Skip to main content

Notice

Please note that most of the software linked on this forum is likely to be safe to use. If you are unsure, feel free to ask in the relevant topics, or send a private message to an administrator or moderator. To help curb the problems of false positives, or in the event that you do find actual malware, you can contribute through the article linked here.
Topic: WASAPIHost32.exe cited as being MALWARE (Read 1835 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

WASAPIHost32.exe cited as being MALWARE

Last few days HitmanPro 3.7.20 build 286 (64bit) here has been quarantining <WASAPIHost32.exe> on a 64bit W10Pro citing  MALWARE (but otherwise being unspecific). Submission to VirusTotal shows only 2/61 sites agreeing on it being or possibly being an issue. Despite hitting the restore button in HMP (therefore getting back my normal use of FB2K) I find that a subsequent reboot got HMP to silently delete WASAPIHost32.exe thereby destroying my normal use of the non-portable version of foobah2000 v1.3.16.

Two vectors seem reasonable:

a) get my 64bit system to use only the <WASAPIHost64.exe> AOT this apparently problematic Host32 version.

b) get the authors of HMP to stop citing the file as being malware... always assuming it isn't ACTUALLY malware:-/

Would a now necessary installation or reinstallation of FB2K using the portable flavour get around this issue?

PostEdit: added version detail and portable stuff

Re: WASAPIHost32.exe cited as being MALWARE

Reply #1
Quote from: p i r a n on
Last few days HitmanPro 3.7.20 build 286 (64bit) here has been quarantining <WASAPIHost32.exe> on a 64bit W10Pro citing  MALWARE (but otherwise being unspecific). Submission to VirusTotal shows only 2/61 sites agreeing on it being or possibly being an issue. Despite hitting the restore button in HMP (therefore getting back my normal use of FB2K) I find that a subsequent reboot got HMP to silently delete WASAPIHost32.exe thereby destroying my normal use of the non-portable version of foobah2000 v1.3.16.

Two vectors seem reasonable:

a) get my 64bit system to use only the <WASAPIHost64.exe> AOT this apparently problematic Host32 version.

b) get the authors of HMP to stop citing the file as being malware... always assuming it isn't ACTUALLY malware:-/

Would a now necessary installation or reinstallation of FB2K using the portable flavour get around this issue?

PostEdit: added version detail and portable stuff

You need to report a false positive to the developer of HitmanPro.

Re: WASAPIHost32.exe cited as being MALWARE

Reply #2
>>You need to report a false positive to the developer of HitmanPro.
Unsafe... I do not know that this issue is a false positive. Nothing else here uses WASAPIHost32.exe.

I felt it safer to advise the developer of the WASAPI module of the issue and allow that, more qualified, person to liaise (if necessary) with HMP. Yes, I am inclined to believe that it is a false positive but cannot declare it thus as I have no other proof than a unqualified gut feeling. Also there may be other ways around this.

Lurking elsewhere this file has previously been problematic with a different a/v suite.

I have a 64bit OS installed. There is a co-located 64bit file next to the problematic 32bit file. Ditching the 32bit and taking up the 64bit one might be preferable... if a 64bit model actually exists?

It may only be me using HMP, bit-perfect NAIM DAC stuff and FB2K having this issue. The clamour hasn't exactly been a clamour. So, not exactly a mainstream deal for HMP as opposed to raising this here for the developer... if you get my drift.

Re: WASAPIHost32.exe cited as being MALWARE

Reply #3
Quote from: p i r a n on
>>You need to report a false positive to the developer of HitmanPro.
Unsafe... I do not know that this issue is a false positive. Nothing else here uses WASAPIHost32.exe.

I felt it safer to advise the developer of the WASAPI module of the issue and allow that, more qualified, person to liaise (if necessary) with HMP. Yes, I am inclined to believe that it is a false positive but cannot declare it thus as I have no other proof than a unqualified gut feeling. Also there may be other ways around this.

Lurking elsewhere this file has previously been problematic with a different a/v suite.

I have a 64bit OS installed. There is a co-located 64bit file next to the problematic 32bit file. Ditching the 32bit and taking up the 64bit one might be preferable... if a 64bit model actually exists?

It may only be me using HMP, bit-perfect NAIM DAC stuff and FB2K having this issue. The clamour hasn't exactly been a clamour. So, not exactly a mainstream deal for HMP as opposed to raising this here for the developer... if you get my drift.

It is safe.  I'm using Avast and haven't gotten any warnings about this at all.

1. You report a false positive.
2. It gets sent to their lab to analyze.
3. If nothing bad is found they'll let you know.  Just like if something bad is found they'll let you know.

At least that's how it works with my anti-virus.

Re: WASAPIHost32.exe cited as being MALWARE

Reply #4
As Chibisteven said, you don't need to know if something is malicious or not. You report the AV vendor a suspected false positive and they will then manually check the submission. If your file is from the official component site you can be sure it's not malicious.

The earlier problems with WASAPI component have been related to silly security programs disliking a program launching another program.

Since you are on a 64-bit OS you are actually using the 64-bit WASAPI host process. But you can't remove the 32-bit host process or the component refuses to load. You could replace the 32-bit host exe with a copy of the 64-bit exe and keep things working as long as you don't try it on a 32-bit system. But it would be better to report all false positives to prevent other users from getting scared unnecessarily.

Re: WASAPIHost32.exe cited as being MALWARE

Reply #5
Thank you for that perfectly acceptable workaround, FB2K is now working. No danger of running it on a 32bit box ...the only one around here is a truly ancient air-gapped w2kpro P3B-F still running a venerable SCSI flatbed scanner in fine dusty cobwebbed isolation:-)

The HMP back reporting (aka false positive) process is semi-automatic - a click button affair but it looks like it's only available while in the quarantine/restore phase. I've never seen HMP do what it did (delete the file outright during boot up) and so cannot yet comply.

My current machine is brand new - built externally. I've built all my own stuff for decades but lack of time drove the external build, so a possible malware or even root kit was in the back of my mind. To address both outstanding points I will fire up the retired machine which still has FB2K and a licensed copy of HMP resident and should replicate the overall issue. Always assuming that the promised 'cloud' (someone else's computer network) at HMP hasn't already addressed the apparent false positive. Leave it with me and I'll report back.

PostEdit: typos
 

Re: WASAPIHost32.exe cited as being MALWARE

Reply #6
>>Leave it with me and I'll report back.

* that copy & renaming workaround has remained good

* as a workaround I can additionally suggest adopting the use of the portable FB2K implementation (no problematic '32' or '64' file) -- FB2K now installed to my portable password media so I don't have to work at any further re-installation and eyeballing configuration settings across again

* have tagged the apparently problematic '32'bit file with HMP as being possibly/probably safe -- apparently the red flag arises from their assessment that it is supplied by an individual and not a 'normal' programme (go figure) -- also some declaration that it encloses a password cited as being 'unsafe' (once again go figure) -- in due course they may resolve -- my inclination is to adopt either of the above workarounds and get on with a life

...cheers