Suspicious.Cloud is a detection mechanism created to identify new malware threats without using the conventional signatures. Any files identified with this name are deemed harmful. Attackers intentionally morph this malware to evade antivirus scanners. Since Suspicious.Cloud is a usual detection, there are no common symptoms except for an alert initiated when antivirus software detects unnatural activity on the system.

Other Variants: Suspicious.Cloud.2.A, Suspicious.Cloud.7.L, Suspicious.Cloud.7.F

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Windows Vista

When Suspicious.Cloud enters a computer, it immediately makes some changes on system files. Other variants of this malware may inject a code onto legitimate system processes. Some will just drop essential files on various folders of Windows. Most of these infections can alter the registry. It can make vital changes to load the threat once Windows starts.

If this malware is running on the infected PC, it can execute actions as what is encoded in the virus. Because Suspicious.Cloud is a generic detection, antivirus programs may identify a variation of malware. There are no general sign if the computer is infected with this virus. Hence, security program will issue an alert whenever it sense illicit activity on the system initiated by Suspicious.Cloud. You can view the sample detection on the image below.

Suspicious.Cloud Detection

The threat is also known to have a downloader function. It can establish a communication line between the compromised computer and a remote server. From this connection, attacker may perform the following actions:

  • Drop and execute other threats on the compromised computer
  • Download a configuration file and update the threat
  • Modify Internet browser’s homepage and redirect searches to unknown web sites
  • Monitor Internet browsing activity of victims
  • Display advertisement and pop-up messages

Suspicious.Cloud spreads through a number of means ordinarily employs by other similar threats. There is also an observation that some malicious links will direct victims to Suspicious.Cloud download page. These links will reach user via spam email messages, instant messaging program and malicious blogs that tackle most recent issues.

3 Responses

  1. elr66 says:

    it worked…the NPE.

  2. katie says:

    I ran NPE just as the steps said to, without fault, and after the NPE, I found 3 threats (one of which I was unable to remove, although it was notepad so it didn’t seem to be an actual threat), I checked the other two, ran NPE…it “fixed” and shut down my computer. After turning it back on manually, NPE never reapeared as the steps say it will; worst of all, the Suspicious.Cloud.7.EP is still at it, attacking my computer.
    I don’t know how to fix this and I don’t understand why the NPE won’t work.
    please contact me, asap.

  3. Bas says:

    How I get rid of it.
    Enable in your AV ( Exclude from scan), Wise Registry Cleaner, settings to Advanced.
    Run the program, you lose everything that does not belong in Registry inclusive your AV !
    Reboot, Install your AV new, do system scan ! (Remove Exclude from scan, Wise Reg Cleaner in your AV)
    Set Wise Registry Cleaner Settings to Safe or Remove the program.
    Check your Windows Firewall ! it has altered settings, your Network is ALSO connected to Public!!!
    That’s where your Threats come from, disable Public Network.
    Run SpyBot (Free), after scanning and delete some malware, you can detete the program !
    Use ONLY Internet Explorer 11, NO other Browsers . . .

Leave a Reply

Your email address will not be published. Required fields are marked *