How to remove the WinMgmt virus
Most antivirus programs identify WinMgmt.exe as malware, for instance Kaspersky identifies it as Backdoor.Win32.DsBot.jm or Packed.Win32.Black.a, and Microsoft identifies it as TrojanDropper:Win32/Hupigon.F or Trojan:Win32/Sisproc.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.
WinMgmt.exe file information
Description: WinMgmt.exe is located in the folder C:\Windows.
Known file sizes on Windows 7/XP are 59,392 bytes (66% of all occurrences) or 468,480 bytes.
There is no file information. The program has no visible window. The program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, C:\Windows\win.ini). WinMgmt.exe is not a Windows system file. It is an unknown file in the Windows folder. The software uses ports to connect to a LAN or the Internet. WinMgmt.exe is able to record inputs, hide itself and monitor applications. Therefore the technical security rating is 90% dangerous; however you should also read the users reviews.
Recommended: Identify WinMgmt.exe related errors
If WinMgmt.exe is located in a subfolder of "C:\Program Files", the security rating is 40% dangerous. The file size is 196,706 bytes. The program is not visible. The file is not a Windows system file.
If WinMgmt.exe is located in a subfolder of "C:\Program Files\Common Files", the security rating is 74% dangerous. The file size is 3,187,200 bytes. There is no description of the program. The program is not visible. The file is not a Windows system file. The process listens for or sends data on open ports to a LAN or the Internet. WinMgmt.exe is able to hide itself.
If WinMgmt.exe is located in the folder C:\Windows\System32, the security rating is 90% dangerous. The file size is 63,252 bytes.
External information from Paul Collins:
There are different files with the same name:
- "MMCWINMGMT" is not required to run at start up. Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
- "WinMgmt" is not required to run at start up. Used for Enterprise Management. If you are not an IT Administrator you don't need it to be running. Also runs from the PCHealth "scheduler" - refer here
Important: You should check the WinMgmt.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.
rahul shrotri (further information)
Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.
Malwarebytes Anti-Malware detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.
SpeedUpMyPC scans, cleans, repairs and optimizes your computer.
vrt2.tmp ctmodutl.exe taskinfo.exe WinMgmt.exe rpccm.exe ah_xmsaasupport.dll conf.dll wizard.dll emmadevicemgmt.exe phraseexpress.exe clntmgmt.sys [all]