Using CIS RC1 and it hiccupped on searchfilterhost.exe telling it is Virus.DOS32.Amalhtea.chy[ at ]798860. The searchfilterhost.exe is in c:\windows\system32\ and it is a Miicrosoft file.
The AV log also tells the date of the file is "Invalid Date\Time) .This The virus database is 401. The properties of the file tell it is made 2 August 2008, 20:40:29 and changed 27 May 2008, 7:17:55. That looks contradictory.
I told CIS to ignore the file.
I am on Vista 32 SP1 with the following (security) programs:
Peer Guardian 2
A squared free 3.5 (a2service is running)
Supser Antispwyare free
Malwarebytes antispwyare free
Perfect Disk defragmenter.
I just see somebody reported it as well befroe me and other folks have confirmed. Please mods merge my findings with that thread.
There are some malware here around peer to peer networks… The malware is disguised as a song/movie with the name of a popular artist… when you choose the download the infected file, some antivirus will intercept this… NOD32 antivirus calls it, trojan.wma.downloader… this trojan user searchfilter host protocol (windows seach 4.0) and searches all your harddrives for music and infects the songs and so it copies it self… and is settles itself in your sharing folder so other peer to peer downloader also getting infected… (:WIN)
I believe that what I am telling here has something to do with that * strange* behavior you are experiencing…