- November 27, 2019 at 3:44 am
They don’t have the same path but all came from c:\users\gandalf\appdata\local\temp with parent process cleanmgr.exe
One method used by malware is a variable string in the otherwise qualified path, for example %appdata\local\temp\1337534k\dimhost.exe%, where 1337534k\ will always change. If this string changes, then VS will ping the call. As far as I’m concerned, any soft that uses this method–no matter how legitimate it says it is–is using malware methodology and will be kicked off my system.
You, as opposed to VS which is just doing its job, must make a decision based on faulty information, because you can never be completely sure that cleanmgr has not been compromised, or in fact that cleanmgr actually did call dimhost.
You could of course feedback to cleanmgr devs that you are unhappy and they should change their ways…
_________________________________Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]00