and do not be nervous, as the Reboot button should be resorted to only as a last resort.
Viruses?
Yes, it may seem commonplace, but virusesalso act as a cause of processor overload. However, the fault is not in the wmiprvse.exe process itself, but in the malicious application that disguises itself.
To verify this, use the advice onthe definition of its normal location, which we gave above. If the result is positive (running from the root of the disk or from the Windows folder, not System32), you have to think about which program you will “smoke the infection”.
We recommend using domestic products.anti-virus companies: Dr.Web and Kaspersky Anti-Virus. This is due not only to their best direction against the threats that are most prevalent in Runet, but also to the fact that the manufacturers took care of the availability of normal Live-CD versions.
Important!Users report that it is very often the PUP.Adware.RelevantKnowledge virus, which until recently was not detected by antivirus software in normal mode, is to blame. He often got into the system due to the old version of Flash, and then replaced the normal system file. Because of this, for a long time the detection of this infection was very difficult.
By the way, in some cases, viruses successfully maskedfor system processes, but they are often issued by the fact that a second instance of the same application is suddenly found in the task manager. In this case, not so. If you see two wmiprvse at once, you should not immediately blame all the malware on malware. Microsoft technical support says that two of these processes can work simultaneously on the system if they are started by different services or some utilities.
In other cases…
What to do if wmiprvse.exe loads the processor "out of tune", but the virus is not? We'll have to be patient and methodically calculate the program on whose behalf it is launched. This is done easily, but the work is quite methodical and tedious.
Press the key combination Win + R, and thenEnter the MSConfig command in the input field that appears. We are interested in the "Startup" tab. Remove the flags from all programs except one (random), click on "OK". Agree to reboot.
After that, check how the process behaves.If everything is fine (or if there is none at all), repeat the whole procedure again, in “Startup”, including the following program. So do until the perpetrator of the overload will not be identified. After that, you should act on the situation. If the program is necessary, try installing a newer or older version. If not, it is better to remove it completely. As a rule, after this problem disappears.
If it is not a program
What to do if wmiprvse.exe (wmi provider host) does not depend on the programs, and disabling them does not give any results? In this case, it is time to take on the service. Again, click on Win + R, again enter the command. This time, go to the "Services" tab. All subsequent actions are similar to those about which we wrote above.
Also, do not be lazy to disconnect gadgets (ondesktop). User feedback shows that often the ill-fated process begins to load the computer just after installing some kind of weather application or something like that.
If you have not forgotten, wmiprvse.exe (what a process, we have already figured out) is responsible, including the plug-in peripherals. Try to turn off the printer, scanner and all available equipment, and then observe the developments.
Updates
Back in the beginning of the article we said thatproblems may start soon after some system update. If this is the case in your case, we recommend that you remove all the patches that have arrived, and then install them one at a time (by analogy with programs or services). That update, because of which the process starts to behave inadequately, must be removed again.
Important!If the process is standard, then in some cases it can occur and overload the processor when connecting some equipment (GPRS modem, for example) through the COM port. In this case, there is no need to panic and worry: if this effect is observed for a few seconds, then there is nothing wrong with that. However, you can try to replace the modem driver with a newer or older one. As we already said, in some cases it turns out to be quite effective.
Thus, it is quite realistic to cope with this problem, but this will take time and patience.
