Author Topic: searchfilterhost.exe detected as a malicious process...false positive?  (Read 7934 times)

0 Members and 1 Guest are viewing this topic.

August 29, 2015, 04:49:22 AM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Hello

i'd like to report a false posotive if possible

it seems rougekiller detected "searchfilterhost.exe" as a malicous process with the nokill status, I uploaded the exe file here

https://www.virustotal.com/en/file/7550c883c3cbcd846fda02609155bed002ed9479c2d066c966d119a46db11ace/analysis/1440812540/

and just in case, every file with tha named on my pc uploaded into a compressed folder here

https://www.virustotal.com/en/file/a87907657d6f6a2c26d74e83bd8b7736d6eedec7d03555d12c251dbc3f95c2a8/analysis/1440816385/

I didn't finish the scan because I  panicked so I can't provide a log but I did run a search for an image on my pc earlier so maybe that's what happened? it didn't show up again and re-ran the prescan several times and once after rebooting my pc, the process didn't show up again, and it didn't detect anything else. Mbam, Avast, Hitman, JRT, and Adwcleaner didn't detect anything either

am I good?

Reply #1August 29, 2015, 07:15:42 AM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #1 on: August 29, 2015, 07:15:42 AM »
also the location of the exe was in C:\Windows\System32

Reply #2August 31, 2015, 01:29:46 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #2 on: August 31, 2015, 01:29:46 PM »
Hi gamefan,

This is certainly a false positive. However, without a logfile, we wont be able to whitelist it.
Could you please relaunch RogueKiller with the -nokill switch (RogueKiller will not delete the file unless you instruct it) and copy/paste the report in your next post ?

Regards.

Reply #3August 31, 2015, 11:49:50 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #3 on: August 31, 2015, 11:49:50 PM »
Does any of this help?

If not can you tell me exactly how to run -nokill on Roguekiller?

I just type in the cmd: RogueKiller.exe -scan -params -nokill

right? Thats what I did

Reply #4September 01, 2015, 01:10:52 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #4 on: September 01, 2015, 01:10:52 PM »
Hi gamefan,

RogueKiller was correctly launched.
Unfortunately, searchfilterhost.exe was not detected.
Quote
¤¤¤ Processes : 0 ¤¤¤

Could you please redo a scan when this process is running ?

Regards.

Reply #5September 01, 2015, 01:33:53 PM

gamefan

  • Newbie

  • Offline
  • *

  • 23
  • Reputation:
    0
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #5 on: September 01, 2015, 01:33:53 PM »
The problem is it's been a while since Rougekiller even caught it because it seems like it doesn't run that long, can I safely ignore it and continue my normal business including plugging in usb drives and backing my stuff up until Roguekiller catches the false postivie again? I don't know how to keep it running.

https://adlice.freshdesk.com/support/tickets/62

I had this ticket open and does this help any?

I just want to know for the moment is it safe to update my backups and stuff later tonight or tomorrow without worrying about that thing?

Reply #6September 02, 2015, 12:55:02 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2812
  • Reputation:
    100
    • View Profile
Re: searchfilterhost.exe detected as a malicious process...false positive?
« Reply #6 on: September 02, 2015, 12:55:02 AM »
Hi gamefan,

I was not aware of the ticket. I'm positive Tigzy is right.
Yes, you can safely ignore it.

Regards.