Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast removing SearchProtocolHost.exe from sysWOW64 folder?


  • Please log in to reply
3 replies to this topic

#1 saluqi

saluqi

  • Members
  • 600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:02:43 PM

Posted 08 May 2018 - 08:34 PM

My desktop computer (Dell XPS 8700, running Windows 10 Pro 64 bit, version 1709, using Avast Premier AV) just finished installing the Tuesday night update (including cumulative update KB4103727 but NOT the April features update to version 1803, which has not yet come my way).  I then got a notification from Avast that it had detected a "threat" named SearchProtocolHost.exe in the sysWOW64 folder.  I sent it to the virus chest.

 

Then I looked up SearchProtocolHost.exe and found it is a normal part of Windows 10, at least when found in the system32 folder.  So I went back and looked.  In the system32 folder is a copy of SearchProtocolHost.exe along with a number of other apparently related files.  In the sysWOW64 folder all those other search-protocol related files are present, but the SearchProtocolHost.exe has been removed (to the Avast Virus Chest).

 

Question arising, is this a mistake, and should I restore the file to the sysWOW64 folder?

 

Further question (department of idle curiosity): if that copy does belong in sysWOW64, and I neglected to restore it, would it be restored anyway in the next Windows Cumulative Update?

 

I suppose it quite possible that the 32 bit and the 64 bit versions of this file could be different.  I dimly remember that back in the heroic days we had a little utility that would compare two files, byte by byte, and tell you whether or not they were identical (and if not, what was different).  Is anything like that still around?

 

I know that's ancient history.  From those long-ago pre-Photoshop days, I also remember byte-editing photo images, pixel by pixel.  Not nearly as hard as you might think, because you quickly develop an eye for patterns across a page of hex notation.  Easy to fix small blemishes that way.  For the rest, I prefer Photoshop (or IrfanView <G>).

 

Many thanks!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 08 May 2018 - 08:41 PM

The detection(s) is most likely a false positive. Get a second opinion...submit it to one of the online services that analyzes suspicious files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 saluqi

saluqi
  • Topic Starter

  • Members
  • 600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:02:43 PM

Posted 09 May 2018 - 03:31 PM

Thanks, I'll do that.  FWIW I was also thinking it might probably be a false positive.

 

In the meantime my Dell laptop (also running Avast Premier) has had the same update, with no notification from Avast about the file in question.  A file by that name is present in the system32 folder, and also in the sysWOW64 folder.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:43 PM

Posted 09 May 2018 - 03:44 PM

It was probably a database update not a product/version which fixed the detection.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users