OpenCloud Security

Threat Scorecard

Threat Level: 100 % (High)
Infected Computers: 21
First Seen: September 5, 2011
Last Seen: August 17, 2022
OS(es) Affected: Windows

OpenCloud Security Image

OpenCloud Security is a fake anti-virus program and part of a scam designed to prey on inexperienced computer users. ESG PC security researchers consider OpenCloud Security a serious threat to a computer system. Even if a computer user does not fall for the OpenCloud Security scam, this rogue security program can still have serious effects on a computer system's normal operation. It is because of this that our ESG PC security researchers recommend the immediate removal of OpenCloud Security with a real anti-virus program.

OpenCloud Security has several clones, including Security Guard, Sysinternals Antivirus, Wireshark Antivirus, Milestone Antivirus, BlueFlare Antivirus, WolfRam AntiVirus, OpenCloud Antivirus, Data Restore, OpenCloud AV, Security Guard 2012, AV Guard Online, Guard Online, Cloud Protection, AV Protection Online, System Protection 2012, AV Security 2012, Sphere Security 2012, AV Protection 2011, Super AV 2013.

Understanding the OpenCloud Security Scam

OpenCloud Security and similar programs from its family, the FakeScanti family, are parts of a well-known cyber-scam. These kinds of programs are known as fake AV, or rogue anti-virus programs. This scam is designed to take advantage of many computer users' inexperience and lack of computer knowledge. Usually, a rogue anti-virus program is a collection of malicious scripts disguised as a genuine-looking security application. Rogue anti-virus programs use fake error messages and other tactics to scare a computer user into thinking that the computer has a large number of problems on it. Then, the rogue anti-virus program will offer to fix these problems – all of them imaginary – if the victim pays for a "license" or a "full version" of the rogue in question. OpenCloud Security has absolutely no way of detecting or removing viruses or other security issues; it is in itself a malware infection.

Our researchers have identified that when victims of Opencloud Security purchase a full version of the Opencloud Security application, they are asked to pay $52.95 but are actually charged a greater amount of $72.85. In addition, before Opencloud Security is purchased it claims to have detected several infections. After Opencloud Security is purchased, it somehow magically returns a clean system scan report claiming that your system no longer has the previously detected threats on it.

The Opencloud Security conformation email reads:

Dear customer,

You have made a purchase at
OpenCloud Security
Upgrade to Lifetime License

Add OpenCloud Security Firewall Lifetime License

Amount: 72.85 USD.

How OpenCloud Security Can Darken Your Whole Day

Even if a computer user knows enough about computers to understand that he is being scammed, OpenCloud Security can directly attack the infected computer, making many normal operations difficult or even impossible. OpenCloud Security can make a computer system run slowly, crash frequently, or often become stuck. OpenCloud Security can also cause a computer system to behave erratically, display a large number of fake error messages, and block access to the Internet or to executable applications. A computer system infected with OpenCloud Security is also at risk for other malware infections. Rogue anti-virus programs like OpenCloud Security are usually distributed with the help of Trojans. Trojans related to OpenCloud Security include the Vundo Trojan and the Zlob Trojan. Both of these are designed to download and install malicious files from a remote server. Because of this, an OpenCloud Security infection will usually not appear alone but will be accompanied by a large number of other malware threats.ScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshotScreenshot

SpyHunter Detects & Remove OpenCloud Security

OpenCloud Security Video

Tip: Turn your sound ON and watch the video in Full Screen mode.

File System Details

OpenCloud Security may create the following file(s):
# File Name MD5 Detections
1. sysl32.dll fda0983391724784e45353772be1204e 1
2. csrss.exe 098c20848f78a7bdb2fa3dbf108843f6 1
3. %Temp%\csrss.exe
4. %Programs%\Startup\csrss.exe
5. %AppData%\OpenCloud Security\OpenCloud Security.exe
6. %AppData%\OpenCloud Antivirus\csrss.exe
7. %AppData%\OpenCloud Security\OpenCloud Security.ico
8. %UserProfile%\Desktop\OpenCloud Security.lnk
9. %AppData%\OpenCloud Security\wf.conf
10. %StartMenu%\Programs\OpenCloud Security\OpenCloud Security.lnk
11. %AppData%\OpenCloud Security\
12. %StartMenu%\Programs\OpenCloud Security\
13. OpenCloud Security.exe 1b1c56906dce2acb6f92cdcf6ab88163 0
14. OpenCloud Security.exe ec854e406349443f65b0828f9a1032f1 0
15. OpenCloud Security.exe 2afd293981292ad6431a5ca3ee4338e1 0

Registry Details

OpenCloud Security may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19090308-636D-4e9b-A1CE-A647B6F794BF}
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=


OpenCloud Security may create the following directory or directories:

%AppData%\OpenCloud Security


The following messages associated with OpenCloud Security were found:

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.
Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.
Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.
The file "taskmgr.exe" is infected. Running of application is impossible.
Please activate your antivirus software.
Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized
Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.


Most Viewed