Not what you were looking for? Ask our experts!
Reply
Visitor
Pc_chick
Posts: 4
Registered: ‎10-03-2011

open cloud security virus - please HELP!

[ Edited ]

I have this open cloud virus and run norton 360. It will not detect or remove the virus. I pretty computer savvy so I joined this forum looking for help. 

 

I have linked one of the sites I found with information about open cloud virus. 

 

After researching I learned that symantec owns spyware doctor which is the most popular program I have found mentioned on most of the sites to remove this infection. 

 

Someone please help me!!

 

 

-my 2 cents
SendOfJive
Posts: 10,757
Kudos: 4,796
Solutions: 777
Registered: ‎02-07-2009

Re: open cloud security virus - please HELP!

Hi Pc_chick,

 

How are you determining that you have Open Cloud?

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: open cloud security virus - please HELP!

It's a FakeAV (Rogue)  http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

 

Or you can find the file OpenCloud Security.exe and rename it to say bad.exe and restart the PC, now the registry can't find the file due to the renaming so the FakeAV doesn'r load, allowing for easier cleanup.

 

Quads

Visitor
Pc_chick
Posts: 4
Registered: ‎10-03-2011

Re: open cloud security virus - please HELP!

Where do I find the opencloud.exe?

 

-my 2 cents
DistEd2
Posts: 1,965
Kudos: 412
Solutions: 81
Registered: ‎08-11-2011

Re: open cloud security virus - please HELP!

[ Edited ]

From your Start Menu, select "Search." Choose "All Files and Folders," then type (or Copy/Paste) "OpenCloud" in the box for "All or part of the file name:"

 

When you find it, you can right click it and rename it as Quads suggests. Then reboot your PC and apply the cleaner of your choice, by the sound of it. Malwarebytes has a free tool that plays well with Norton; Norton Power Eraser is also available here, but should only be used if something like malwarebytes doesn't do the trick (which, if I'm reading Quads' post correctly, seems unnlikely--especially once you've renamed the .exe)...because Power Eraser scans very aggressively, and is more likely to mark files for removal that you'd actually want to keep.

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: open cloud security virus - please HELP!

I have found the FakeAV "Open Cloud Security" to infect my PC with soon.

 

Quads

Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: open cloud security virus - please HELP!

This FakeAV when running blocks .exe, .com and .pif file types (of the ones I tried) that includes files / programs that are not security related and YES it blocks NPE (Norton Power Eraser).

 

I will state locations etc, where I can.

 

Restart the PC and select Safe Mode (Minimal) via the Advanced Menu during the restart, usually F8.

 

Log in to the same account that you would have done in Normal Mode and have Safe Mode go though and load all the way to the Desktop.

 

Now to change the setting in Windows to Show Hidden Files and folders

 

XP

 

  1. Double-click on the My Computer icon.
  2. Select theToolsmenu and clickFolder Options.
  3. After the new window appears select theViewtab.
  4. Put a checkmark in the checkbox labeledDisplay the contents of system folders.
  5. Under theHidden files and folderssection select the radio button labeledShow hidden files and folders.
  6. Remove the checkmark from the checkbox labeledHide file extensions for known file types.
  7. Remove the checkmark from the checkbox labeledHide protected operating system files.
  8. Press theApply button and then theOKbutton and shutdown My Computer.
  9. Now your computer is configured to show all hidden files.

 

Vista

 

 

  1. Close all programs so that you are at your desktop.
  2. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
  3. Click on the Control Panel menu option.
  4. When the control panel opens you can either be in Classic View or Control Panel Home view: 

  5. If you are in the Classic View do the following:
    1. Double-click on the Folder Options icon.
    2. Click on the View tab.
    3. Go to step 5.

    If you are in the Control Panel Home view do the following:
    1. Click on the Appearance and Personalization link .
    2. Click on Show Hidden Files or Folders.
    3. Go to step 5.

