One of many Suspicious.Cloud.7.EP fake pop-ups




Share on Twitter
Share on Stumble Upon
Share on Digg
Share on Delicious


Providing cost-effective local computer repair and network support in the middle Tennessee area

Phone (615)596-2592

Remote Access Portal

Remote Access Icon
Home About Us Onsite Services Online Services Self Help Pricing Blog Inquiries

The Suspicious.Cloud.7.EP virus is a high risk infection that propagates very quickly once it has compromised a computer system. The Suspicious.Cloud.7.EP virus can be acquired by unsuspecting online users visiting malicious websites. It can also be acquired through visits to usually trustworthy commercial websites that have been hacked and that are now spreading the virus infection without the site owner’s knowledge. Many websites may continue to spread infections until their site administrators are contacted. Once the Suspicious.Cloud.7.EP virus has compromised your computer, you may start to experience annoying and constant pop-ups stating that your computer has been infected and that you need to purchase some off brand program to remove these threats. You might also experience browser redirects when you attempt online searches.

There are many variants of the Suspicious.Cloud.7.EP virus. And some of those variants contain keyloggers that are capable of stealing sensitive personal information such as user login credentials for your online accounts. Once the virus has been removed from your computer, you should keep a close eye on all of your online accounts for questionable activity.


How to remove the Suspicious.Cloud.7.EP virus from your computer


You’ll need to download the programs listed below on a clean computer and then copy them onto the infected system via a burned cd/dvd or usb drive for execution. The software utilities that you will need to download include:

  1. RKill
  2. TDSSKiller
  3. Combofix
  4. Emsisoft Emergency Kit


Suspicious.Cloud.7.EP virus removal procedure step by step:


  1. First, start your computer up in “Safe Mode with Networking” by pressing the “Function F8” at start-up before the “Windows” logo appears.















  1. Once in “Safe Mode”, execute your copy of “rKill” on the infected computer that you downloaded and transferred from a clean system. It will attempt to terminate any virus processes that are loaded in your system’s memory.
  1. After “rKill” has completed, start the copy of “TDSSKiller” to remove any root kit infections that may be present on your computer.


















  1. Click on “Change Parameters” and verify that it is configured to scan your computer’s system memory, services and drivers and boot sectors. Also make sure that the “Verify File Digital Signatures” and “Detect TDLFS File System” options are checked as well. Afterwards return to the start screen and click the “Start Scan” button.


















  1. After TDSSKiller has completed it’s scan and removal procedure,  disable any anti-virus utility programs that you already have installed on the infected computer and run a scan with the downloaded copy of “Combofix” clicking on it’s executable. It’s pretty much all automated and should require little user input. If it mentions that it needs to download additional files, let it do so and follow the additional prompts.  Combofix may take around 15 minutes or more to complete it’s scan. It’s important that you don’t interrupt it by trying to open any other programs on the infected system while Combofix is performing it’s scan. It’s scan will involve around 60 stages, but it doesn’t take long to complete.
  2. After Combofix has completed it’s scan, decompress and then execute the copy of the Emsisoft Emergency Kit.
  3. Once the emergency kit starts, click on “Emergency Kit Scanner”.















  1. Next, update the scanner’s definition files by clicking on “Update Now”.

















  1. After the definition files have been updated,  click on “Scan Now” and then perform a deep scan of your computer.


















  1.  After Emsisoft has completed it’s scan, remove any malicious files that it has found on your computer and then restart the computer normally.
  2. After the computer restarts and you have access to the Window’s desktop, open your web browser and then click on the “Tools” drop down menu. If you don’t see the “Tools” drop down, click on the little gear icon in the upper right corner.





















  1. Next, proceed to the “Advanced” tab at the upper right and then click on “Reset” down at the lower right  to reset your browser to it’s default settings.





















  1. Next, close the web browser and then reopen it and return to the “Internet Options Menu” by clicking on the “Tools’ drop down menu. On the “General” tab, change the home page back to what you want it to be by entering the website address of your preferred starting page in the box and then afterwards click on “Okay”.  And then afterwards make sure that you reactivate your current anti-virus utility’s real time protection.





















At this point your computer should be clear of the Suspicious.Cloud.7.EP virus infection. But if there are still indications of an infection, you’ll need to contact a professional virus removal technician to resolve any lingering issues.


______________________________________________________________


Manual Removal of The Suspicious.Cloud.7.EP virus:


Removing the Suspicious.Cloud.7.EP virus manually involves deleting all associated files, folders and registry entries created by the virus.  This virus creates a group of files with random file names and also registry entries pointing to those randomly named files. You should only attempt manual removal of the Suspicious.Cloud.7.EP virus if you have experience working with the Windows registry. If you don’t have this experience, now isn’t the time to start experimenting with your file system and configuration files. Use previous listed removal tools and techniques listed in the procedure above instead.


Suspicious.Cloud.7.EP Associated Files and folders that need removal:

%UserProfile%\[random].exe

%ProgramFiles%\Internet Explorer\Connection Wizard\[random]

%Windir%\Microsoft.NET\Framework\[random].exe

%System%\[random].exe

%Temp%\[random].bat


Suspicious.Cloud.7.EP Associated Registry Entries that need removal:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\[random]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\R un\[random]

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\[random]

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\svflooje\Enum\[random]



Smith Technical Resources makes no guarantees or claims that the information contained in this article will help you completely remove the above listed malicious program(s) from your computer.  There are several variations of each particular virus in the wild . And the procedure listed above may not be adequate for the specific version of the virus that your computer has been compromised by.

If you feel uncomfortable performing any of the procedures that we've listed on this page, please contact a professional computer repair company in your area and have them complete the needed repairs on your computer. Smith Technical Resources takes no responsibility for any possible damage that could result from your use of the above instructions.


Revision 1.1

©Smithtechres.com 2013 All Rights Reserved. Website Privacy Policy. Site Map

Kaspersky TDSSKiller Interface Kaspersky TDSSKiller options menu Emsisoft emergency kit start screen Emisoft Emergency Kit with Update Option. Emsisoft scan pc option screen Microsoft Window's advanced options menu INternet Explorer's internet options menu. Internet Explorer tools drop down menu. Internet explorer advanced options tab.

You may also be interested in the following tutorials:

Black Mesh

Smith Technical Resources

Secure Online Backup Services

Dependable Data Loss Prevention Solutions For Sensitive Business and Personal Computer Data


Click Here For Details


Suspicious.Cloud.7.EP Virus Removal