Hey there hope everyone is having a good night. Need a little help with my computer. My friend the other day was downloading music on my computer, in the process he (I am assuming) downloaded a fake file which was a virus. Avast popped up and said searchhostprotocol.exe was blocked. Now i’m randomly seeing it in the task manager. Never saw it before and full scan ran clean… My system is definently showing lag compared to a few days prior to this happening…

Can anyone start me off on what to do next?
Is it normal to see the searchhostprotocol.exe in task manager? I also know its a legit system file

No, it would not be normal since this is related to a malware dropper.

I would suggest that you now try malwarebytes antimalware (MBAM).
You can get the free version at the link below.

http://www.malwarebytes.org/mbam.php

Download it, install it, update it, and then run a quick scan.

Thanks for the quick response, I started a full scan about 20 min before your response, should I just let it resume or switch to quick scan?

No, just let the full scan run.

Ok thanks, so far no infections. I sure can feel a problem, and thank you for assisting me

Malware Bytes log came up clean?? But Like I said there feels like a lag in my system… also the searchhostprotocol.exe appearing in task manager poses problems as said … What do I do?

Since you have a 32-bit OS, try a boot-time scan with Avast.

Alright will do

what about sas

@ Bigbear_0488,

Did your Avast boot-time scan come out clean? If not, please report the findings. Thank you. Also, please let us know how your machine is acting.

@ nsm0220, MBAM was already done so no need to run SAS. Thank you.

Sorry everyone I’m runnin the scan now, it was quite late last night.

System is slow responding, seems like everything is running slower. It was running slow enough for me to suspect malicous activity and catch this searchprotocol in my task manager… Its not always in processes it pops up and vanishes.

Just deleting the infected file that was in my downloads folder obviously was unsuccessful (It’s never that easy )
I’ll post findings when finished.

I have so far found 3 viruses infecting my java.
Makes sense because I forgot to mention that was loaded also, it has been popping up in my taskbar.

I’m on a secondary computer thats set up on the same desk.

A file in the system C:\windows\Installer. Its RKinstaller.exe
File seems dangerous reading threat experts and process reports.
Move to chest brought up file is in windows folder are you sure?
Do I move it? Just so I don’t mess my computer

Im still waiting for a response my scan is idle right now after pushing move to chest ERROR 42111 {The operation is not supported for this type of archive} This message is regarding the rkinstaller I attempted to move to chest came up with this message.
All other options available should I just delete?

EDIT: Delete brought up the same error message… Its still on that screen in case someone wants to notify me on what I should do

EDIT: There was nothing I could do but ignore the process. Repair did not work nor Delete or Move to chest. The Rkinstaller came up twice though two instances of its presence. After each one followed a PuP which was moved to chest.

Scan complete. This is the log and what was found and attempted… NOTE: Rkinstaller wasn’t removed and searchprotocolhost.exe still pops up… The RKInstaller when it was found nothing worked I was forced to ignore it.

I know that I do this a lot, but I’m going to suggest checking your boot hard drive (either the samsung or the WD, but my finger would be pointing at the WD).

If you’re not finding anything in scans, getting weird errors, and your system is extremely slow, it usually means that a hard drive is failing.

If you boot from the samsung, use these utilities to test it: http://www.samsung.com/global/business/hdd/support/utilities/Support_HUTIL.html (get the ISO file, burn to a CD with http://www.imgburn.com/index.php?act=download, then boot from that CD and follow directions).

If you boot from the WD: Download the data lifeguard utility from this site (after inputting info about what drive you have) http://support.wdc.com/product/download.asp?lang=en

The files that couldn’t be moved to the chest might be corrupt.

Or, a fix for SearchProtocolHost can be found on MS’s Technet. It is suggested to just disable the service.

http://social.technet.microsoft.com/Forums/en/itprovistaapps/thread/45da8050-dadc-427c-9c42-16ba57323c2f

Can I use a virtual drive to open the samsung disk checker?

Well, you could, but it would defeat the purpose.

The drive checking utilities run by themselves, in memory, so as not to lock any files on the hard drive.

That’s why you need to boot from the CD or floppy images, so the hard drives are free to be scanned fully.

ok thanks ill proceed to this step next and get back to you.