Process Explorer sanity check

mrk

mrk

mrk

Man of Honour
Joined
18 Oct 2002
Posts
103,156
Location
South Coast
Those running Process Explorer and have apps like STEAM installed, can you check something please? I'm 99.9% confident these are false positives because the agents used to detect them on virustotal are generic that often flag false positives but more for a curiosity and sanity check to see if others get the same results, thanks!

You'll probably need to enable the virustotal hash submission option in Process Explorer to see the column results.

wmkHiRB.png
 
Cheers, for ref the STEAM 3 it shows for me are this:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com

As you can see, generic no name tools that would otherwise be way too flagrant with detection rates lol.

And the same story with dasHost:

VirusTotal

VirusTotal
www.virustotal.com www.virustotal.com
 
Last edited:
Unless the hashes vary then the results should be the same yeah. Although yours says out of 75 and mine 73 so the agent sources between both our process explorer submissions differ it seems.

How weird.
 
Abort mission!

I think there's been some mixup with Process Explorer. I have been running an old version for years and only just updated to the latest 2022 version, so I think somewhere between updating, the hash check db cache has messed up and the page that loads on virustotal was for something else. I have manually right clicked and submitted to virustotal in the new version for the EXEs above and the results came back 0/75 - So now nothing is being flagged.

That solves that!

Edit*
I so use SABNzb though o was curious, I downloaded the latest installer from the official SAB site and scanned the installer on both Jotti and VirusTotal, VT flags two results, these are certainly fals positives because SAB uses Python as a component so I think the heuristics aren't smart enough in those agent scanners.

HHd7Qgw.png

Jotti's online scanner found nothing:
dCOMpV5.png

Related reading: https://forums.sabnzbd.org/viewtopic.php?t=25784
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom