09-18-2012 11:28 AM
I used my laptop for the first time today within a month and about ten minutes after turning it on Norton told me it was processing a suspicious cloud 5 threat. It then went on to quarantine the file as high risk. The link to the file given was: c:\windows\softwaredistribution\download\0b0ae6ec8
After a search on Google I'm under the impression that this folder is linked to windows update. Am I correct? The last windows update done on this laptop would have been a month ago when it was last used. The programmes running during the ten minutes prior to this file detection were Google Chrome (Facebook only), Spotify and also Dropbox which was syncing.
My main reason for writing here is that I am a bit confused as to where this file came from. Is it something to be worried about or is it simply a false positive?
Thanks in advance.
09-18-2012 02:29 PM - edited 09-18-2012 02:47 PM
A false positive is a possibility. This was a detection based on a file's suspicious appearance, rather than a definitive signature that matched a known threat. I can't help but think that your virus definitions may have still been a month out of date from the long layoff, and that this might have had something to do with Norton choosing to go with a conviction due to uncertainty about the file. Had you updated your Norton virus definitions immediately after booting up from a month-long layoff? I would suggest running LiveUpdate repeatedly untill it reports no further available updates. Leave the file in Quarantine. Because this was a heuristics detection, a false positive should resolve itself automatically in a day or two based on updated signatures.
09-19-2012 12:57 PM
Thanks for the response. I don't think I'd updated it immediately. As soon as I saw the mention of the suspicious file I did a full scan of the laptop which would have been when it first updated. I just updated it again when I turned on.
I had wondered if it was something to do with dropbox as it was syncing at the time. However I guess it doesn't use the software distribution folder? As it's now been quarantined I assume it will be no harm to my laptop? I'm just about to start back at uni and could really do with it working well!