In an era when the number of processor cores is about to exceed one hundred, and dozens of RAMs do not surprise anyone, few people recall the "brakes" of a computer. However, sometimes the equipment itself reminds us of this when a tested and tuned system suddenly starts to work incredibly slowly due to CPU usage close to 100%.
This often refers to the wmiprvse.exe process. What is it and what is it for? We will talk about this in this article.
Basic concepts
To begin with, this is a special system process that is responsible for managing connected external computer equipment (a printer, for example). Some users who happen to see him in the task manager immediately start to panic, thinking about the virus infection of the machine.
But this is a normal system process necessary for the stable operation of many options of the Windows OS. But do not immediately trust wmiprvse.exe. What does it mean?
Where should it be located?
The safety of this process can be considered proven only if it is located in the "right" place. More precisely, "in the area" C: \ Windows \ System32. If something similar in name is launched directly from the Windows root directory, a virus infection is highly likely. Thus, Norton specialists indicate that in the vast majority of cases, this is how W32.SillyFDC or W32.Babelloh is masked.
How to find out where the process starts from?
You may already have noticed that it is the location of the application you are launching that matters. To find out, you need to perform a few simple steps. First, press the "magic combination" Ctrl + Alt + Delete. A task manager window will appear in which we are interested in the “processes” tab. Find wmiprvse.exe in it. What does this give us?
Right-click on it, and then select "Open Storage Location" in the context menu. That's all. This will open the folder where the process starts from. We verify the authenticity of the application.
What causes the process to overload the system?
It happens that the system begins to barely move just because of wmiprvse.exe. What does it mean? Oddly enough, they cannot give an exact answer even in Microsoft technical support. Users constantly describe the same type of situation: at first everything was fine, but then for unknown reasons, the process began to load the processor by 99%.
This may be due to updates to the system or the program itself, on behalf of which this application is launched. Remember if you recently updated the driver to a printer or other peripheral device. If so, then try using the old version. Often this helps, since the inadequate work of the process itself is often associated with errors in the final driver releases.
By the way, how to disable wmiprvse.exe? This is done as simple as possible: press the key combination Ctrl + Alt + Delete, after which the tab “Processes” is selected in the task manager . Find the "villain" in the list that opens, right-click on it, and in the menu that appears, select the "End the process" item. Attention! If the processor is 90% or more loaded, all these steps can take a very long time.
Take your time and don't be nervous, as you should resort to the Reboot button only in the most extreme case.
Viruses?
Yes, it may seem commonplace, but viruses also act as the cause of processor overload. However, the wmiprvse.exe process itself is not to blame in this case, but the malicious application that masquerades as it.
To verify this, use the advice on determining its normal location, which we gave above. If the result is positive (starting from the root of the disk or from the Windows folder, not System32), you have to think about which program you will “smoke out the infection”.
We recommend using the products of domestic anti-virus companies: Dr.Web and Kaspersky Anti-Virus. This is due not only to their best orientation against the threats that are most widespread on the Russian Internet, but also to the fact that manufacturers have taken care of the availability of normal Live-CD versions.
Important! Users report that the PUP.Adware.RelevantKnowledge virus is often to blame, which until recently had not been detected by antiviruses in normal mode. He often infiltrated the system due to the old version of Flash, and then replaced a normal system file. Due to this circumstance, the detection of this infection was very difficult for a long time.
By the way, in some cases, viruses are successfully disguised as system processes, but they are often issued by the fact that a second instance of the same application is suddenly found in the task manager. In this case, not so. If you see two wmiprvse at once, you should not blame all malware on it at once. Microsoft technical support says that these two processes can work simultaneously in the system if they are run by different services or some utilities.
In other cases…
What to do if wmiprvse.exe loads the processor “to the eyeballs”, but is not a virus? You will have to be patient and methodically calculate the program on behalf of which it is launched. This is done easily, but the work is quite methodical and tedious.
Press the key combination Win + R, and then in the appeared input field enter the command MSConfig. We are interested in the "Startup" tab. Uncheck all programs except one (random), click on "OK". Agree to reboot.
After that, check how the process behaves. If everything is normal (or if it does not exist at all), repeat the whole procedure again, in "Startup" including the following program. Do this until the culprit of the overload is identified. After that, you should act on the situation. If the program is needed, try installing a fresh or older version. If not, it is best to remove it completely. As a rule, after this the problem disappears.
If it's not about the programs
What to do if wmiprvse.exe (wmi provider host) does not depend on programs, and disabling them does not give any results at all? In this case, it is time to take up services. Click on Win + R again, enter the command again. This time, go to the Services tab. All subsequent actions are similar to those about which we wrote above.
In addition, do not be too lazy to turn off gadgets (on the desktop). User reviews show that often the ill-fated process begins to load the computer precisely after installing some weather application or something like that.
If you have not forgotten, wmiprvse.exe (which process we have already figured out) is also responsible for connected peripherals. Try turning off the printer, scanner, and all available equipment, and then observe the development of events.
Updates
At the beginning of the article, we said that such problems could begin immediately after some system update. If this happened in your case, we recommend that you remove all patches that arrived and then install them one at a time (similar to programs or services). That update, due to which the process begins to behave inappropriately, must be deleted again.
Important! If the process is standard, then in some cases it can occur and overload the processor when connecting some equipment (GPRS modem, for example) via the COM port. In this case, panic and worry are not particularly worth it: if such an effect is observed within a few seconds, then there is nothing wrong with that. However, you can try to replace the modem driver with a newer or older one. As we have already said, in some cases this proves to be quite effective.
Thus, it is quite possible to cope with this problem, but it will take time and patience.