Suspicious.Cloud.7.F identified on two of my PC's

Hello, Norton has identified SUSPECIOUS.CLOUD.7.F on my two PC: Windows 7 and XP.  I don't have Visual Studio nor LibreOffice.  What other files could it be to get rid of it? 

 

 

[edit: Clarified subject.]

Hi 4Marcelo:

 

Welcome to the Norton community.

 

If you click the History link from your main Norton window and select, "Resolved Security Risks" from the dropdown list, you should be able to highlight one of the Suspicious.Cloud entries and click on the "More Details" button on the right-hand side. Do the details tell you the name and location of the suspicious file? If you could post a screenshot of the details (see the post here titled Forum Tip - How to Post screenshots in the Forum) that would be helpful.  I've posted a screenshot below of one file that was quarantined by my NIS 2011 that turned out to be completely harmless after I submitted it for testing via Symantec's False Positive Report here.

 

Shavlik Setup Blocked by NIS 2011 30 May 2011.jpg

 

 

It would also help if you could let us know what Norton product you're using (e.g., NIS, NAV or N360) and the exact version number (go to Support | About - my NIS 2011 is currently v. 18.6.0.29).  There is a background task called Norton Insight that runs automatically to keep the trust ratings of your applications up-to-date, but it might also be a good idea to run this task manually (Performance | Application Ratings, then hit the Refresh button if the scan doesn't start automatically) to make sure your trust ratings are updated.

 

I noticed you also posted here yesterday about a WS.Trojan.H detection.  I've heard of other users who had problems with false positive detections from legitimate Cyberlink products such as PowerDVD.  You should also be able to find detailed information on this detection in your security history (look under SONAR activity or another subheading under Computer Protection).  I wouldn't delete the detected file from your Win XP PC yet, since detections like Suspicious.Cloud and WS.Trojan are generic heuristic detections that flag files that behave "suspiciously".  If these detections are false positives for legitimate software you could end up corrupting your software if you delete the file before confirming you have a virus.

 

You might also want to try running a full system scan with the free Malwarebytes' Anti-Malware (MBAM) scanner.  MBAM will occasionally detect malware missed by a Norton full system scan.  During your MBAM installation, decline the 15-day trial offer to use the advanced Pro features like real-time protection, since you should never run other security software in real-time protection mode at the same time that your Norton product is running.  MBAM might find some old registry entries and PUPs (potentially unwanted programs), which are often just inert files on your hard drive left over from uninstalled toolbars, etc., and these types of detections often aren't a cause for concern.  On-demand manual scans by MBAM are perfectly safe and will not conflict with your Norton product.

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS

 

 

Hello Imacri, the two computers have the latest version of your software, NIS 2012.  The two virus are called WS.Trojan.H and Suspicious.Cloud.7F and are always showing up on the history section (only) and never make it to the "Resolved Security Risk".  See the screen shot below for the Windows 7:

 

image0002.jpg

 

 

 

Here is the screen shot for the Windows XP:

 

image0003.jpg

 

 

I have tried your suggestion of the Application Rating on both of the computers and came up with files that I don't know how valid they are to get rid of.  Here is an example of the screen shot for the Windows 7.  The XP computer has a lot more listed:

 

image0001.jpg

 

 

I have tried the Malware too.  It found nothing on the Windows 7, but for the XP it found two registry data infected with Pum.Disabled.Securitycenter.  It has now been quarantined.

 

Can you help me decipher this and get rid of these viruses?  Don't know if it is a false positive or not but the two computer are running slow which is a good indication that something is wrong.  Please help.

 

Hi 4Marcelo,

 

Those are not malware detections - they are statistical submissions, which means that they are files of interest that are being submitted to Symantec via Norton Community Watch.  Notice that, under "Severity" they are listed as "Info." - the log entries are for informational purposes and do not mean that a threat was found.  You can ignore these entries.

 

The unproven file is an unproven file.  It is not malicious.  There is just not enough known about it to provide a rating.  Unproven files will be scanned, trusted files will be skipped.  You can ignore this one, too.

 

The PUM.Disabled.Securitycenter is telling you that the Windows Security Center alerts for antivirus and firewall protection were disabled.  This is done by Norton, because Norton alerts to the same things.  Enabling them will result in double warnings when you disable your Auto-Protect or Firewall protections.  PUM stands for Potentially Unwanted Modification, and these are almost always something that the user or a legitimate program changed from the Windows default.  Fixing these does not quarantine them - it changes the settings for the Security Center back to the default, which is fine - double warnings are not a problem and if something happens to Norton that prevents it from alerting you, then Windows will still be able to notify you of a problem.

 

From the information you have provided, there is nothing that would indicate an infection on your system.

Hi 4Marcelo:

 

SendOfJive is correct - you don't have anything to worry about if a statistical submission is noted as "exonerated".  Several other users have raised concerns about this issue, and there's a good discussion about it here in car825's thread Exonerated by Community Watch?.  The PUM found by MBAM is harmless as well - I mentioned PUPs (potentially unwanted programs) in message # 2 and PUM detections by MBAM fall into the same general categorySendOfJive has posted detailed information here in joen's thread PUM.Disabled.SecurityCente in MBAM if you'd like more information.

 

If you're concerned that your computers have been running slow since installing NIS 2012 please see the post here in Patrick McCabe's thread Is Norton Slowing Down My Computer?.  Then post back and let us know if you think you have any outstanding issues with NIS 2012 that we can help you with.

--------

Windows Vista Home Premium 32-bit SP2 * NIS 2011 v. 18.6.0.29 * IE 9.0 * Firefox 8.0.0
HP Pavilion dv6835ca, Intel Core2Duo CPU T5550 @ 1.83 GHz, 3.0 GB RAM, NVIDIA GeForce 8400M GS