searchfilterhost.exe [Resolved]

Today, every PC I have (all Vista 32bit) are flagging “searchfilterhost.exe” and a virus. CIS will not remove it, and ignores my request to “ignore it”. Therefore the warning windows keeps repeatedly popping up. Anyone else getting this today?

Vista x64, same problem, recognized as Virus.DOS32.Voronezh.hep

I’m running Windows XP and the same thing happened.

VIRUS.DOS32.AMALTHEA.CHY

Is it a false positive or is it possible that someone could be doing it on purpose

I think it has to be a FP.

Ye it is its only started since I updated to VDB 402

Same here vista basic had me wondering (:SAD)

I just got the same false positive. I think the program in question is Windows Search 4.0.

Somehow it just caused my pc to crash with alot of those repeat messages that it needs to restart the pc to fix virus which i constantly clicked no to.

vista x64 ultimate here. detected in the winsxs folder as “Virus.DOS32.Amalthea.chy@798860”. My CIS removed it. it might not be a fp, cause i wasn’t even using that program and i was folding@home and then i got a message that said it was a virus.

Yes confirmed as well Vista hp 64 virus is DOS32.Voronezh.hep[ at ]798860
Friend has different Virus he will post soon.
Kevin

Windows home premium 64 here, i got “TrojWare.Win32.Spy.Banker.~AAJ[ at ]798860” in same file

Chris.

p.s there you go kevin i posted…

EDIT: Just found virus.DOS32.Voronezh.hep on my windows XP computer aswell

Vista Ultimate SP1 x86, 1 infection in C:\winsxs.… and one in C:\Windows\System32\SearchFilterHost.exe
Both reported as Virus.DOS32.Lesson_II.bfz@798860.

Running CIS RC1 and TF here.

Hi,

Today, after booting up my computer I am also getting this alert about Voronezh.hep@798860. I then did a scan of critical areas and the results returned seven entries. Trying to remove, quarantine or ignore them doesn’t work.

Are these false positives? If they are how can I get CIS to stop the alerts?

(Running Vista Premium SP1, fully updated, CIS RC1)

Yep it is Windows Search.

I’ve looked for it by typing in the address bar C:\windows\system 32\searchfilterhost.exe but it says it can’t be found. So I think CIS deleted it.
PC running ok without it though, Windows Search works fine still.

Vista Home Premium x64 and this is the content of my report:

Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_a1ff6dbea6fc070e\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_a1ff6dbea6fc070e\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe

I am using Windows Vista Ultimate, 32 bit and am having the same problem. Virus.Dos32.Voronezh.hep[ at ]798860 is being dected with an Invalid Date Time in SearchFilterHost.exe in both the System32 folder and at C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe. I have tried to submit the folder to Comodo but am unable to do so. The status of the files indicate “Success”, but I keep getting prompted to restart Window to complete the removal process. When I restart Comodo indicates that is is unable to remove all of the malware.

Also, and this may be totally unrelated, but everytime I click on “Check For Updates” under Miscellaneous, CIS indicates that their are updates available despite the fact that mere moments before I have completed an update.

Thanks for reporting clocks. It was a FP and it was fixed in the latest updates. Everyone please check and get back to us.

Regards,
Baskar.

Ok, I had the same problem. When I get back to my VM I’ll check…

It’s fixed now. Thanks.

Just completed a scan and CIS is now reporting no threats.

Thanks for the fix and your speedy response.