OpenCloud Antivirus

OpenCloud Antivirus Description

ScreenshotESG PC security researchers have identified OpenCloud Antivirus as a rogue anti-virus application from the FakeScanti family. This means that OpenCloud Antivirus is a fake anti-virus tool that is designed to steal your money and credit card details. The OpenCloud Antivirus interface attempts to resemble popular anti-virus software. This fake anti-virus program displays a continuous stream of fake security alerts and virus warnings in an attempt to convince its victim to pay for fixing these nonexistent issues. OpenCloud Antivirus is also associated with browser redirecting and blocked access to your legitimate anti-virus programs. ESG PC security researchers recommend automatically removing the OpenCloud Antivirus rogue security program with a legitimate anti-virus program.

This severe threat is actually a clone of known rogue security programs like Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

The Deluge of Problems Associated with OpenCloud Antivirus

Rogue security programs like OpenCloud Antivirus operate by warning computer users of fake infections on their computer. These error messages can take various forms, such as pop-up notifications from the Task Bar or security alerts similar to those displayed by native Windows Security applications. These fake error messages, along with a misleading scan of your computer are all part of a scam designed to convince you to pay for a useless "full version" of OpenCloud Antivirus. Some of the fake infections that OpenCloud Antivirus detects include Trojan.VBS.Qhost, Trojan-Downloader.JS.Agent and Trojan-Downloader.JS.Romora. While these are real malware infections, there is a very low chance of these Trojans actually being present on your computer. OpenCloud Antivirus can also cause your computer system to run slowly, crash frequently and behave erratically. Other problems associated with OpenCloud Antivirus include Internet browser redirection, blocked executable files and changes to your system settings. All of these symptoms are characteristic of a large category of malware programs known as rogue security programs, or fake security applications.

Dealing with OpenCloud Antivirus

A good way of stopping the most annoying features of OpenCloud Antivirus consists in entering the registration code DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B. This code will not remove OpenCloud Antivirus, but it will stop some of OpenCloud Antivirus' most annoying effects. ESG security researchers have found that this code works to stop most of OpenCloud Antivirus's clones, including Milestone Antivirus, AKM Antivirus 2010 Pro and Sysinternals Antivirus. It is important to understand that, after using this code, it is still necessary to start up your computer in Safe Mode and use a real anti-virus program to detect and remove an OpenCloud Antivirus infection.

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how OpenCloud Antivirus infects a computer.

OpenCloud Antivirus Video

OpenCloud Antivirus Image 1 OpenCloud Antivirus Image 2 OpenCloud Antivirus Image 3 OpenCloud Antivirus Image 4 OpenCloud Antivirus Image 5 OpenCloud Antivirus Image 6 OpenCloud Antivirus Image 7 OpenCloud Antivirus Image 8

File System Details

OpenCloud Antivirus creates the following file(s):
# File Name Size MD5
1 %StartupFolder%\csrss.exe
2 %AppData%\OpenCloud Antivirus\csrss.exe
3 %StartMenu%\OpenCloud Antivirus
4 %AppData%\OpenCloud Antivirus\ms.conf
5 %UserProfile%\Desktop\OpenCloud Antivirus.lnk
6 %AppData%\OpenCloud Antivirus\
7 %StartMenu%\OpenCloud Antivirus\OpenCloud Antivirus.lnk
8 %AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe 2,420,224 028589c3bd57d4ba452360d5432b2c50
9 %AppData%\OpenCloud Antivirus\jfurhdsuw.exe 187,392 83bb95152a706e21a3efcdee52156ef3
10 %AppData%\OpenCloud Antivirus\kdsyxx.exe 183,296 e91ce745c8854e2c9d2d1122cfa4a1b6
More files

Registry Details

OpenCloud Antivirus creates the following registry entry or registry entries:
Directory
%AppData%\OpenCloud Antivirus
RegistryKey
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %'
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList

More Details on OpenCloud Antivirus

The following messages associated with OpenCloud Antivirus were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Warning!
The file "taskmgr.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Related Posts

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.