Three night ago, Norton Internet Security 2016 found and removed Suspicious.Cloud.9, which was found in the setup file for a Print Directory program (Karen’s Directory Printer). I wasn’t entirely surprised that a virus was on my system. 2 or 3 days before, I was on the computer when my processor light became very active, and I couldn’t do much of anything for about 20 minutes. Nothing worked. Werfault.exe was listed in the Task Manager.
Earlier on the day when the virus was found, something similar happened. The processor light became very active, and my computer just wouldn’t respond. My mouse continually became disconnected and then re-connected (I would hear the sound of that occurs when a USB device is connected and disconnected), and even noticed that the red light on my mouse would turn on and off repeatedly.
At this time, I noticed that WMPNSCFG.exe was active, and I don’t think I was using Media Player at the time. Wercom.exe was active, and so was DWM.exe (which has been very active lately, not just on this occasion). According to the security history, around this time, there was a performance alert High CPU Usage by Windows Driver Foundation – User mode driver framework host process.
Since the virus was removed, everything seemed much better, until last night. Once again, the processor light became very active, and my computer just wouldn’t respond. The problem with the mouse occurred again (heard the sound of something being disconnected and re-connected again). This went on for a while. OIS.exe, which is Microsoft Office Picture Manager was active, according to the Task Manager, but it wasn’t using it at the time. Docklogin.exe (Dell support) was also active (noted by Norton Community Watch Feedback), and this concerns me a lot. I remember seeing igfxpers.exe and verclsid.exe on the Task manager list, too, and once again DWM.exe was active.
“Protecting your connection to a newly detected network” appears in the history around the time this was going on. 5 minutes earlier, “IP address has disappeared from adapter” was noted in the security history.
This went on for a while, and I finally shut down the system using the power button to stop what was going on, and then turned the computer back on a couple of minutes later, and the problem stopped.
Also, last week, I ran the new version of Norton Power Eraser, and it told me that I had an old version of Java that needed to be removed, because it could present a security problem. I tried to remove it, but couldn’t, because the .msi installer is missing. That’s still on my system, and I can’t remove it. I did put the newest java update on my computer (maybe I shouldn’t have bothered), but I always have Java disabled.
Do I still have a problem even though Suspicious.Cloud.9 has been removed?
(32 bit Vista, 6.0.6002 Service Pack 2 Build 6002)