MSI Afterburner Gen:Suspicious.Cloud.2.

JProtect · 2023-03-25T16:02:25+00:00

There was an error rendering this rich post.

Hello. I am posting because earlier today BitDefender flagged "RTCore64.sys" as malware: "Gen:Suspicious.Cloud.2.auX@a8WMB6e", specifically. I incidentally deleted the file and unfortunately could not run it through VirusTotal.

Re-installing the program from the website did not mark that version of RTCore64.sys as malware and as such I have not been able to reproduce it.

I have prepared the Support Tool, Connectivity, and System Logs to hopefully help -- but I notice they seem to contain somewhat sensitive information and was curious where I could submit them for assistance.

Thank you for your time.

Find more posts tagged with

Comments

Flexx

https://community.bitdefender.com/en/discussion/95494/msi-afterburner-gen-suspicious-cloud-2

As confirmed in another post, this is cloud based detection which is file reputation based detection which is independent of the detection created by malware researchers.

Additionally, can you upload the file on virustotal and share the link here.

Regards

JProtect

https://community.bitdefender.com/en/discussion/comment/322848#Comment_322848

I'm afraid I can't share said result, like I said; I incidentally deleted the file. I understand that it's suggesting that said app was suspicious, but I am curious in what way -- if I were to provide the Support Tool, Connectivity, and System Logs, would you be able to confirm what it detected as an issue?

Thank you for your response.

Flexx

https://community.bitdefender.com/en/discussion/comment/322849#Comment_322849

You will have to provide those logs to support team which will in turn share the logs with malware research team. Nothing more can be done here. No further information can be provided on the community forum.

Regards

JProtect

Hello. I actually went and recovered the file, out of latent anxiety. I scanned it through VirusTotal to no results, but perhaps the data recovery altered it.

I notice in the timeline it animates for the attack, it seems to be following the actions of Kaspersky tech I had scanning parallel before ultimately -- and from my perspective, randomly(?) -- deciding that RTCore64.sys is suspicious.

I have attached what I mean.

Could anyone perhaps provide some context for what I am looking at? I am admittedly ignorant.

Alexandru_BD

Hello @JProtect,

I also think this would be a task for the engineers to solve.

Regarding your statement below:

"I have prepared the Support Tool, Connectivity, and System Logs to hopefully help -- but I notice they seem to contain somewhat sensitive information and was curious where I could submit them for assistance."

Please allow me to explain the process and reassure you that we do not collect any personal files or information during our troubleshooting process.

The Bitdefender Support Tool log is essential in the troubleshooting process and contains only anonymized information about Bitdefender and software present on your computer that Bitdefender interacts with. No personal information or files are gathered from the computer, but rather a snapshot of installed programs, active processes, hardware specifications and Windows event logs, none of which contain your personal information.

Bitdefender is in complete adherence to all GDPR and data privacy regulations. The technical data we gather, only with your consent, contains no identifying information, is stored securely and is accessed only in the scope of analysis and troubleshooting.

I understand how important your privacy is to you, and our technicians take full responsibility to protect your personal information. The troubleshooting process is designed to focus on resolving any technical issue at hand, and is carried out with respect for your privacy and the confidentiality of your personal files and information.

With all that said, the engineers can make sure that the Support Tool Log, along with any other type of information resulting from the support process is purged from the systems and you can let the engineers know if you'd like them to do that.

If you have any further concerns or questions about our troubleshooting process, please don't hesitate to ask our Support teams. They will do their very best to help and ensure that your experience with our services is as secure and private as possible.

Regards,

Alex