Home Malware Programs Rogue Anti-Spyware Programs Cloud AV 2012

Cloud AV 2012

Posted: November 23, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 225
First Seen: November 23, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

Cloud AV 2012 Screenshot 1Cloud AV 2012 is a duplicate of other variants of rogue AV programs from the FakeScanti (also known as Fake Scanti and Rogue:Win32/FakeScanti) subgroup. Unlike a legitimate anti-virus application, Cloud AV 2012 can't find or remove viruses, but supports the appearance of being able to do so by creating fake infection warnings and other types of problems, including blocking website access, blocking programs and changing your desktop. SpywareRemove.com malware experts strongly recommend that you remove Cloud AV 2012 from your PC as soon as you see Cloud AV 2012 appear since side effects of Cloud AV 2012's presence will cause your computer to have weakened security and be generally-dysfunctional. When possible, using anti-malware software to accomplish this will help to prevent lasting harm to your PC, since components of Cloud AV 2012 may use the names of default Windows files or utilize other techniques to conceal themselves.

A Forecast for Cloud AV 2012: Nothing but Trouble for Your Computer

Although Cloud AV 2012 can cause a wide range of problems for your PC, the stand-out symptom of Cloud AV 2012 infection is the appearance of unusual error messages in various formats. Fake warnings and errors from Cloud AV 2012 can take the form of desktop images, taskbar balloons, web browser pop-ups and even fake Windows Security Center alerts. These false infection warnings are used to tempt you to purchase Cloud AV 2012 to remove these nonexistent issues, and, naturally, SpywareRemove.com malware researchers strongly discourage falling for this waste of money.

Many of these false messages may also appear when you attempt to navigate to an anti-malware website or use anti-malware software to remove Cloud AV 2012. You should be aware that Cloud AV 2012 is incapable of finding or removing any sort of threat to your PC and that this behavior is intended purely to stop you from deleting Cloud AV 2012 and taking the 'easy' way out of its scam. These errors don't indicate that there are actual problems with the websites or programs themselves, although, in some cases, Cloud AV 2012 may attempt to uninstall popular brands of PC security software.

The Rest of Cloud AV 2012's Stormy Weather

Even if you've resolved to uninstall Cloud AV 2012 at the first opportunity, other issues that Cloud AV 2012 may cause can make this prospect intimidating and difficult. SpywareRemove.com malware research team recommends using an anti-malware program to be sure of finding and removing all components of a Cloud AV 2012 infection, and be prepared to skirt around issues like these:

  • Browser hijacks that redirect you to Cloud AV 2012's website or block access to other websites.
  • A changed desktop background.
  • Pop-up windows that imitate Windows programs like Windows Security Center.
  • Random reboots of Windows.
  • Programs that are arbitrarily-blocked from being launched.

In all cases, stopping Cloud AV 2012 from launching itself is the first step to avoiding these attacks so that you can properly-remove Cloud AV 2012 from your PC. In most cases, Safe Mode is the readiest-available method of achieving this. A complete system scan should also be used, since an incomplete scan may allow any Trojans that are present to install a new FakeScanti infection, such as

Cloud AV 2012 Screenshot 2Cloud AV 2012 Screenshot 3Cloud AV 2012 Screenshot 4Cloud AV 2012 Screenshot 5Cloud AV 2012 Screenshot 6Cloud AV 2012 Screenshot 7

