Process Explorer sanity check

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
103,146
Location
South Coast
Those running Process Explorer and have apps like STEAM installed, can you check something please? I'm 99.9% confident these are false positives because the agents used to detect them on virustotal are generic that often flag false positives but more for a curiosity and sanity check to see if others get the same results, thanks!

You'll probably need to enable the virustotal hash submission option in Process Explorer to see the column results.

wmkHiRB.png
 
Cheers, for ref the STEAM 3 it shows for me are this:


As you can see, generic no name tools that would otherwise be way too flagrant with detection rates lol.

And the same story with dasHost:

 
Last edited:
Same on my Windows 10 system - not sure why they are showing 0/75 instead of 3/73. Will check Steam is updated.
 
Just checked on latest version of Process Explorer and latest version of Steam. Dunno why there is a difference in Virus Total.
 
Unless the hashes vary then the results should be the same yeah. Although yours says out of 75 and mine 73 so the agent sources between both our process explorer submissions differ it seems.

How weird.
 
Unless the hashes vary then the results should be the same yeah. Although yours says out of 75 and mine 73 so the agent sources between both our process explorer submissions differ it seems.

How weird.

Ah we are using different system web browsers I guess - the hash for steamwebhelper.exe on mine is different and matches Firefox.

EDIT: Weird - on Windows 7 I get https://www.virustotal.com/gui/file...3437ba8567885b11aa84313a863a525a7ee/detection

EDIT2: Ah something weird there - just restarted my Windows 10 machine and it points back to the above link as well now instead of Firefox - I think there is a bug in Process Explorer of some kind.
 
Last edited:
Cheers, for ref the STEAM 3 it shows for me are this:


As you can see, generic no name tools that would otherwise be way too flagrant with detection rates lol.

And the same story with dasHost:


Unless Virus Total has changed since you posted that then the first link is for SABnzbd.exe not steamwebhelper.exe - this is my steamwebhelper.exe from Win 11 / standard Steam (no beta's enabled).

Perhaps the column sort on Process Explorer has messed up what Virus Total stats are being shown against each process.
 
Last edited:
Abort mission!

I think there's been some mixup with Process Explorer. I have been running an old version for years and only just updated to the latest 2022 version, so I think somewhere between updating, the hash check db cache has messed up and the page that loads on virustotal was for something else. I have manually right clicked and submitted to virustotal in the new version for the EXEs above and the results came back 0/75 - So now nothing is being flagged.

That solves that!

Edit*
I so use SABNzb though o was curious, I downloaded the latest installer from the official SAB site and scanned the installer on both Jotti and VirusTotal, VT flags two results, these are certainly fals positives because SAB uses Python as a component so I think the heuristics aren't smart enough in those agent scanners.

HHd7Qgw.png

Jotti's online scanner found nothing:
dCOMpV5.png

Related reading: https://forums.sabnzbd.org/viewtopic.php?t=25784
 
Last edited:
I think there's been some mixup with Process Explorer. I have been running an old version for years and only just updated to the latest 2022 version, so I think somewhere between updating, the hash check db cache has messed up and the page that loads on virustotal was for something else. I have manually right clicked and submitted to virustotal in the new version for the EXEs above and the results came back 0/75 - So now nothing is being flagged.

Personally think there is a bug with Process Explorer/Virus Total - I'm running the latest version and on my Windows 10 system clicking the entry in the Virus Total column for steamwebhelper.exe was taking me to the page for firefox.exe until I rebooted and loaded everything up again then it was correctly taking me to steamwebhelper.exe. Which initially made me erroneously wonder if steamwebhelper.exe was just a hooked/renamed browser component for whatever your system browser was.

For some reason was working correctly on my Windows 7 system though but maybe a random bug.
 
Last edited:
  • Like
Reactions: mrk
Back
Top Bottom