10-03-2011 11:56 AM - edited 10-03-2011 11:58 AM
I have this open cloud virus and run norton 360. It will not detect or remove the virus. I pretty computer savvy so I joined this forum looking for help.
I have linked one of the sites I found with information about open cloud virus.
After researching I learned that symantec owns spyware doctor which is the most popular program I have found mentioned on most of the sites to remove this infection.
Someone please help me!!
10-03-2011 12:26 PM
It's a FakeAV (Rogue) http://www.bleepingcomputer.com/virus-removal/remo
Or you can find the file OpenCloud Security.exe and rename it to say bad.exe and restart the PC, now the registry can't find the file due to the renaming so the FakeAV doesn'r load, allowing for easier cleanup.
10-03-2011 01:22 PM - edited 10-03-2011 01:28 PM
From your Start Menu, select "Search." Choose "All Files and Folders," then type (or Copy/Paste) "OpenCloud" in the box for "All or part of the file name:"
When you find it, you can right click it and rename it as Quads suggests. Then reboot your PC and apply the cleaner of your choice, by the sound of it. Malwarebytes has a free tool that plays well with Norton; Norton Power Eraser is also available here, but should only be used if something like malwarebytes doesn't do the trick (which, if I'm reading Quads' post correctly, seems unnlikely--especially once you've renamed the .exe)...because Power Eraser scans very aggressively, and is more likely to mark files for removal that you'd actually want to keep.
10-03-2011 05:07 PM
This FakeAV when running blocks .exe, .com and .pif file types (of the ones I tried) that includes files / programs that are not security related and YES it blocks NPE (Norton Power Eraser).
I will state locations etc, where I can.
Restart the PC and select Safe Mode (Minimal) via the Advanced Menu during the restart, usually F8.
Log in to the same account that you would have done in Normal Mode and have Safe Mode go though and load all the way to the Desktop.
Now to change the setting in Windows to Show Hidden Files and folders
Close all programs so that you are at your desktop.
Now for the FakeAV main .exe (OpenCloud Security.exe) as we can now see hidden folders. The file is located in these locations:-
C:\Documents and Settings\[username]\Application Data\Open Cloud Antivirus\OpenCloud Security.exe
example, C:\Documents and Settings\John\Application Data\Open Cloud Antivirus\OpenCloud Security.exe"
Vista / Windows 7
C:\Users\[username]\AppData\Roaming\Open Cloud Antivirus\OpenCloud Security.exe
example, C:\Users\John\AppData\Roaming\Open Cloud Antivirus\OpenCloud Security.exe
Now Rename the file OpenCloud Security.exe to like bad.exe by right clicking the file and selecting Rename. Here is a screenshot below showing the file in the folder. The resolution etc. shown in the screenshot is because I am in Safe Mode.
After Renaming the file to say bad.exe you can now Restart the PC back into Normal Mode and the FakeAV doesn't load. Programs like Malwarebyes and Superantispyware can now be installed, updated defintions and run a Full scan to clean the infection up.
c:\documents and settings\John\application data\open cloud antivirus (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\start menu\Programs\open cloud antivirus (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\application data\open cloud antivirus\wf.conf (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\application data\open cloud antivirus\bad.exe (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\application data\open cloud antivirus\open cloud antivirus.ico (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\application data\open cloud antivirus\sysl32.dll (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\start menu\Programs\open cloud antivirus\open cloud antivirus.lnk (Rogue.OpenCloudAV) -> No action taken.
c:\documents and settings\John\Desktop\open cloud antivirus.lnk (Rogue.OpenCloudAV) -> No action taken.
Haven't done Superantispyware Free yet.
10-04-2011 12:44 AM
I had the Open Cloud AV as well. I'm not saying this will work for everyone, but I started up my computer in Safe Mode (F8 during boot up) and simply did a "system restore" to a point in time previous to acquiring that virus. It worked.
I hope this helps you.
10-04-2011 01:13 AM
System restore can damage a lot of other apps. It is best to follow Quads's instructions to the letter. You damaged the fake AV so that it is no longer active, but a system restore might not clear all the files.
10-04-2011 12:37 PM
Believe it or not but it took me longer to write out the above post (message) than it was for me to figure out how to disable the FakeAV.
With System Restore there are a few programs that have problems afterwards, I think Norton with the Virus Definitions are one.