Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton Security, Suspicious.Cloud.9.B detection...


  • Please log in to reply
3 replies to this topic

#1 Raxzer

Raxzer

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 24 November 2015 - 05:20 PM

So today Norton Security picked up something weird while my computer was idle. 

 

Infected file: BIT1D2E.tmp

Location: C:\Windows\Temp\BIT1D2E.tmp

Threat name: Suspicious.Cloud.9.B

Threat type: Heuristic virus

 

 

That's really all I have, but I saw it again in the same folder(how the heck did it get redownloaded?) a few minutes later and uploaded it to VirusTotal:

https://www.virustotal.com/nb/file/a965bef89c8d92f79e5a98602bb09d92aba25659e03b57f34aa32b90508191b6/analysis/1448399271/

 

 

Malwarebytes and SUPERAntiSpyware comes out clean, and now Norton Securtiy also returns clean.

 

I'm confused. False positive or infected?



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:49 AM

Posted 26 November 2015 - 02:16 PM

Hello,

 

Please download Rkill to your Desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe
http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
 

§  Double-click on the Rkill desktop icon to run the tool.

§  If using Windows Vista, 7, 8 or 10 right-click on it and choose Run As Administrator.

§  black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

§  If not, delete the file, then download and use the one provided in Link 2.

§  Do not reboot until instructed.

§  If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from Safe Mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

-----

 

Kaspersky Virus Removal Tool

Please download Kaspersky Virus Removal Tool from here.

§  Right click on KVRT.exe and select Run as Administrator.

§  Read the EULA, then select Accept.

§  Wait for Kaspersky Virus Removal Tool to initialize.

§  In the main screen, select Change parameters, place a checkmark in System drive, then click OK.

§  Click Start scan.

§  Wait for Kaspersky Virus Removal Tool to complete scanning.

§  When the scan is finished, select Neutralize all for all detected objects.

§  Close Kaspersky Virus Removal Tool when done.

Informe me if something is detected.

------


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Raxzer

Raxzer
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 27 November 2015 - 08:32 PM

Alright, got the RKill log here:
 

Spoiler

 

KVRT didn't detect any threats.



#4 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:11:49 AM

Posted 28 November 2015 - 03:47 AM

Uninstall SUPERAntiSpyware, it is outdated software.

I think that it is false positive. 

------

 

Empty your temp folders using TFC (Temporary File Cleaner)

§  Please download TFC by Old Timer and save it to your desktop.
alternate download link

§  Save any unsaved work. (TFC will close ALL open programs including your browser!)

§  Double-click on TFC.exe to run it. (If you are using Vista or above, right-click on the file and choose "Run As Administrator".)

§  Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

§  Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway allowing Windows to load normally (not into Safe Mode) to ensure a complete clean.

-----

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

§  List Installed Programs

§  List Users, Partitions and Memory size.

Click Go and post the result (MTB.txt). A copy of MTB.txt will be saved in the same directory the tool is run.

-----


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users