Cloud AV 2012

Cloud AV 2012 Description

ScreenshotCloud AV 2012 is part of a very large family of malware, the FakeScanti family, comprised of a variety of fake anti-virus applications. There are dozens of versions of Cloud AV 2012, dating back to the year 2009. In fact, Cloud AV 2012 may date from before that since it is a direct successor of rogue security applications that were active in 2006. ESG PC security researchers warn against using the rogue anti-virus program Cloud AV 2012; this fake security program has absolutely no real capabilities. Beyond its flashy interface, there are little more than a collection malicious scripts and various Trojans. Cloud AV 2012 is part of a well-known online scam designed to prey on inexperienced computer users by selling them fake security applications. The main danger that lies in a Cloud AV 2012 infection is in this rogue's harmful associations. Most Cloud AV 2012 infections will be associated with a dangerous rootkit or bootkit infection. Depending on the associated rootkit, its removal may be quite difficult and require a specialized tool or the intervention of a computer security professional.

Among the many clones of Cloud AV 2012 are included such fake security programs as Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

How Cloud AV 2012 Affects Its Victims' Computer System

Like most rogue security applications, Cloud AV 2012 is designed to cause the victim to panic by giving the illusion that a severe malware infection is present on the infected computer system. While this is technically true, the malware infection in question is Cloud AV 2012 itself. Cloud AV 2012 will try to convince its victims to purchase a useless “license” through the use of a credit card at Cloud AV 2012's website. To do this, Cloud AV 2012 will display a constant torrent of alarming error messages and fake security alerts. Cloud AV 2012 will also have a number of detrimental effects on an infected computer system, such as making the infected computer run slowly, crash frequently, or have its settings changed. Cloud AV 2012 may use Trojans to block access to the Internet, disable known security applications, and change your files settings so that they will be hidden from view. An inexperienced computer user, who's faced with all of these problems at once, may be predisposed to believing Cloud AV 2012's lies. Do not become a victim! Remove Cloud AV 2012 at once.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how Cloud AV 2012 infects a computer.

Cloud AV 2012 Video

File System Details

Cloud AV 2012 creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\Microsoft\8AF2\66C.exe 286,208 535b08b0737a0524b133be6401338383 12
2 %APPDATA%\LycA1uvD2b4m5Q6\Cloud AV 2012v121.exe 2,799,616 b199c92af7b4a1f1427f7ebff90e0615 3
3 %APPDATA%\AED99\502F9.exe 172,544 a206e763d2bbed0eee677180c0ebe359 2
4 %APPDATA%\13DB7\lvvm.exe 188,416 430ab1341e367ee43e2c57e9accd7be2 2
5 %Local_AppData%\dwme.exe N/A
6 %Windows%\system32\[RANDOM CHARACTERS].exe N/A
7 %TempDir%\dwme.exe N/A
8 %SystemDir%\Cloud AV 2012v121.exe N/A
9 %SYSTEM%\Cloud AV 2012v121.exe N/A
10 %PROGAM_FILES%\24245\lvvm.exe N/A
11 %AppData%\FCE03\0FD4B.exe N/A
12 %ProgramFiles%\03F0D\lvvm.exe N/A
13 %AppData%\dwme.exe N/A
14 %PROGAM_FILES%\LP\BAD6\C29.exe N/A
15 %Documents and Settings%\[USERNAME]\Application Data\svhostu.exe N/A
16 %ProgramFiles%\LP\4B7F\027.exe N/A
17 %AppData%\ldr.ini N/A
18 %Documents and Settings%\[USERNAME]\Application Data\[RANDOM CHARACTERS]\ N/A
19 %AppData%\FCE03\3F0D.CE0 N/A
20 %ProgramFiles%\LP\4B7F\2.tmp N/A
21 %Programs%\Cloud AV 2012\Cloud AV 2012.lnk N/A
22 %DesktopDir%\Cloud AV 2012.lnk N/A
23 %Documents and Settings%\[USERNAME]\Local Settings\Temp\[random].tmp N/A
24 %Documents and Settings%\[USERNAME]\Desktop\Cloud AV 2012.lnk N/A
25 %TempDir%\1.tmp N/A
26 %ProgramFiles%\LP\4B7F\4.tmp N/A
27 %Temp%\8.tmp N/A
28 %AppData%\[RANDOM CHARACTERS]\Cloud AV 2012.ico N/A
29 %Documents and Settings%\[USERNAME]\Start Menu\Programs\Cloud AV 2012\ N/A
30 %AppData%\LUUJ1wscH0aTNzF\Cloud AV 2012.ico N/A
31 %ProgramFiles%\LP\4B7F\3.tmp N/A
32 %Desktop%\Cloud AV 2012.lnk N/A
More files

Registry Details

Cloud AV 2012 creates the following registry entry or registry entries:
Regexp file mask
%AppData%\iexplore.exe
%AppData%\svhostu.exe
RegistryKey
HKEY_LOCAL_MACHINE\software\microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"
HKEY_CURRENT_USER\Software\Cloud AV 2012
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

One Comment

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.


HTML is not allowed.