Home Malware Programs Rogue Anti-Spyware Programs Cloud Protection

Cloud Protection

Posted: October 10, 2011

Threat Metric

Threat Level: 10/10
Infected PCs: 101
First Seen: October 10, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

Cloud Protection Screenshot 1Cloud Protection is a new variant of older forms of rogue anti-malware programs from the FakeScanti family. This group of fake malware scanners (including Cloud Protection) uses fake error messages to make you believe that your PC is seriously damaged and follows up on the scam by asking you to purchase a registration key to fix the problem. SpywareRemove.com malware experts have combed over Cloud Protection and found Cloud Protection to be totally lacking in real anti-virus or anti-malware functionality, however, and they recommend against purchasing Cloud Protection. Until you remove Cloud Protection and any related infections (such as the ZeroAccess rootkit) from your PC with a real anti-malware program, your computer may be subjected to attacks that redirect your web browser or shut down security-related software.

Countless Reasons to Avoid a Cloud Protection Forecast

Cloud Protection is part of a family of rogue security programs that prefer to distribute themselves with ZeroAccess, a rootkit that have a variety of capabilities, most particularly towards attacking your computer's security. While ZeroAccess is active, you may be unable to run standard anti-malware software or experience unusual crashes that prevent you from removing Cloud Protection. However, SpywareRemove.com malware analysts note that appropriate rootkit-removal software can still delete the latest versions of ZeroAccess, and sufficiently-broad anti-malware programs should also be able to remove Cloud Protection in the process.

Other Cloud Protection-related problems can also extend to:

IDing a Fake Cloud Protection Infection

SpywareRemove.com malware researchers present the following examples of Cloud Protection's fake warnings to allow you to ignore any pop-ups that resemble these false leads. However, since their appearance on your PC does indicate that your PC is already infected with Cloud Protection, further action, such as usage of an anti-malware product, is required.

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Besides the symptoms that have been noted here, Cloud Protection and the ZeroAccess rootkit may show few symptoms of being on your computer and, if removed in an improper fashion, may remain on your PC even if they appear to be removed. Use Safe Mode and a completely-updated security program to scan your hard drive, before assuming that your Cloud Protection removal attempt has succeeded. If necessary, SpywareRemove.com malware experts also note that you can fake registration for Cloud Protection with the code '9992665263.'

Cloud Protection Screenshot 2Cloud Protection Screenshot 3Cloud Protection Screenshot 4Cloud Protection Screenshot 5Cloud Protection Screenshot 6

