OpenCloud Security

OpenCloud Security Description

ScreenshotOpenCloud Security is a fake anti-virus program and part of a scam designed to prey on inexperienced computer users. ESG PC security researchers consider OpenCloud Security a serious threat to a computer system. Even if a computer user does not fall for the OpenCloud Security scam, this rogue security program can still have serious effects on a computer system's normal operation. It is because of this that our ESG PC security researchers recommend the immediate removal of OpenCloud Security with a real anti-virus program.

OpenCloud Security has several clones, including Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

Understanding the OpenCloud Security Scam

OpenCloud Security and similar programs from its family, the FakeScanti family, are parts of a well-known cyber-scam. These kinds of programs are known as fake AV, or rogue anti-virus programs. This scam is designed to take advantage of many computer users' inexperience and lack of computer knowledge. Usually, a rogue anti-virus program is a collection of malicious scripts disguised as a genuine-looking security application. Rogue anti-virus programs use fake error messages and other tactics to scare a computer user into thinking that the computer has a large number of problems on it. Then, the rogue anti-virus program will offer to fix these problems – all of them imaginary – if the victim pays for a "license" or a "full version" of the rogue in question. OpenCloud Security has absolutely no way of detecting or removing viruses or other security issues; it is in itself a malware infection.

Our researchers have identified that when victims of Opencloud Security purchase a full version of the Opencloud Security application, they are asked to pay $52.95 but are actually charged a greater amount of $72.85. In addition, before Opencloud Security is purchased it claims to have detected several infections. After Opencloud Security is purchased, it somehow magically returns a clean system scan report claiming that your system no longer has the previously detected threats on it.

The Opencloud Security conformation email reads:

Dear customer,

You have made a purchase at
OpenCloud Security
Upgrade to Lifetime License

Add OpenCloud Security Firewall Lifetime License

Amount: 72.85 USD.

How OpenCloud Security Can Darken Your Whole Day

Even if a computer user knows enough about computers to understand that he is being scammed, OpenCloud Security can directly attack the infected computer, making many normal operations difficult or even impossible. OpenCloud Security can make a computer system run slowly, crash frequently, or often become stuck. OpenCloud Security can also cause a computer system to behave erratically, display a large number of fake error messages, and block access to the Internet or to executable applications. A computer system infected with OpenCloud Security is also at risk for other malware infections. Rogue anti-virus programs like OpenCloud Security are usually distributed with the help of Trojans. Trojans related to OpenCloud Security include the Vundo Trojan and the Zlob Trojan. Both of these are designed to download and install malicious files from a remote server. Because of this, an OpenCloud Security infection will usually not appear alone but will be accompanied by a large number of other malware threats.[tem

Technical Information

Screenshots & Other Imagery

Tip: Turn your sound ON and watch the video in Full Screen mode to fully experience how OpenCloud Security infects a computer.

OpenCloud Security Video

OpenCloud Security Image 1 OpenCloud Security Image 2 OpenCloud Security Image 3 OpenCloud Security Image 4 OpenCloud Security Image 5 OpenCloud Security Image 6 OpenCloud Security Image 7 OpenCloud Security Image 8

File System Details

OpenCloud Security creates the following file(s):
# File Name Size MD5 Detection Count
1 %APPDATA%\OpenCloud Security\sysl32.dll 679,936 fda0983391724784e45353772be1204e 1
2 %Temp%\csrss.exe N/A
3 %Programs%\Startup\csrss.exe N/A
4 %AppData%\OpenCloud Security\OpenCloud Security.exe N/A
5 %AppData%\OpenCloud Antivirus\csrss.exe N/A
6 %AppData%\OpenCloud Security\OpenCloud Security.ico N/A
7 %UserProfile%\Desktop\OpenCloud Security.lnk N/A
8 %AppData%\OpenCloud Security\wf.conf N/A
9 %StartMenu%\Programs\OpenCloud Security\OpenCloud Security.lnk N/A
10 %AppData%\OpenCloud Security\ N/A
11 %StartMenu%\Programs\OpenCloud Security\ N/A
12 %AppData%\OpenCloud Security\csrss.exe 188,416 098c20848f78a7bdb2fa3dbf108843f6 0
13 %AppData%\OpenCloud Security\OpenCloud Security.exe 2,419,200 1b1c56906dce2acb6f92cdcf6ab88163 0
More files

Registry Details

OpenCloud Security creates the following registry entry or registry entries:
Directory
%AppData%\OpenCloud Security
RegistryKey
HKEY_CLASSES_ROOT\CLSID\{19090308-636D-4e9b-A1CE-A647B6F794BF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636D-4e9b-A1CE-A647B6F794BF}
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59232

More Details on OpenCloud Security

The following messages associated with OpenCloud Security were found:
Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.
Warning!
The file "taskmgr.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Site Disclaimer

Enigmasoftware.com is not associated, affiliated, sponsored or owned by the malware creators or distributors mentioned on this article. This article should NOT be mistaken or confused in being associated in any way with the promotion or endorsement of malware. Our intent is to provide information that will educate computer users on how to detect, and ultimately remove, malware from their computer with the help of SpyHunter and/or manual removal instructions provided on this article.

This article is provided "as is" and to be used for educational information purposes only. By following any instructions on this article, you agree to be bound by the disclaimer. We make no guarantees that this article will help you completely remove the malware threats on your computer. Spyware changes regularly; therefore, it is difficult to fully clean an infected machine through manual means.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.