Adlice forum
Software feedback => RogueKiller => Topic started by: Kryss1621 on August 12, 2016, 03:36:47 PM
-
Greetings,
As said, my last Roguekiller scan detected a Proc.RunPE in C:\Windows\System32\SearchFilterHost.exe
I don't know if it's a false positive, but since that exe is in System32 I don't think I can delete it like that so ...
Here are the reports, in txt and json.
Thanks in advance for the help.
-
Hi Kryss,
This detection is likely a false positive.
Please follow the following process :
- Download Process Explorer (http://live.sysinternals.com/procexp.exe) and save it to your desktop.
- Click on the setup file (procexp.exe) and select Run as Administrator to start the tool.
- Locate the process named SearchFilterHost.exe, right click select Create Dump > Create Full Dump...
- Save the dump on your desktop, compress it and upload it on Google Drive/Dropbox.
- Share the link in your next reply.
- Please zip the following file and upload it as well : C:\Windows\System32\SearchFilterHost.exe
Regards.
-
Thanks, here are the links.
-
-
I did two new scans just to be sure. The first one didn't find anything, and the second did find rundll32.exe as a Proc.RunPE, once again.
Here is the link for the reports. I couldn't find it on procexp however.
-
-
Hi Kryss,
Thanks for the files. This is a confirmed false positive.
We will fix this as soon as possible.
Regards.
-
That's reassuring, thanks for the help.
Regards.
-
Hi Kryss,
You are welcome.
Regards.