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\XHHH5sQQJ7dK8RZ\Cloud AV 2012v121.exe File name: Cloud AV 2012v121.exe
Size: 2.8 MB (2801664 bytes)
MD5: 420b6e9c65701b4b6720f25762f6186d
Detection count: 101
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\XHHH5sQQJ7dK8RZ
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\Microsoft\8AF2\66C.exe File name: 66C.exe
Size: 286.2 KB (286208 bytes)
MD5: 535b08b0737a0524b133be6401338383
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\8AF2
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\LycA1uvD2b4m5Q6\Cloud AV 2012v121.exe File name: Cloud AV 2012v121.exe
Size: 2.79 MB (2799616 bytes)
MD5: b199c92af7b4a1f1427f7ebff90e0615
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\LycA1uvD2b4m5Q6
Group: Malware file
Last Updated: August 17, 2022
%APPDATA%\AED99\502F9.exe File name: 502F9.exe
Size: 172.54 KB (172544 bytes)
MD5: a206e763d2bbed0eee677180c0ebe359
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AED99
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\13DB7\lvvm.exe File name: lvvm.exe
Size: 188.41 KB (188416 bytes)
MD5: 430ab1341e367ee43e2c57e9accd7be2
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\13DB7
Group: Malware file
Last Updated: November 24, 2011
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\Cloud AV 2012.ico File name: %AppData%\[RANDOM CHARACTERS]\Cloud AV 2012.ico
Mime Type: unknown/ico
Group: Malware file
%DesktopDir%\Cloud AV 2012.lnk File name: %DesktopDir%\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\8.tmp File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%AppData%\dwme.exe File name: %AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SYSTEM%\Cloud AV 2012v121.exe File name: %SYSTEM%\Cloud AV 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Local_AppData%\dwme.exe File name: %Local_AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%PROGAM_FILES%\LP\BAD6\C29.exe File name: %PROGAM_FILES%\LP\BAD6\C29.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%PROGAM_FILES%\24245\lvvm.exe File name: %PROGAM_FILES%\24245\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\FCE03\0FD4B.exe File name: %AppData%\FCE03\0FD4B.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\FCE03\3F0D.CE0 File name: %AppData%\FCE03\3F0D.CE0
Mime Type: unknown/CE0
Group: Malware file
%AppData%\LUUJ1wscH0aTNzF\Cloud AV 2012.ico File name: %AppData%\LUUJ1wscH0aTNzF\Cloud AV 2012.ico
Mime Type: unknown/ico
Group: Malware file
%TempDir%\1.tmp File name: %TempDir%\1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%TempDir%\dwme.exe File name: %TempDir%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\LP\4B7F\027.exe File name: %ProgramFiles%\LP\4B7F\027.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\LP\4B7F\2.tmp File name: %ProgramFiles%\LP\4B7F\2.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\LP\4B7F\3.tmp File name: %ProgramFiles%\LP\4B7F\3.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\LP\4B7F\4.tmp File name: %ProgramFiles%\LP\4B7F\4.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\03F0D\lvvm.exe File name: %ProgramFiles%\03F0D\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Programs%\Cloud AV 2012\Cloud AV 2012.lnk File name: %Programs%\Cloud AV 2012\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Desktop%\Cloud AV 2012.lnk File name: %Desktop%\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%SystemDir%\Cloud AV 2012v121.exe File name: %SystemDir%\Cloud AV 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Windows%\system32\[RANDOM CHARACTERS].exe File name: %Windows%\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[USERNAME]\Application Data\svhostu.exe File name: %Documents and Settings%\[USERNAME]\Application Data\svhostu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[USERNAME]\Local Settings\Temp\[RANDOM CHARACTERS].tmp File name: %Documents and Settings%\[USERNAME]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[USERNAME]\Application Data\[RANDOM CHARACTERS]\ File name: %Documents and Settings%\[USERNAME]\Application Data\[RANDOM CHARACTERS]\
Group: Malware file
%Documents and Settings%\[USERNAME]\Start Menu\Programs\Cloud AV 2012\ File name: %Documents and Settings%\[USERNAME]\Start Menu\Programs\Cloud AV 2012\
Group: Malware file
%Documents and Settings%\[USERNAME]\Desktop\Cloud AV 2012.lnk File name: %Documents and Settings%\[USERNAME]\Desktop\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

Regexp file mask%AppData%\iexplore.exe%AppData%\svhostu.exeHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_CURRENT_USER\Software\Cloud AV 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

2 Comments

  • SEYMOUR SCHWARTZ says:

    Had a problem downloading Spyhunter...doing a simple System Restore, back about one (1) week appears to have solved the problem. Cloud AV 2012 has disappeared. Was this an acceptable alternative?

  • Fistum says:

    I am unable to open Home and Business Outlook 2010 in Win7. Version is 14.06029.1000. It wkoerd fine earlier today. I was entering contacts. The file size is 265 KB. I am unable to run the nav file, but did find the .pst file and restored it. Still no luck. The application icon does not open it. Safe mode does not work. I do not feel good enought to change any other programming.I am unable to access my mailboxes from this computer.I checked the properties of the Outlook pst file and noticed that the attributes on this file show an Al and not A like the other office folder shortcut. The desktop shortcut is an A.Help, please.Joy

Loading...