That would be a False Positive !
Have a look here:
/procexp.exe was found today for the first time during an AVG A.S. full system scan. AS rated it as a High Risk Threat (Back door Trojan).
It was located in Docs & Settings/Sandy/My Documents.
I chose my normal setting for "Quarantine' & AS said couldn't quarantine as it was in an archive(not named) & then asked if should quarantine entire archive? I replied NO I then chose to "Delete".
AS responded: "Done".
I then ran a search of all files & folders and found procexp.exe listed as still in My Docs. I selected to delete it. It took about 4 mins to delete (very large).
Now I'm second guessing myself. I searched Google and found SysInternals had it listed in several locations but felt that if in Docs & Settings the danger level was only 1 (higher in sys32).
They describe it as a process monitor but not a Windows core file.
Some mention of protection of buffer overflow & browser hooks (hijacking) or host file protection. Real one has Verisign certificate but I didn't see it under properties of the .exe.
Search of Symantec knowledge base had no listing & unfortunately Castle Cops seemed to have a site outage at the time.
Just to be sure, I then ran a checkdisk/R and all seems OK.
Followed up w/ another AS full scan which came up clean.
The .exe properties had date in 2006. I wonder why at least 10 previous full AS scans (in 2007) didn't detect it?
False positive or maybe new detection def?
Now I wonder if it might have been an important element of Spybots Tea Timer/anti-hijack function or???
So I need opinions and should I try and find & replace it, since whole file is gone? Thanks for your thoughts.
Computer info in profile.