Results 1 to 4 of 4

Thread: NIS found 'Suspicious.Cloud' in Spybot directory

  1. #1
    Member Lancelot's Avatar
    Join Date
    Nov 2006
    Posts
    57

    Default NIS found 'Suspicious.Cloud' in Spybot directory

    Norton tells me it has eliminated a high risk threat. Norton's name for the threat is Suspicious.Cloud.AM.

    Path including file name:
    c:\programfiler\spybot - search & destroy\updates\sdinformv2b.exe

    What is sdinformv2b.exe ?

    It may be a false positive, but it's not impossible that a Spybot file gets infected.

    It is Spybot 1.6.2 and it was updated some days ago. Norton autoprotect detected the threat today. I did not run Spybot today and no Spybot files were supposed to be loaded into memory. I believe Norton autoprotect only scan things loaded into memory. This may indicate that it is not a false positive?
    Last edited by Lancelot; 2015-05-30 at 23:29.

  2. #2
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,164

    Default

    SDInformV2b.exe is a file that Informs Spybot 1.6 users about 2.x release,according to this:
    http://www.isthisfilesafe.com/sha1/F...7_details.aspx

    The Suspicious.Cloud.AM detection description says this:
    Suspicious.Cloud.AM is a detection technology designed to detect entirely new malware threats without traditional signatures. This technology is aimed at detecting malicious software that has been intentionally mutated or morphed by attackers.
    So,that's a good idea,but it also would result in some false positives happening,and that is what I believe this is.
    Over in technical details,there's a link to click for false positives,so you could report it to Symantec as a false positive.
    http://www.symantec.com/security_res...513-99&tabid=2

  3. #3
    Member Lancelot's Avatar
    Join Date
    Nov 2006
    Posts
    57

    Default

    Thank you for the information.

    NIS has deleted the file so I can't upload it to Symantec. There is no trace of it in the logs either, it's like it never happened. I expected to find it in the quarantine but it is empty.

    NIS auto-protect popped up a 'high risk' warning but their website says the risk is 'very low'.

  4. #4
    Spybot Advisor Team Zenobia's Avatar
    Join Date
    Oct 2005
    Posts
    5,164

    Default

    Huh,guess that does make it difficult,it says the upload of the file is required.
    There is Norton Community.Maybe you can report it there:
    http://community.norton.com/en
    You're welcome.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •