Is the file WMI.VBS located on your computer? Then your computer is infected.
We do suggest you should remove WMI.VBS from your computer as soon as possible.
WMI.VBS is Trojan/Backdoor.
Kill the process WMI.VBS and remove WMI.VBS from the Windows startup.
Malware Analysis of WMI.VBS
Full path on a computer: %Common Appdata%\dxdiag\wmi.vbs
Detected by UnHackMe:
WMI.VBS
Default location: %Common Appdata%\dxdiag\wmi.vbs
Removal Results: Success
Number of reboot: 1
WMI.VBS is known as:
Trojan.Win32.Inject.kdfy
WMI.VBS hash:
- MD5: 86925cc5391d236289e20aaf5b022d73
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WMI.VBS presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dxdiag: “%Common Appdata%\dxdiag\wmi.vbs”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\wincrt: “%Appdata%\wincrt\wincrt.exe”
Folders:- %Appdata%\wincrt
- %Appdata%\wincrt\m_bin
- %Common Appdata%\dxdiag
Files:- %Appdata%\wincrt\mguid.dat
- %Appdata%\wincrt\m_bin\libcurl-4.dll
- %Appdata%\wincrt\m_bin\libwinpthread-1.dll
- %Appdata%\wincrt\m_bin\mservices.exe
- %Appdata%\wincrt\m_bin\zlib1.dll
- %Appdata%\wincrt\wincrt.exe
- %Common Appdata%\dxdiag\tmpc1.exe
- %Common Appdata%\dxdiag\wmi.exe
- %Common Appdata%\dxdiag\wmi.vbs