ItsGeekToMe.co
The official home of It's Geek to Me on the web!
Issue #325: October 13, 2013
Q: Somehow, a program called Pareto Logic was downloaded (possibly piggy-backed on another program) and installed on my laptop. I attempted to remove it, but only managed to remove part of it. Now, it pops up once a week on boot-up. Since it’s only partially there, it warns me that it cannot continue updating because portions are missing. Is Pareto Logic something I should have kept? How can I complete the removal?
– Paul L.
Niceville, Florida
A: It’s actually one word, Paul: ParetoLogic, and it’s a legitimate spyware scanner and removal tool. Whether you should have kept it is strictly up to you, but it sounds to me like you already decided you don’t need it, and are only having second thoughts because of the problem you’re having. Let’s fix that. You’ll be pleased to know that you actually successfully removed the ParetoLogic software from your system. What’s left behind is a scheduled task in Windows to remind you to register your copy. To remove it, click on the Start button, and where it says “Search programs and files” type the word “task” and Task Scheduler will appear at or near the top of the list. Click it to activate it. When it comes up, look in the list of tasks that you’ll find about halfway down the window in the middle column. Find the task in this list named “Paretologic Registration”. Select it; then in the Actions list, click “Delete”, and then back out of the dialog. Bye-bye Paretologic!
Q: I get the following recurring Norton popup: Auto Protect is processing security risk. Suspicious.Cloud.7.EP. It has degraded my PC performance. In addition to being slow, when searching for a site on the net it will often take you to a totally unrelated site. I have Windows 7 and use Norton 360. Per your recent article (I.G.T.M. Issue #320 – Sep 8, 2013) I disconnected the internet, booted under Safe Mode, ran a total system scan, reattached the internet and did a normal boot. I continue to get the same Norton Message. Any suggestions? I am not very good with computers. Any help you can provide will be greatly appreciated.
– Neal A.
Niceville, Florida
A: You’re getting that popup because “Suspicious.Cloud.7.EP” really is a “security risk,” Neal. In fact, it’s a particularly nasty virus (for those of you of Geekier persuasion, it’s a kernel-mode rootkit infection). It also happens to be a virus which Norton can detect, but cannot successfully remove. I would imagine that’s why the instructions from my previous column that you followed did not do the trick for you. From what I’m seeing in the Symantec Community forums, this problem isn’t unique to you. The good people who publish the Norton software have another tool – Norton Power Eraser (NPE) – that actually can get rid of it. “But wait,” you might be asking, “If they have another tool that can remove it, why don’t they just include that ability in their regular scanner?” To which I would answer, “That’s an excellent question, Neal.” The excellent answer that goes along with it is that NPE uses far more aggressive techniques than a “regular” scanner. In fact, NPE is so aggressive, that it can actually be hazardous to your system’s health in its overzealous attempts to clean it. Because of that, and because you said that you’re not very good with computers, I’m going to recommend that you don’t attempt to use NPE to remove the problem, because quite likely NPE will locate and offer to delete affected files, and you won’t know whether it’s safe to allow it to proceed. Instead, I’m going to recommend one of my favorite little free removal utilities. It’s from fellow anti-malware company Kapersky Labs, and it’s called TDSSKiller. You can download it at tinyurl.com/2cekohb. Save the file to your desktop, then use the technique you used before to reboot in Safe Mode and launch TDSSKiller. It’s a very simple program to use, and it will find your infection, but it will not call it “Suspicious.Cloud.7.EP” since that is a Symantec-specific name. Just let it clean up what it finds, and you should be good to go.
Leave a Reply
You must be logged in to post a comment.