Solved

CloudNetCheck.exe Malware or Legit ?

  • 11 February 2024
  • 5 replies
  • 1421 views

Userlevel 1

The File CloudNetCheck.exe showed up in my Download folder and I did not download it. Properties show it is from Cloudflare Network Security Provider. I attempted to delete the file from my download folder but can’t as message states it is open in another folder or program. I believe this is some Trojan but my web searches don’t get me a satisfactory answer if this is Malware or not. So here I am. Would a kind soul please inform me if this is Malware and if it is, how can I get rid of it?

Thank you very much for any replies.

icon

Best answer by TripleHelix 11 February 2024, 16:35

View original

5 replies

Userlevel 7
Badge +63

Hello @kaybayray51 

 

What Webroot product do you have installed and from where? https://www.webroot.com/us/en/home#see-plans-and-pricing

 

Scan the file with Webroot then save a scan log and post the lines that show the file as we need the Hash of the file because as you said no info on the file name.

 

 

If it’s to much for you then please contact Webroot support and they will help you sort it out.

 

Webroot Support:

Submit a ticket 24/7/365

Call 1-866-612-4227 Mon - Fri 7 AM to 5:30 PM (MDT)

 

Note: When submitting a Support Ticket, Please wait for a response from Support. Putting in another Support Ticket on this problem before Support responses will put your first Support Ticket at the end of the queue.

 

Also phone numbers from around the world: https://www.webroot.com/us/en/about/contact-us

 

Thanks,

Userlevel 1

Thank  you for you reply. Here are the lines from the saved scan I believe you are asking for. Apologies for my ignorance here.

 

SecureAnywhere Scan Log (Version v9.0.35.12)
Log saved at Sun 2024-02-11 12:07:00

v9.0.35.12
Windows 10.0 (Build 19045) 64bit (Hostname: DESKTOP-6KUAM27 - Local IP: 192.168.1.2)
Scan Started: Sun 2024-02-11 12:05:51
Files Scanned: 1
Malicious Files: 0
Duration: 1s

Some legitimate files are not included in this log
[U] C:\Users\EQUUS\Desktop\Suspect File\CloudNetCheck.exe [SHA256: 0CC89FFA714ADF9805CEFD3B79AB1EFEBB79995BBC54CE669E91402840A206FD] [MD5: 89184D259B4ECAC95B00B8855E550726] [Flags: 10091001.108689]

 

Please let me know if I  have not provided  you with the proper information.

Again thank you very much for  your kind assistance.

Userlevel 7
Badge +63

Hello @kaybayray51 

 

Thanks for the scan lines from your log! It’s best to contact Webroot Support because it’s Unclassified by Webroot http://snup.webrootcloudav.com/SkyStoreFileUploader/upload.aspx and nothing shows on VirusTotal https://www.virustotal.com/gui/home/upload which is very odd or very new. @DanP 

 

Click on pictures to see full size.

 

 

 

Thanks,

Userlevel 1

Below are results from file submission to webroot. They say is ok. The other link you privided, analysis is ongoing. However it is into the “Behavior” stage of the analysis and is reporting no complaints thus far of this file being malicious as the analysis continues.

Even if this file turns out to be a legit file, the fact still remains that I did not willingly download it and I don’t know what purpose it is supposed to serve. I don’t like having files and programs on my machine that I don’t know their purpose.  I therefore want to remove it. I have researched many methods of removal for a file that can’t be readily deleted. I get a message stating it can’t be deleted as it is open in another folder. Thus far I have not be able to remove it. I am not seeing anything in the Task Manager processes I recognize as being associated with this file so I can shut it off and delete it. Can you possibly help me get this off my machine?

 

Regardless, thank you very much for your kind assistance with this issue.

 

 

Userlevel 7
Badge +63

Hello @kaybayray51 

 

VirusTotal has info now and it is from Cloudflare and is a new file but I don’t know why it is on your system? Do use anything from Cloudflare on your system? Maybe try contacting them: https://www.cloudflare.com/plans/enterprise/contact/

 

https://www.virustotal.com/gui/file/0cc89ffa714adf9805cefd3b79ab1efebb79995bbc54ce669e91402840a206fd/details

 

 

I don’t know if you should delete it but you can try in Safe Mode: https://support.microsoft.com/en-us/windows/start-your-pc-in-safe-mode-in-windows-92c27cff-db89-8644-1ce4-b3e5e56fe234

 

 

HTH,

Reply