Aliases

Mal/FakeAV-OZ [Sophos]a variant of Win32/Kryptik.AAJZ [NOD32]Adware/WindowsRecovery [Panda]Gen:Variant.Kazy.40147 [BitDefender]a variant of Win32/Kryptik.TWI [NOD32]Trojan.Win32.Jorik [Ikarus]Artemis!1B426E933853 [McAfee-GW-Edition]Trojan.Win32.Jorik.Fraud.fla [Kaspersky]a variant of Win32/Kryptik.UES [NOD32]Generic FakeAlert.bz [McAfee]Win32:FakeAlert-BHX [GData]TR/Fakealert.TZ [AntiVir]Trojan.Packed.189 [DrWeb]Trojan.Win32.Jorik.Fraud.fmf [Kaspersky]Win32:FakeAlert-BHX [Trj] [Avast]
More aliases (62)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%USERPROFILE%\cmhost.exe File name: cmhost.exe
Size: 174.59 KB (174592 bytes)
MD5: 999ab3d32d2aa4c05962142ebbca8f41
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: October 20, 2011
%TEMP%\svhostu.exe File name: svhostu.exe
Size: 102.91 KB (102912 bytes)
MD5: 55e3ebfc4a5b7a14a46b9051c10a08ec
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 17, 2011
%ALLUSERSPROFILE%\Application Data\6DSS92c31Apgjk.exe File name: 6DSS92c31Apgjk.exe
Size: 347.13 KB (347136 bytes)
MD5: 15d961278fc23d262a41b43c91b79849
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: October 25, 2011
%TEMP%\Low\9b88.exe File name: 9b88.exe
Size: 430.08 KB (430080 bytes)
MD5: a537b08413c63a31533833bed1002b13
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Low
Group: Malware file
Last Updated: October 25, 2011
%PROGRAMFILES%\1B272\lvvm.exe File name: lvvm.exe
Size: 193.53 KB (193536 bytes)
MD5: 30b417d498af215d9d4c04f9182813f7
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\1B272
Group: Malware file
Last Updated: January 10, 2022
%ALLUSERSPROFILE%\Application Data\1kAlMiG2Kb7FzP.exe File name: 1kAlMiG2Kb7FzP.exe
Size: 429.05 KB (429056 bytes)
MD5: 19db38e4385b31dd3460bffd8be2ee7f
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: November 1, 2011
%ALLUSERSPROFILE%\Application Data\PeOuyECqQC.exe File name: PeOuyECqQC.exe
Size: 502.78 KB (502784 bytes)
MD5: 1b426e933853d2bcb271183c696a3084
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data
Group: Malware file
Last Updated: October 25, 2011
%WINDIR%\system32\config\systemprofile\AppData\Roaming\svhostu.exe File name: svhostu.exe
Size: 101.37 KB (101376 bytes)
MD5: 07c237f3ee4e19dbf8058166e766333c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%\system32\config\systemprofile\AppData\Roaming
Group: Malware file
Last Updated: October 20, 2011
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%AppData%\E77ikC6uQA5hAym File name: %AppData%\E77ikC6uQA5hAym
Group: Malware file
%AppData%\GxxTGN9pzF File name: %AppData%\GxxTGN9pzF
Group: Malware file
%AppData%\g44tgnOLrfI2dJw File name: %AppData%\g44tgnOLrfI2dJw
Group: Malware file
%AppData%\g44tgnOLrfI2dJw\Cloud Protection.ico File name: %AppData%\g44tgnOLrfI2dJw\Cloud Protection.ico
Mime Type: unknown/ico
Group: Malware file
%Programs%\Cloud ProtectionCloud Protection.lnk File name: %Programs%\Cloud ProtectionCloud Protection.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Programs%\Startupcrss.exe File name: %Programs%\Startupcrss.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles\Internet Explorer\1.tmp File name: %ProgramFiles\Internet Explorer\1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%SystemDir%\D88olEDV7kS7kSu.exe File name: %SystemDir%\D88olEDV7kS7kSu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Cloud Protection.lnk File name: %Desktop%\Cloud Protection.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%TempDir\svhostu.exe File name: %TempDir\svhostu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%TempDir\2.tmp File name: %TempDir\2.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

7 Comments

  • Ruth Purvis says:

    I have Cloud Protection coming up and making me activate the program and telling me I have all kind of viruses and I can't get my avg virus program to install and clean my computer. What can I do to get rid of Cloud Protection????? or let me know how I can call you.

  • Brittany says:

    I have the same problem as Ruth. Its annying the eff outta me. Please let me know how to remove this junk. K thanks.

  • emma says:

    Please help me, i'm having such a hard time trying to get off this cloud mess !!! What should I do ?!

  • kaleigh says:

    i copied the fake register code 9992665263 and it deleted itself!

  • Lyn Baker says:

    I booted up in safe mode (F8) then found the application file and deleted it. It worked!

  • Stevo says:

    I unplugged the power to my computer & rebooted. select safe mode. Once booted, right click on the \"cloud\" icon & select \"open file location\" delete that file. Then go up one folder and delete everything in that roam folder dated up to the day before your computer started acting up. Then reboot in normal mode. Worked for me.

  • steph says:

    WOW....worked like a charm, spyhunter. Cant belive I put up with that for a day and a half.

Loading...