winmgmt.exe - Windows Management Scripts
The winmgmt.exe binary is a component of Windows Management Instrumentation (WMI), which is used by system administrators to create Windows management scripts. These might include, for example, scripts that manage user accounts on a server. This is a critical and mandatory component of the Windows OS, and should not be altered or tweaked in any way. Attempting to do so may result in an unbootable system.Terminating this process will simply result in another being started automatically by the system. If the process is terminated permanently, it will be impossible to use local System Information utilities (e.g. msinfo32.exe) since these rely on the WMI subsystem. Windows Management Instrumentation is a component of the Windows operating system that provides management information and control in an enterprise environment. This component was formerly known as Web-Based Enterprise Management (WBEM), and allows systems to be monitored and controlled remotely. Additional information on WMI is available from Microsoft.
Obviously this component is an obvious target for malware applications, since it makes use of networked communications to exchange information with central management consoles in an enterprise environment. Several variants of this file name have been used by viruses and other malware, including "winnmgnt.exe" and "WinMgmt.exe."
The legitimate copy of winmgmt.exe is found in the wbem directory under the system root, e.g. C:\windows\system32\wbem. This location may change in future releases of the OS. Note that in some Windows variants, the WMI will be run as a svchost.exe process instead, as documented at Microsoft's MSDN site.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.
windowshelp.net