OpenCloud AV

Threat Scorecard

Ranking: 9,129
Threat Level: 80 % (High)
Infected Computers: 524
First Seen: October 3, 2011
Last Seen: August 22, 2023
OS(es) Affected: Windows

OpenCloud AV is one of the many fake security programs that are associated with the FakeScanti Trojan. Rogue security applications associated with this Trojan are fairly typical in the way they attack a computer system. Like most rogue security programs, OpenCloud AV is designed to display fake alerts indicating a nonexistent infection. Then OpenCloud AV will offer to remove this fictitious infection in exchange for a certain amount of money. OpenCloud AV has the ability to change your system's settings, alter the Windows Registry, and block certain programs from running. While OpenCloud AV does all this, OpenCloud AV pretends to be a legitimate anti-malware application. ESG PC security researchers advise to avoid purchasing OpenCloud AV or any of the other security programs associated with the FakeScanti Trojan. OpenCloud AV can be removed with a real anti-malware application.

Other fake security programs associated with this Trojan include Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.
 

Problems and Symptoms Associated with OpenCloud AV

The presence of OpenCloud AV on your computer system will usually result in a number of very noticeable symptoms. However, these symptoms indicate that your computer has already become infected. The installation process of OpenCloud AV and similar malware will usually exhibit very minor symptoms. Some problems associated with the OpenCloud AV include the following:

  • OpenCloud AV can change your desktop image into a large error message, which cannot be removed or changed. This lengthy error message will typically start with the sentence: "DANGER!!! Your computer is INFECTED! Attention!!!" and then continue by telling the user that his/her data is in danger of being deleted or stolen. This characteristic is typical of newer versions of the FakeScanti Trojan, and some version of OpenCloud AV may not display this behavior.
  • OpenCloud AV will also display many pop-up error messages, both in the form of system alerts and in the form of pop-up notifications from the Task Bar (similar to those displayed by most official Windows security programs).
  • OpenCloud AV has also been known to block executable files (that is, files with the .exe extension). OpenCloud AV can selectively block these, usually only allowing OpenCloud AV's own malicious files and essential Windows file processes to function. Legitimate security programs and Internet browsers are on the top of OpenCloud AV's list of applications to block.

File System Details

OpenCloud AV may create the following file(s):
# File Name Detections
1. %StartupFolder%\csrss.exe
2. %AppData%\OpenCloud AV\csrss.exe
3. %StartMenu%\OpenCloud AV
4. %AppData%\OpenCloud AV\ms.conf
5. %UserProfile%\Desktop\OpenCloud AV.lnk
6. %AppData%\OpenCloud AV\
7. %StartMenu%\OpenCloud AV\OpenCloud AV.lnk

Registry Details

OpenCloud AV may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %*'
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList

Messages

The following messages associated with OpenCloud AV were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [fake email address] was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Trending

Most Viewed

Loading...