  6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
  7. Remove the checkmark from the checkbox labeled Hide extensions for known file types.
  8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
  9. Press the Apply button and then the OK button.
  10. Now Windows Vista is configured to show all hidden files.

 

Windows 7

 

Close all programs so that you are at your desktop.

  1. Click on the Start button. This is the small round button with the Windows flag in the lower left corner.
  2. Click on theControl Panelmenu option.
  3. When the control panel opens click on theAppearance and Personalizationlink.
  4. Under the Folder Options category, click onShow Hidden Files or Folders.
  5. Under theHidden files and folderssection select the radio button labeledShow hidden files, folders, or drives.
  6. Remove the checkmark from the checkbox labeledHide extensions for known file types.
  7. Remove the checkmark from the checkbox labeledHide protected operating system files (Recommended).
  8. Press theApply button and then theOKbutton..
  9. Now Windows 7 is configured to show all hidden files.

 

Now for the FakeAV main .exe (OpenCloud Security.exe) as we can now see hidden folders. The file is located in these locations:-

 

XP

 

C:\Documents and Settings\[username]\Application Data\Open Cloud Antivirus\OpenCloud Security.exe

 

example, C:\Documents and Settings\John\Application Data\Open Cloud Antivirus\OpenCloud Security.exe"

 

Vista / Windows 7

 

C:\Users\[username]\AppData\Roaming\Open Cloud Antivirus\OpenCloud Security.exe

 

example,  C:\Users\John\AppData\Roaming\Open Cloud Antivirus\OpenCloud Security.exe

 

Now Rename the file OpenCloud Security.exe to like bad.exe by right clicking the file and selecting Rename.  Here is a screenshot below showing the file in the folder.  The resolution etc. shown in the screenshot is because I am in Safe Mode.

 

Open Cloud Sec.jpg

 

 

After Renaming the file to say bad.exe you can now Restart the PC back into Normal Mode and the FakeAV doesn't load.  Programs like Malwarebyes and Superantispyware can now be installed, updated defintions and run a Full scan to clean the infection up.

 

Malwarebytes detections

 

Folders Infected:

 

c:\documents and settings\John\application data\open cloud antivirus (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\start menu\Programs\open cloud antivirus (Rogue.OpenCloudAV) -> No action taken.

 

Files Infected:

 

c:\documents and settings\John\application data\open cloud antivirus\wf.conf (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\application data\open cloud antivirus\bad.exe (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\application data\open cloud antivirus\open cloud antivirus.ico (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\application data\open cloud antivirus\sysl32.dll (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\start menu\Programs\open cloud antivirus\open cloud antivirus.lnk (Rogue.OpenCloudAV) -> No action taken.

c:\documents and settings\John\Desktop\open cloud antivirus.lnk (Rogue.OpenCloudAV) -> No action taken.

 

Haven't done Superantispyware Free yet.

 

Quads

 

Newbie
BadBilly
Posts: 1
Registered: ‎10-04-2011

Re: open cloud security virus - please HELP!

I had the Open Cloud AV as well.  I'm not saying this will work for everyone, but I started up my computer in Safe Mode (F8 during boot up) and simply did a "system restore" to a point in time previous to acquiring that virus.  It worked.

 

I hope this helps you.

delphinium
Posts: 9,862
Kudos: 2,965
Solutions: 293
Registered: ‎11-21-2008

Re: open cloud security virus - please HELP!

System restore can damage a lot of other apps.  It is best to follow Quads's instructions to the letter.  You damaged the fake AV so that it is no longer active, but a system restore might not clear all the files.

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain
Bot Obliterator
Quads
Posts: 16,530
Registered: ‎07-21-2008

Re: open cloud security virus - please HELP!

Believe it or not but it took me longer to write out the above post (message) than it was for me to figure out how to disable the FakeAV.

 

With System Restore there are a few programs that have problems afterwards, I think Norton with the Virus Definitions are one.

 

Quads