OpenCloud Antivirus
Posted: August 27, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 10/10 |
---|---|
Infected PCs: | 12 |
First Seen: | August 27, 2011 |
---|---|
Last Seen: | August 17, 2022 |
OS(es) Affected: | Windows |
OpenCloud Antivirus is a fake anti-virus program that uses traditional scamware-style tactics to steal your money and finance-related information. SpywareRemove.com malware researchers have found that OpenCloud Antivirus, like its brethren, is happy to create fake virus alerts while it asks for your money so that it can 'fix' these imaginary problems. Other issues that may be caused by OpenCloud Antivirus include browser hijacks, negatively-altered system settings and problems with security software. You should remove OpenCloud Antivirus with an anti-malware program of good repute, since OpenCloud Antivirus will conceal its components in diverse locations, as well as borrowing the names of critical Windows system files.
Although OpenCloud Antivirus tries to look like a new and independent product that will fight viruses on your PC, OpenCloud Antivirus is really a clone of older rogue anti-virus products from the FakeScanti family that include Security Guard, Sysinternals Antivirus, WireShark Antivirus, Milestone Antivirus, BlueFlare Antivirus, Wolfram Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011 and Super AV 2013.
The Toxic Rain Inside of This OpenCloud Antivirus
OpenCloud Antivirus, like other forms of fake security software that our malware experts have analyzed, is used primarily for the creation of false positives or fake infection warnings that mislead you about the state of your PC. Error messages from OpenCloud Antivirus can appear in your taskbar, after OpenCloud Antivirus pretends to scan your computer or even at random in the form of browser popups. One example of OpenCloud Antivirus's fake errors is shown here:
Security Warning
There are critical system files on your computer that were modified by malicious program. It will cause unstable work of your system and permanent data loss. Click here to undo performed modifications and remove malicious software. (Highly Recommended)
OpenCloud Antivirus will also pretend to detect specific infections that aren't on your PC such as Trojan-Downloader.JS.Agent, Trojan.VBS.Qhost and Trojan-Downloader.JS.Romora. In return for offering to remove these infections that it made up to begin with, OpenCloud Antivirus will ask you to spend over fifty dollars to register its software. Instead of wasting your dollars on an anti-virus program that has no virus-fighting features, you may want to consider faking registration with the code 'DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B'. The above code has been known to work on other rogue anti-virus applications in the same subgroup of OpenCloud Antivirus.
Dispersing OpenCloud Antivirus for Sunny Days Ahead
Although removing OpenCloud Antivirus with an anti-malware product should be a common-sense solution to an OpenCloud Antivirus infection, other attacks by OpenCloud Antivirus may complicate your attempts to delete it, such as:
- Browser hijacks that block websites or redirect you to hostile sites like OpenCloud Antivirus's fake storefront. Due to the proxy server-based method that OpenCloud Antivirus hijacks use, you may see the following error when you're blocked from a website:
"Proxy server is refusing connections"
- Blocked security programs on your PC. OpenCloud Antivirus will attempt to prevent you from using anti-virus and other forms of anti-malware programs, and may also attempt to block Windows utilities like the Task Manager.
In both cases, the simplest route to circumvent these OpenCloud Antivirus blockades is to use Safe Mode or boot Windows from a USB drive. This will let you access the operating system without triggering OpenCloud Antivirus, which can then be deleted (including its fake system components, such as csrss.exe, and its hidden Temp directory files) with ease.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%AppData%\OpenCloud Antivirus\kdsyxx.exe
File name: kdsyxx.exeSize: 183.29 KB (183296 bytes)
MD5: e91ce745c8854e2c9d2d1122cfa4a1b6
Detection count: 73
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\OpenCloud Antivirus
Group: Malware file
Last Updated: August 29, 2011
%AppData%\OpenCloud Antivirus\jfurhdsuw.exe
File name: jfurhdsuw.exeSize: 187.39 KB (187392 bytes)
MD5: 83bb95152a706e21a3efcdee52156ef3
Detection count: 72
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\OpenCloud Antivirus
Group: Malware file
Last Updated: August 29, 2011
%AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe
File name: OpenCloud Antivirus.exeSize: 2.44 MB (2440704 bytes)
MD5: 0166c7130d733b5c4700634cdf9f57cf
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\OpenCloud Antivirus
Group: Malware file
Last Updated: August 29, 2011
%AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe
File name: OpenCloud Antivirus.exeSize: 2.44 MB (2442752 bytes)
MD5: 3882f4b5cee043bda4fbee7313b9539c
Detection count: 67
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\OpenCloud Antivirus
Group: Malware file
Last Updated: August 29, 2011
%AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe
File name: OpenCloud Antivirus.exeSize: 2.42 MB (2420224 bytes)
MD5: 028589c3bd57d4ba452360d5432b2c50
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Path: %AppData%\OpenCloud Antivirus
Group: Malware file
Last Updated: August 17, 2022
%AppData%\OpenCloud Antivirus\
File name: %AppData%\OpenCloud Antivirus\Group: Malware file
%AppData%\OpenCloud Antivirus\ms.conf
File name: %AppData%\OpenCloud Antivirus\ms.confMime Type: unknown/conf
Group: Malware file
%AppData%\OpenCloud Antivirus\csrss.exe
File name: %AppData%\OpenCloud Antivirus\csrss.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
%StartMenu%\OpenCloud Antivirus
File name: %StartMenu%\OpenCloud AntivirusGroup: Malware file
%StartMenu%\OpenCloud Antivirus\OpenCloud Antivirus.lnk
File name: %StartMenu%\OpenCloud Antivirus\OpenCloud Antivirus.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%UserProfile%\Desktop\OpenCloud Antivirus.lnk
File name: %UserProfile%\Desktop\OpenCloud Antivirus.lnkFile type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%StartupFolder%\csrss.exe
File name: %StartupFolder%\csrss.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %'
Additional Information
# | Message |
---|---|
1 | Security Warning Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer. Click here to clean your PC immediately. |
2 | Security Warning There are critical system files on your computer that were modified by malicious software. It may cause permanent data loss. Click here to remove malicious software. |
3 | Security Warning Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection. |
4 | Warning! Infection found Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED. |
5 | Warning! Infection found Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer. Keylogger Zeus was detected and put in quarantine. Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails. |
6 | Warning! The file "taskmgr.exe" is infected. Running of application is impossible. Please activate your antivirus software. |
7 | Warning: Infection is Detected Windows has found spyware infection on your computer! Click here to update your Windows antivirus software |
8 | Windows Security Alert To help protect your computer, Windows Firewall has blocked some features of this program. Do you want to keep blocking this program? Name: Zeus Trojan Publisher: Unauthorized |
9 | Windows Security Center Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC? |
10 | svchost.exe svchost.exe was replaced with unauthorized program. It has encountered a problem and needs to close. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us. We will treat this report as confidential and anonymous. |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.