Security Tutorials

WMIC Tutorial

bp27.z01Today we will be discussing about how to check weather your computer is infected or not using manual methods, its not an foolproof method but I can find all non-sophisticated attacks by performing the below mentioned checks.

i will be doing all these checks using Windows based command line tool called WMIC(Windows Management Instrumentation Command-Line). windows has proper command line since 2000, that is fifteen years now and yet only few people knew about WMIC. Now its time to end the secrecy and unveil secrets of WMIC.

we can directly issue WMIC commands through command prompt

To start WMIC shell type WMIC in command line



To get help about the WMIC type /?


Most of the time malware writers save and run files from Local/Temp folders. These files will be running at startup.

To find startup processes in localsystem


To find all running processes

wmic process list full


To save list in an file

wmic process list full >> hello.csv


To get only require fields from process list

wmic process get processid, commandline >> process.csv

To get running services

wmic service list full | more


wmic service get name, processid, startmode, state, status, pathname >> service:csv

Leave a Reply

Your email address will not be published. Required fields are marked *