searchfilterhost.exe [Resolved]

clocks · October 11, 2008, 8:39pm

Today, every PC I have (all Vista 32bit) are flagging “searchfilterhost.exe” and a virus. CIS will not remove it, and ignores my request to “ignore it”. Therefore the warning windows keeps repeatedly popping up. Anyone else getting this today?

BlackNeo · October 11, 2008, 9:09pm

Vista x64, same problem, recognized as Virus.DOS32.Voronezh.hep

antbates1991 · October 11, 2008, 9:10pm

I’m running Windows XP and the same thing happened.

VIRUS.DOS32.AMALTHEA.CHY

Is it a false positive or is it possible that someone could be doing it on purpose

clocks · October 11, 2008, 9:20pm

I think it has to be a FP.

antbates1991 · October 11, 2008, 9:34pm

Ye it is its only started since I updated to VDB 402

casualgamer · October 11, 2008, 9:39pm

Same here vista basic had me wondering (:SAD)

BTJustice · October 12, 2008, 12:04am

I just got the same false positive. I think the program in question is Windows Search 4.0.

casualgamer · October 12, 2008, 1:26am

Somehow it just caused my pc to crash with alot of those repeat messages that it needs to restart the pc to fix virus which i constantly clicked no to.

HarmonicShadow · October 12, 2008, 2:05am

vista x64 ultimate here. detected in the winsxs folder as “Virus.DOS32.Amalthea.chy@798860”. My CIS removed it. it might not be a fp, cause i wasn’t even using that program and i was folding@home and then i got a message that said it was a virus.

zoszos · October 12, 2008, 6:44am

Yes confirmed as well Vista hp 64 virus is DOS32.Voronezh.hep[ at ]798860
Friend has different Virus he will post soon.
Kevin

Jungleman · October 12, 2008, 6:47am

Windows home premium 64 here, i got “TrojWare.Win32.Spy.Banker.~AAJ[ at ]798860” in same file

Chris.

p.s there you go kevin i posted…

EDIT: Just found virus.DOS32.Voronezh.hep on my windows XP computer aswell

Jern · October 12, 2008, 9:11am

Vista Ultimate SP1 x86, 1 infection in C:\winsxs.… and one in C:\Windows\System32\SearchFilterHost.exe
Both reported as Virus.DOS32.Lesson_II.bfz@798860.

Running CIS RC1 and TF here.

Casey · October 12, 2008, 10:24am

Hi,

Today, after booting up my computer I am also getting this alert about Voronezh.hep@798860. I then did a scan of critical areas and the results returned seven entries. Trying to remove, quarantine or ignore them doesn’t work.

Are these false positives? If they are how can I get CIS to stop the alerts?

(Running Vista Premium SP1, fully updated, CIS RC1)

antbates1991 · October 12, 2008, 11:40am

Yep it is Windows Search.

I’ve looked for it by typing in the address bar C:\windows\system 32\searchfilterhost.exe but it says it can’t be found. So I think CIS deleted it.
PC running ok without it though, Windows Search works fine still.

hecia13 · October 12, 2008, 12:56pm

Vista Home Premium x64 and this is the content of my report:

Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_a1ff6dbea6fc070e\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_a1ff6dbea6fc070e\SearchFilterHost.exe
Virus.DOS32.Voronezh.hep@798860 C:\Windows\SysWOW64\SearchFilterHost.exe

GUU · October 12, 2008, 7:09pm

I am using Windows Vista Ultimate, 32 bit and am having the same problem. Virus.Dos32.Voronezh.hep[ at ]798860 is being dected with an Invalid Date Time in SearchFilterHost.exe in both the System32 folder and at C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\SearchFilterHost.exe. I have tried to submit the folder to Comodo but am unable to do so. The status of the files indicate “Success”, but I keep getting prompted to restart Window to complete the removal process. When I restart Comodo indicates that is is unable to remove all of the malware.

Also, and this may be totally unrelated, but everytime I click on “Check For Updates” under Miscellaneous, CIS indicates that their are updates available despite the fact that mere moments before I have completed an update.

Baskar · October 12, 2008, 9:03pm

Thanks for reporting clocks. It was a FP and it was fixed in the latest updates. Everyone please check and get back to us.

Regards,
Baskar.

jeremysbost · October 12, 2008, 9:25pm

Ok, I had the same problem. When I get back to my VM I’ll check…

BlackNeo · October 12, 2008, 9:45pm

It’s fixed now. Thanks.

GUU · October 12, 2008, 11:09pm

Just completed a scan and CIS is now reporting no threats.

Thanks for the fix and your speedy response.