Suspicious.Cloud is a detection mechanism created to identify new malware threats without using the conventional signatures. Any files identified with this name are deemed harmful. Attackers intentionally morph this malware to evade antivirus scanners. Since Suspicious.Cloud is a usual detection, there are no common symptoms except for an alert initiated when antivirus software detects unnatural activity on the system.
Other Variants: Suspicious.Cloud.2.A, Suspicious.Cloud.7.L, Suspicious.Cloud.7.F
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
When Suspicious.Cloud enters a computer, it immediately makes some changes on system files. Other variants of this malware may inject a code onto legitimate system processes. Some will just drop essential files on various folders of Windows. Most of these infections can alter the registry. It can make vital changes to load the threat once Windows starts.
If this malware is running on the infected PC, it can execute actions as what is encoded in the virus. Because Suspicious.Cloud is a generic detection, antivirus programs may identify a variation of malware. There are no general sign if the computer is infected with this virus. Hence, security program will issue an alert whenever it sense illicit activity on the system initiated by Suspicious.Cloud. You can view the sample detection on the image below.
The threat is also known to have a downloader function. It can establish a communication line between the compromised computer and a remote server. From this connection, attacker may perform the following actions:
- Drop and execute other threats on the compromised computer
- Download a configuration file and update the threat
- Modify Internet browser’s homepage and redirect searches to unknown web sites
- Monitor Internet browsing activity of victims
- Display advertisement and pop-up messages
Suspicious.Cloud spreads through a number of means ordinarily employs by other similar threats. There is also an observation that some malicious links will direct victims to Suspicious.Cloud download page. These links will reach user via spam email messages, instant messaging program and malicious blogs that tackle most recent issues.
How to Remove Suspicious.Cloud
1. Temporarily Disable System Restore if you are using Windows XP. For Windows Vista/7 users, you may use System Restore to return Windows to a previous clean state. However, you must have a saved restore points to accomplish this. Otherwise, proceed with the removal process.
2. To be able to identify even the most recent variant of Suspicious.Cloud, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will boot Windows loading only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Additional virus removal tool provides deep scanning technology to eliminate other threats not detected by a normal virus scan. Use this tool with extra caution.
5. Go to NPE web page and download the tool.
6. Once the download completes, double click on the file NPE.exe to run the program.
7. It will prompt for End User License Agreement, click on Accept to continue.
8. On NPE main window, click on Scan. Then select Exclude Rootkit Scan. Click on Continue to proceed.
9. Virus scanning may take some time. After running the scan, NPE will display the scan result.
Important! If there are any detected threats under Suspicious, remove the check mark. Only threats in Detected category are necessary to remove at this point. Make sure that you mark the Create System Restore Point before proceeding with the fix.
10. Now click on Fix to start removing the threats including Suspicious.Cloud remnants if there are any.
11. When done, Norton Power Eraser will restart the computer. Then after a reboot, it will initialize and display the eliminated threats.
12. You may now close Norton Power Eraser.