Not what you were looking for? Ask our experts!
Reply
Visitor
creathana
Posts: 2
Registered: ‎09-18-2012

Cause of "suspicious cloud 5" in software distribution downloads folder.

Hi,

I used my laptop for the first time today within a month and about ten minutes after turning it on Norton told me it was processing a suspicious cloud 5 threat. It then went on to quarantine the file as high risk. The link to the file given was: c:\windows\softwaredistribution\download\0b0ae6ec809c50e16034235461de3cce\bit3865.tmp

After a search on Google I'm under the impression that this folder is linked to windows update. Am I correct? The last windows update done on this laptop would have been a month ago when it was last used. The programmes running during the ten minutes prior to this file detection were Google Chrome (Facebook only), Spotify and also Dropbox which was syncing.

 

My main reason for writing here is that I am a bit confused as to where this file came from. Is it something to be worried about or is it simply a false positive? 

 

Thanks in advance.

SendOfJive
Posts: 10,787
Kudos: 4,845
Solutions: 779
Registered: ‎02-07-2009

Re: Cause of "suspicious cloud 5" in software distribution downloads folder.

[ Edited ]

Hi creathana,

 

A false positive is a possibility.  This was a detection based on a file's suspicious appearance, rather than a definitive signature that matched a known threat.  I can't help but think that your virus definitions may have still been a month out of date from the long layoff, and that this might have had something to do with Norton choosing to go with a conviction due to uncertainty about the file.  Had you updated your Norton virus definitions immediately after booting up from a month-long layoff?  I would suggest running LiveUpdate repeatedly untill it reports no further available updates.  Leave the file in Quarantine.  Because this was a heuristics detection, a false positive should resolve itself automatically in a day or two based on updated signatures.

 

http://www.symantec.com/security_response/writeup.jsp?docid=2010-090200-2232-99&tabid=2

Visitor
creathana
Posts: 2
Registered: ‎09-18-2012

Re: Cause of "suspicious cloud 5" in software distribution downloads folder.

Thanks for the response. I don't think I'd updated it immediately. As soon as I saw the mention of the suspicious file I did a full scan of the laptop which would have been when it first updated. I just updated it again when I turned on.

I had wondered if it was something to do with dropbox as it was syncing at the time. However I guess it doesn't use the software distribution folder? As it's now been quarantined I assume it will be no harm to my laptop? I'm just about to start back at uni and could really do with it working well!

Regular Contributor
dforrest
Posts: 152
Registered: ‎03-24-2009

Re: Cause of "suspicious cloud 5" in software distribution downloads folder.

I have the same thing happening when I download Norton Power Eraser (npe.exe).