Jump to content

Process Hacker harmful or not harmful?


Recommended Posts

Hi, in the next post on the malwarebytes blog it says the following:

Quote

Some AV's flag Process Hacker as Riskware or Potentially Unwanted because it is able to terminate many processes including some that belong to security software. Malwarebytes does not detect Process Hacker as malicious or potentially unwanted

  • https://blog.malwarebytes.com/101/how-tos/2018/11/advanced-tools-process-hacker/
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 25/04/2020
Scan Time: 21:23
Log File: 256381f6-8754-11ea-b058-d0509972eb0c.json

-Software Information-
Version: 4.1.0.56
Components Version: 1.0.875
Update Package Version: 1.0.22958
Licence: Free

-System Information-
OS: Windows 10 (Build 18362.815)
CPU: x64
File System: NTFS
User: DESKTOP-7BNQ3VM\0

-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 343604
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 1 hr, 29 min, 43 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Generic.Malware/Suspicious, C:\PROGRAM FILES\PROCESS HACKER 2\X86\PROCESSHACKER.EXE, No Action By User, 0, 392686, 1.0.22958, , shuriken, 

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

So do I uninstall Process Hacker from my system because it represents a danger? Or does it pose no danger and is a false positive? I know it was used in the past to stop anti-virus software but I think the anti-virus companies will have already taken note of this and corrected that.

Thank you very much in advance.

Best regards.

 

 

Link to post
Share on other sites

Greetings,

That detection is from the new Shuriken heuristics engine, not a positive identification as actual malware.  It is an FP and I will ask that this thread be moved over to the FP forum.

In the meantime you can safely ignore the detection.

If there is anything else we might assist you with please let us know.

Thanks

Link to post
Share on other sites

This should be the file (attached).  I also went ahead and uploaded it to VT:

https://www.virustotal.com/gui/file/d4a0fe56316a2c45b9ba9ac1005363309a3edc7acf9e4df64d326a0ff273e80f/detection

I also validated the detection in Malwarebytes on my own rig:

	Malwarebytes
www.malwarebytes.com
	-Log Details-
Scan Date: 4/29/20
Scan Time: 3:04 PM
Log File: b362e05c-8a54-11ea-8a39-000000000000.json
	-Software Information-
Version: 4.1.0.56
Components Version: 1.0.889
Update Package Version: 1.0.23166
License: Premium
	-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Exile-PC2\Exile
	-Scan Summary-
Scan Type: Custom Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 3
Threats Detected: 2
Threats Quarantined: 0
Time Elapsed: 0 min, 18 sec
	-Scan Options-
Memory: Disabled
Startup: Disabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
	-Scan Details-
Process: 0
(No malicious items detected)
	Module: 0
(No malicious items detected)
	Registry Key: 0
(No malicious items detected)
	Registry Value: 0
(No malicious items detected)
	Registry Data: 0
(No malicious items detected)
	Data Stream: 0
(No malicious items detected)
	Folder: 0
(No malicious items detected)
	File: 2
Generic.Malware/Suspicious, C:\USERS\EXILE\DESKTOP\DOWNLOADS\PROCESSHACKER-2_39-SETUP\PROCESSHACKER,1.EXE, No Action By User, 0, 392686, 1.0.23166, , shuriken, 
Generic.Malware/Suspicious, C:\USERS\EXILE\DESKTOP\DOWNLOADS\PROCESSHACKER-2_39-SETUP\PROCESSHACKER.EXE, No Action By User, 0, 392686, 1.0.23166, , shuriken, 
	Physical Sector: 0
(No malicious items detected)
	WMI: 0
(No malicious items detected)
	
(end)

I had 2 copies because I actually extracted the installer rather than running it in order to get the file, but the detection appears identical as far as I can tell.

I got it here:

https://sourceforge.net/projects/processhacker/

ProcessHacker.rar

Edited by exile360
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.