Same type of thing here. 2 hosts on a network I've been brought in to look after report in on c:\windows\system32\Sihost.exe and a DLL in C:\windows\syswow64 Fsecure seems to detect and block, but doesn't seem to take the process any further, so some days I'll get a flurry of reports, on others, maybe I won't get any. What to do to take the cleaning process to actually rooting this thing out--if an infection-- or determining if it's safe and simply allowing it? Begin Paste-- F-Secure Protection Service for Business has identified the following security incidents: Time|Account|Host|Infection|Ac tion|Type|Infected Object|Infected Object SHA1 Mon, 21 January 2019 16:50:33 UTC|Khorshidi Law Firm, APC|PC||Blocked|infectionalert .type.7|C:\Windows\System32\ sihost.exe| --End Paste That's all for now. Thanks!
... View more