OpenCloud Antivirus - How to remove?

 

What is OpenCloud Antivirus?

OpenCloud Antivirus is a new name for fake antivirus programs from the same family as Wolfram Antivirus. This family of rogues (sometimes called WinAVPro) is installed by trojans and creates one file with the same name as system file (csrss.exe), with a link from startup folder so this file would be executed once system starts. Note, that OpenCloud AV name is similar to legitimate program from Panda.

Upon each reboot OpenCloud Antivirus will execute itself and will try to convince you into running a system scan. This scan will produce fake results with various infections found in harmless or non-existing files. It will exaggerate the danger of “found” threats and will try to convince you into paying for full version. However, this is a scam and should not be trusted. You should remove Open Clould AV instead.

If you do not scan your PC, your work will be disturbed by various alerts. For example, It will show that your PC is infected with Zeus Trojan:

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Zeus Trojan

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

As one can see, OpenCloud Antivirus can not decide if Zeus is trojan or keylogger. There is no systematic approach to whole its “database”, which consists of false infection names and scary messages.

You can also get an Open Cloud Antivirus alert that you have sent an offensive email to someone. This might scare office workers more than alerts about some sort of infection. However, all these messages are false and should not be trusted.
OpenCloud Antivirus might block execution of some of the programs, thus its removal might get a bit tricky. One could try using the registration key that worked with older parasites of this family : DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B . It should ease the cleaning of this fake antivirus.

Instructions on how to get rid of OpenCloud Antivirus

1. Execute OpenCloud Antivirus, go to activation key, enter the DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B . This should disable majority of popups. Close its window.
2. Disable proxy server in your browser.
3. Download Process explorer (backup location here : http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe . Rename it to com instead of exe and let it run. Make sure you see the paths to executables.
4. Now stop processes that are named csrss.exe except the one from C:\Windows…. or one of its subfolders. Note down their paths.
5. Once you stop the right process, OpenClould Antivirus window will close and the icon will disappear from the taskbar (once you hover over it). Remove OpenCloud Antivirus files and link found.
6. Download and scan your PC with reputable Anti-Malware program like spyhunter, Malwarebytes Anti-Malware, Hitman Pro for deleting OpenCloud Antivirus leftovers and related trojans. Full versions of these programs or decent internet security suite would have protected from this and similar infections .

 

Automatic OpenCloud Antivirus removal tools

 
  Download Spyhunter for OpenCloud Antivirus detectionNote: Spyhunter trial provides detection of parasite like OpenCloud Antivirus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
 

Manual OpenCloud Antivirus removal

 

Important Note: Although it is possible to manually remove OpenCloud Antivirus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other tools found on 2-viruses.com.

Processes:
Files:
Registers:

It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other OpenCloud Antivirus infected files and get help in OpenCloud Antivirus removal by using Spyhunter scanner. 

 
 
 
 
 
 
 
 
 
 
 
 

4 thoughts on “OpenCloud Antivirus

  1. Pingback: OpenCloud Security - how to remove

  2. Adrian Johnson
     

    this activation code is not working. PLEASE HELP!!

     
  3. Jon Upton
     

    I am writing this from work and the email above is my work address since I cannot use my home pc. . This morning I had an alleged “Cloud” antivirus program show up on my desktop at home- info above- that gave multiple messages about infection and a page called “Cloud Antivirus” that allegedly scanned and found multiple gross messages about emails, exe, dll files that were infected, including my AVG program. AVG nor Microsoft security on my pc could be activated for a scan and fix, and amazingly AVG icon had changed to “Cloud”. The choices given were to proceed un-protected or buy the Cloud software for $59.95, plus other $9/95 charges. On clicking “unprotected” I still could not get rid of the message nor access any programs, including internet access. I shut the pc down and now I have all of my info on a pc I cannot access. Any help would be appreciated. Thanks- Jon

     
    1. admin
       
       
      Post author

      Jon: Look at this guide, in most cases it will apply: http://www.youtube.com/watch?v=-897R1DeMrE

       

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>