Using CIS RC1 and it hiccupped on searchfilterhost.exe telling it is Virus.DOS32.Amalhtea.chy[ at ]798860. The searchfilterhost.exe is in c:\windows\system32\ and it is a Miicrosoft file.
The AV log also tells the date of the file is "Invalid Date\Time) .This The virus database is 401. The properties of the file tell it is made 2 August 2008, 20:40:29 and changed 27 May 2008, 7:17:55. That looks contradictory.
I told CIS to ignore the file.
I am on Vista 32 SP1 with the following (security) programs:
Peer Guardian 2
A squared free 3.5 (a2service is running)
Supser Antispwyare free
Malwarebytes antispwyare free
Spywareblaster
Perfect Disk defragmenter.
Speedfan
I just see somebody reported it as well befroe me and other folks have confirmed. Please mods merge my findings with that thread.
There are some malware here around peer to peer networks… The malware is disguised as a song/movie with the name of a popular artist… when you choose the download the infected file, some antivirus will intercept this… NOD32 antivirus calls it, trojan.wma.downloader… this trojan user searchfilter host protocol (windows seach 4.0) and searches all your harddrives for music and infects the songs and so it copies it self… and is settles itself in your sharing folder so other peer to peer downloader also getting infected… (:WIN)
I believe that what I am telling here has something to do with that * strange* behavior you are experiencing…
I just got what I think is a false-positive on searchfilterhost.exe in both
windows/system32 and windows/winsxs.
When scanned with Avira, it didn’t flag them.
(I trust Avira over comodo at the moment).
This thread confrims, for me at least, that comodo gave a false result.
tried sending it as an admin but it won’t let me open the file, saying I do not have enough permission… Then I tried opening with the full-admin account and it still says the same thing…
