OpenCloud Antivirus

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 5
First Seen: August 27, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

OpenCloud Antivirus Image

ESG PC security researchers have identified OpenCloud Antivirus as a rogue anti-virus application from the FakeScanti family. This means that OpenCloud Antivirus is a fake anti-virus tool that is designed to steal your money and credit card details. The OpenCloud Antivirus interface attempts to resemble popular anti-virus software. This fake anti-virus program displays a continuous stream of fake security alerts and virus warnings in an attempt to convince its victim to pay for fixing these nonexistent issues. OpenCloud Antivirus is also associated with browser redirecting and blocked access to your legitimate anti-virus programs. ESG PC security researchers recommend automatically removing the OpenCloud Antivirus rogue security program with a legitimate anti-virus program.

This severe threat is actually a clone of known rogue security programs like Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Security, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

The Deluge of Problems Associated with OpenCloud Antivirus

Rogue security programs like OpenCloud Antivirus operate by warning computer users of fake infections on their computer. These error messages can take various forms, such as pop-up notifications from the Task Bar or security alerts similar to those displayed by native Windows Security applications. These fake error messages, along with a misleading scan of your computer are all part of a scam designed to convince you to pay for a useless "full version" of OpenCloud Antivirus. Some of the fake infections that OpenCloud Antivirus detects include Trojan.VBS.Qhost, Trojan-Downloader.JS.Agent and Trojan-Downloader.JS.Romora. While these are real malware infections, there is a very low chance of these Trojans actually being present on your computer. OpenCloud Antivirus can also cause your computer system to run slowly, crash frequently and behave erratically. Other problems associated with OpenCloud Antivirus include Internet browser redirection, blocked executable files and changes to your system settings. All of these symptoms are characteristic of a large category of malware programs known as rogue security programs, or fake security applications.

Dealing with OpenCloud Antivirus

A good way of stopping the most annoying features of OpenCloud Antivirus consists in entering the registration code DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B. This code will not remove OpenCloud Antivirus, but it will stop some of OpenCloud Antivirus' most annoying effects. ESG security researchers have found that this code works to stop most of OpenCloud Antivirus's clones, including Milestone Antivirus, AKM Antivirus 2010 Pro and Sysinternals Antivirus. It is important to understand that, after using this code, it is still necessary to start up your computer in Safe Mode and use a real anti-virus program to detect and remove an OpenCloud Antivirus infection.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove OpenCloud Antivirus

OpenCloud Antivirus Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

OpenCloud Antivirus may create the following file(s):
# File Name MD5 Detections
1. OpenCloud Antivirus.exe 028589c3bd57d4ba452360d5432b2c50 1
2. %StartupFolder%\csrss.exe
3. %AppData%\OpenCloud Antivirus\csrss.exe
4. %StartMenu%\OpenCloud Antivirus
5. %AppData%\OpenCloud Antivirus\ms.conf
6. %UserProfile%\Desktop\OpenCloud Antivirus.lnk
7. %AppData%\OpenCloud Antivirus\
8. %StartMenu%\OpenCloud Antivirus\OpenCloud Antivirus.lnk
9. OpenCloud Antivirus.exe 3882f4b5cee043bda4fbee7313b9539c 0
10. OpenCloud Antivirus.exe 0166c7130d733b5c4700634cdf9f57cf 0
11. jfurhdsuw.exe 83bb95152a706e21a3efcdee52156ef3 0
12. kdsyxx.exe e91ce745c8854e2c9d2d1122cfa4a1b6 0

Registry Details

OpenCloud Antivirus may create the following registry entry or registry entries:
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %'


OpenCloud Antivirus may create the following directory or directories:

%AppData%\OpenCloud Antivirus


The following messages associated with OpenCloud Antivirus were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
The file "taskmgr.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Related Posts


Most Viewed