How to remove OpenCloud Antivirus?
What is OpenCloud Antivirus?
OpenCloud Antivirus is a new name for fake antivirus programs from the same family as Wolfram Antivirus. This family of rogues (sometimes called WinAVPro) is installed by trojans and creates one file with the same name as system file (csrss.exe), with a link from startup folder so this file would be executed once system starts. Note, that OpenCloud AV name is similar to legitimate program from Panda.
Upon each reboot OpenCloud Antivirus will execute itself and will try to convince you into running a system scan. This scan will produce fake results with various infections found in harmless or non-existing files. It will exaggerate the danger of “found” threats and will try to convince you into paying for full version. However, this is a scam and should not be trusted. You should remove Open Clould AV instead.
If you do not scan your PC, your work will be disturbed by various alerts. For example, It will show that your PC is infected with Zeus Trojan:
Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Zeus Trojan
Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.
Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software
Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software
As one can see, OpenCloud Antivirus can not decide if Zeus is trojan or keylogger. There is no systematic approach to whole its “database”, which consists of false infection names and scary messages.
You can also get an Open Cloud Antivirus alert that you have sent an offensive email to someone. This might scare office workers more than alerts about some sort of infection. However, all these messages are false and should not be trusted.
OpenCloud Antivirus might block execution of some of the programs, thus its removal might get a bit tricky. One could try using the registration key that worked with older parasites of this family : DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B . It should ease the cleaning of this fake antivirus.
Instructions on how to get rid of OpenCloud Antivirus
1. Execute OpenCloud Antivirus, go to activation key, enter the DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B . This should disable majority of popups. Close its window.
2. Disable proxy server in your browser.
3. Download Process explorer (backup location here : http://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe . Rename it to com instead of exe and let it run. Make sure you see the paths to executables.
4. Now stop processes that are named csrss.exe except the one from C:\Windows…. or one of its subfolders. Note down their paths.
5. Once you stop the right process, OpenClould Antivirus window will close and the icon will disappear from the taskbar (once you hover over it). Remove OpenCloud Antivirus files and link found.
6. Download and scan your PC with reputable Anti-Malware program like Spyhunter, Malwarebytes Anti-Malware, Hitman Pro for deleting OpenCloud Antivirus leftovers and related trojans. Full versions of these programs or decent internet security suite would have protected from this and similar infections .
OpenCloud Antivirus is Extremely dangerous
OpenCloud Antivirus is a corrupt Anti-Spyware program OpenCloud Antivirus may spread via Trojans OpenCloud Antivirus may display fake security messages OpenCloud Antivirus may install additional spyware to your computer OpenCloud Antivirus may repair its files, spread or update by itself OpenCloud Antivirus violates your privacy and compromises your security
for OpenCloud Antivirus detection
Note: Spyhunter trial provides detection of parasite like OpenCloud Antivirus and assists in its removal for free. You can remove detected files, processes and registry entries yourself or purchase a full version.
Manual OpenCloud Antivirus removal
Important Note: Although it is possible to manually remove OpenCloud Antivirus, such activity can permanently damage your system if any mistakes are made in the process, as advanced spyware parasites are able to automatically repair themselves if not completely removed. Thus, manual spyware removal is recommended for experienced users only, such as IT specialists or highly qualified system administrators. For other users, we recommend using Spyhunter or other malware and spyware removal applications found on 2-viruses.com.
Stop these OpenCloud Antivirus processes:
Disable these OpenCloud Antivirus DLL files::
Remove these OpenCloud Antivirus Registry Entries:
Remove these OpenCloud Antivirus files:
It is impossible to list all file names and locations of modern parasites. You can identify remaining parasites, other OpenCloud Antivirus infected files and get help in OpenCloud Antivirus removal by using free Spyhunter scanner. It comes with free real-time protection module that helps preventing OpenCloud Antivirus and similar threats.
OpenCloud Antivirus is classified as Rogue Anti-Spyware. After infecting a user’s system, it proceeds to scare its victim into buying the “product” by displaying fake security messages, stating that your computer is infected with spyware and only OpenCloud Antivirus can help you to remove it after you download the trial version. As soon as the victim downloads OpenCloud Antivirus trial version, it pretends to scan your computer and shows a grossly exaggerated amount of non-existent errors. Then, OpenCloud Antivirus offers to buy the full version to fix these false errors. If the user agrees, OpenCloud Antivirus does not only fix the errors, but it also takes the user’s money and may even install additional spyware into the victim’s computer.
Some Rogue Anti-Spyware, such as OpenCloud Antivirus, may offer users to buy it after the victim clicks on a banner or a pop-up while surfing the internet. Usually, a Trojan is installed to a victim’s computer after clicking on the advertisement. It then proceeds to download or even install OpenCloud Antivirus, which is another way for Rogue Anti-Spyware to spread itself.
Most of rogue Anti-Spyware, such as OpenCloud Antivirus, is nearly impossible to remove manually.
this activation code is not working. PLEASE HELP!!
I am writing this from work and the email above is my work address since I cannot use my home pc. . This morning I had an alleged “Cloud” antivirus program show up on my desktop at home- info above- that gave multiple messages about infection and a page called “Cloud Antivirus” that allegedly scanned and found multiple gross messages about emails, exe, dll files that were infected, including my AVG program. AVG nor Microsoft security on my pc could be activated for a scan and fix, and amazingly AVG icon had changed to “Cloud”. The choices given were to proceed un-protected or buy the Cloud software for $59.95, plus other $9/95 charges. On clicking “unprotected” I still could not get rid of the message nor access any programs, including internet access. I shut the pc down and now I have all of my info on a pc I cannot access. Any help would be appreciated. Thanks- Jon
Jon: Look at this guide, in most cases it will apply: http://www.youtube.com/watch?v=-897R1DeMrE