Scammers and adware purveyors have long used the helpful nature of the internet to get more victims. In a world where the top search engines try their best to filter out the chaff, scammers still do their best to encourage victims to install unneeded and sometimes malicious software. They often succeed by using scare tactics and misleading information. My recent experience is an example and can serve as a warning to others.My computer was acting slow and funky, especially when using Microsoft Outlook. I rebooted it, and then I saw some previously unannounced Microsoft Office patches automatically applying. This has happened to me two or three other times before where my Microsoft Office apps locked up and ground to a halt because some patches were trying to apply themselves.After the patches applied, I ran Microsoft\u2019s free Process Explorer with the VirusTotal option enabled, as I always do after my computer is running slow or acting funky. This rules out malware, just in case my patch issue was a false-negative coincidence.Process Explorer runs every active executable\u2019s and process\u2019s hash result against Google\u2019s VirusTotal database and reports how many antivirus engines flag each instance as malicious. Most of the things running on your computer will report something like 0\/70, indicating that none of the 70 antivirus engines are finding what you report as malicious. That\u2019s great.Unfortunately, one or two antivirus engines will almost always report legitimate, non-malicious processes as malicious. In my long experience with running Process Explorer over thousands of computers, if what is reported is 1\/x or 2\/x, then it is always a false-positive report. Usually the false-positives are reported to these vendors and they fix their false finding within a day or two. You only need to worry if Process Explorer reports three or more antivirus engines as finding something malicious. Most malicious programs will be found by over a dozen antivirus engines.\u00a0In this scenario, when I ran Process Explorer, it came up with a few 1\/70 findings and a single 1\/67 finding.\u00a0I wasn\u2019t worried that any of them were malicious, but I am a little tired of seeing conhost.exe instances appearing in false-positive reports. Conhost can represent any program running in Windows command window environment. Although it\u2019s not exactly the case, I think of it as any program that wants to run in the older DOS prompt environment. MicrosoftProcess Explorer scan resultsI opened each reported conhost instance to learn more details. The first two were related to security software my company has installed to spy on me\u2026err\u2026I mean, to protect my workstation. The third, was related to an executable I wasn\u2019t at the time familiar with called pcdrwr.exe. MicrosoftThis conhost instance was related to an unfamiliar executableLike I do with any unknown, newly discovered executable, I Googled it. I got the first page results shown below: GoogleGoogle results for pcdrwi.exeIs it really malware?In the second-to-last search result, the words \u201cPCdrwi.exe is a hazardous and destructive Trojan infection\u2026\u201d caught my eye, so I clicked on it. It brought me to the PCThreatsKiller.com information warning page: PCThreatsKiller.comPCThreatsKiller.com warning for pcdrwi.exeThe page was full of very scary language and outcomes. In fact, I\u2019m surprised it didn\u2019t suggest that my eldest child would be stricken with the plague. Of course, they would be happy to have me download software they are promoting to get rid of the very dangerous malware: PCThreatsKiller.comPCThreatsKiller.com malware removal instructions\u00a0I have no idea if SpyHunter and Wipersoft anti-malware software are legitimate, or if they're adware or malicious programs. I just knew that I didn\u2019t need them. Luckily, I\u2019m experienced enough to realize that this site was giving me a whole lot of scare tactics without asking for a lot of detail. A malicious file name can be anything. I backed out and went to another Google result (see below), this time to one telling me it was a legitimate executable from Dell (I have a Dell laptop) called PC-Doctor, which I know Dell uses. MalwarebytesMalwarebytes information on pcdrwi.exeTo confirm that what I had was a legitimate PC-Doctor process and not a killer virus program, I used Process Explorer to look directly at the pcdrwri.exe process (see below). It revealed that the process was signed and running from the normal PC-Doctor file location and that the actual file\u2019s hash had been transmitted to VirusTotal and found clean (0\/71). This meant that the original conhost finding was definitely a false-positive and PCThreatsKiller.com\u2019s advice could be ignored. MicrosoftPC-Doctor is legitimateResearch both the malware and the malware rescue websiteAfter doing more research I found plenty of other legitimate files that PCThreatsKiller.com was reporting as malicious. After researching the veracity of PCThreatsKiller.com, I found dozens of warnings like this one to other users not to use the site or its software. Web of TrustForum comments on PCThreatsKiller.comThe posted reviews didn\u2019t surprise me. I don\u2019t know if PCThreatsKiller.com and the software it promotes is malicious. What I can tell you is that any site telling you something is or isn\u2019t good without giving other details to help corroborate the finding should raise a red flag. Malicious files can be named anything, and they often hide using legitimate file names. For PCThreatsKiller.com not to mention that pcdrwri.exe could possibly be PC-Doctor, and instead promote removal instructions or unnecessary software puts it in my forever not-going-to-use category.These types of sites have been around forever. I remember searching for legitimate drivers to fight some IT problem I was troubleshooting, and Google and Bing would bring up these adware driver sites that always seemed to have the exact driver I was searching for. Except that these were never the legitimate drivers. They were malware, spyware or adware programs. PCThreatsKiller, regardless of its actual fitness, brought back these same feelings.For years these types of sites proliferated across search engine results (called SEO poisoning). Both Microsoft and Alphabet have worked hard for years to lessen those potentially malicious or unnecessary bad results. It is a tough and losing battle. The bad (and less than helpful) stuff always leaks through.The lesson is that your co-workers and admins need to be educated about these types of sites, ones that appear to be super helpful but aren\u2019t as good as they first appear to be. If nothing else, any site claiming, by file name alone, that something is or isn\u2019t malicious, isn\u2019t worth a second of your time. It\u2019s bad advice no matter what, and could easily be adding to your problems. Do your research.