Adlice forum

Software feedback => RogueKiller => Topic started by: gamefan on August 29, 2015, 04:49:22 AM

Title: searchfilterhost.exe detected as a malicious process...false positive?
Post by: gamefan on August 29, 2015, 04:49:22 AM

Hello

i'd like to report a false posotive if possible

it seems rougekiller detected "searchfilterhost.exe" as a malicous process with the nokill status, I uploaded the exe file here

https://www.virustotal.com/en/file/7550c883c3cbcd846fda02609155bed002ed9479c2d066c966d119a46db11ace/analysis/1440812540/

and just in case, every file with tha named on my pc uploaded into a compressed folder here

https://www.virustotal.com/en/file/a87907657d6f6a2c26d74e83bd8b7736d6eedec7d03555d12c251dbc3f95c2a8/analysis/1440816385/

I didn't finish the scan because I  panicked so I can't provide a log but I did run a search for an image on my pc earlier so maybe that's what happened? it didn't show up again and re-ran the prescan several times and once after rebooting my pc, the process didn't show up again, and it didn't detect anything else. Mbam, Avast, Hitman, JRT, and Adwcleaner didn't detect anything either

am I good?

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: gamefan on August 29, 2015, 07:15:42 AM

also the location of the exe was in C:\Windows\System32

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: Curson on August 31, 2015, 01:29:46 PM

Hi gamefan,

This is certainly a false positive. However, without a logfile, we wont be able to whitelist it.
Could you please relaunch RogueKiller with the -nokill switch (RogueKiller will not delete the file unless you instruct it) and copy/paste the report in your next post ?

Regards.

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: gamefan on August 31, 2015, 11:49:50 PM

Does any of this help?

If not can you tell me exactly how to run -nokill on Roguekiller?

I just type in the cmd: RogueKiller.exe -scan -params -nokill

right? Thats what I did

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: Curson on September 01, 2015, 01:10:52 PM

Hi gamefan,

RogueKiller was correctly launched.
Unfortunately, searchfilterhost.exe was not detected.

Quote

¤¤¤ Processes : 0 ¤¤¤

Could you please redo a scan when this process is running ?

Regards.

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: gamefan on September 01, 2015, 01:33:53 PM

The problem is it's been a while since Rougekiller even caught it because it seems like it doesn't run that long, can I safely ignore it and continue my normal business including plugging in usb drives and backing my stuff up until Roguekiller catches the false postivie again? I don't know how to keep it running.

https://adlice.freshdesk.com/support/tickets/62

I had this ticket open and does this help any?

I just want to know for the moment is it safe to update my backups and stuff later tonight or tomorrow without worrying about that thing?

Title: Re: searchfilterhost.exe detected as a malicious process...false positive?
Post by: Curson on September 02, 2015, 12:55:02 AM

Hi gamefan,

I was not aware of the ticket. I'm positive Tigzy is right.
Yes, you can safely ignore it.

Regards.