Over 1 million tech questions and answers.

Open Cloud Security

Q: Open Cloud Security

My computer has the Open Cloud Security virus. I followed the steps to get rid of it, but they have failed.
1. I started my computer in safemode with networking
2. I checked the internet options but the box was not checked to begin with so skipped that step
3. Downloaded and ran r-kill. It got rid of the dialog boxes for Open Cloud
4. Ran Malwarebytes antimalware. Tried to run Quick scan and Full scan. Both failed after a few seconds and then cannot open Malwarebytes anymore.
It shows Error message reading: Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.
If i resintall the program, it will open again and then fail the same way.

Ran dds and gmer.

gmer fails a 20 seconds in and gets the same error as Malwarebytes. I saved the log file before it failed.

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.7600.16385
Run by Sarah and Steve at 16:36:46 on 2011-09-28
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\3788055388:2749117982.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\Explorer.exe
C:\Users\Sarah and Steve\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?o=15438&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [errlONtxP0cSiDo8234A] c:\users\sarah and steve\appdata\roaming\f22ibd3pngaq6\WWWK7fEL9gZqYwI.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [OEM13Cfg.exe] OEM13Cfg.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
LSP: mswsock.dll
Trusted Zone: 164.109.25.72
Trusted Zone: 207.130.86.35
Trusted Zone: acura.com
Trusted Zone: acuraclientpurchaseexperience.com
Trusted Zone: acurainfo.programhq.com
Trusted Zone: acuraspinplay.programhq.com
Trusted Zone: ahm-ownerlink.com
Trusted Zone: ahmdealer.com
Trusted Zone: honda.com
Trusted Zone: honda.com\www.in
Trusted Zone: honda.vo.llnwd.net
Trusted Zone: hondaadcmd.com
Trusted Zone: hondacars.com
Trusted Zone: hondainfo.programhq.com
Trusted Zone: hondamap.com
Trusted Zone: hondaprofessional.com
Trusted Zone: hondaspinplay.programhq.com
Trusted Zone: hondasso.com
Trusted Zone: jdpa.com
Trusted Zone: jdpower.com
Trusted Zone: pcsc.acurasrs.com
Trusted Zone: prospectingacurasrs.com
Trusted Zone: travelhq.com
Trusted Zone: xmradio.com
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {297DE2B6-509A-4B36-93C5-A65276606900} - hxxp://www.in.honda.com/rraaapps/rraasec/codebase/RRAAINAX/RraainAX.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{88C6947E-8290-4A05-8834-F84032D37B09} : DhcpNameServer = 192.168.1.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\sarah and steve\appdata\roaming\mozilla\firefox\profiles\40493nj9.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15435&locale=en_US&apn_uid=B90198B2-90E3-45BE-BF2B-430CC1CD413B&apn_ptnrs=GG&apn_sauid=E6FA6343-A106-4BDF-9AC1-66BF10B974E5&apn_dtid=YYYYYYB8US&&q=
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\nbc direct\npDirectPlayerMozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? NovacomD;Palm Novacom
R? OEM13Vfx;Creative Camera OEM013 Video VFX Driver
R? OEM13Vid;Creative Camera OEM013 Driver
R? Viewpoint Service;Viewpoint Service
R? WatAdminSvc;Windows Activation Technologies Service
S? O2MDGRDR;O2MDGRDR
S? O2SDGRDR;O2SDGRDR
S? RTL8167;Realtek 8167 NT Driver
S? vwififlt;Virtual WiFi Filter Driver
.
=============== Created Last 30 ================
.
2011-09-28 19:57:57 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-28 19:42:45 -------- d-----w- c:\users\sarah and steve\appdata\roaming\fOBBtzP0yA1iD
2011-09-28 19:42:45 -------- d-----w- c:\users\sarah and steve\appdata\roaming\D7ddEL8gZqhYwUe
2011-09-28 19:42:38 -------- d-----w- c:\users\sarah and steve\appdata\roaming\f22ibD3pnGaQ6
2011-09-28 19:42:38 -------- d-----w- c:\users\sarah and steve\appdata\roaming\CGG5aQH6dW7fLgX
.
==================== Find3M ====================
.
2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 04:56:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:37:32 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-16 04:34:28 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 04:31:12 271360 ----a-w- c:\windows\system32\conhost.exe
2011-07-16 02:21:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:30:52 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:26:10 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
.
============= FINISH: 16:38:20.32 ===============

RELEVANCY SCORE 200
Preferred Solution: Open Cloud Security

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: Open Cloud Security

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420949 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system. If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.Thank you for your patience, and again sorry for the delay.*************************************************** We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE We also need a new log from the GMER anti-rootkit Scanner. Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step. Please first disable any CD emulation programs using the steps found in this topic: Why we request you disable CD Emulation when receiving Malware Removal Advice Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here: How to create a GMER logAs I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 2 answers
RELEVANCY SCORE 68

Hello, I have open cloud security taking over my computer. PLEEEEEEASE HELP.
Here is my Hijack this logfile.
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = ... Read more

A:Open Cloud Security

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/420173 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 68

I'm a computer consultant and three of my clients have been infected with this virus in the last 2 weeks. One was so bad that I had to run a recovery back to the origin of the computer. On the other two computers I had removed Open Cloud from startup and then all the files it created manually. I was then able to run Malwarebytes on this computer and it found the malware and others. (I wasn't able to run any scans on the second computer, including McAfee.) But then I had further problems - either the computer was excruciatingly slow, or as on this computer, when you click on All Programs, only McAfee is listed! I also get some startup errors that I didn't get before. Then I found the post about TDSSKiller. I ran it and RKill (Explore.exe) on both computers and nothing changed. I gave up on the other computer and did a full recovery. I'm hoping I don't have to do that on this one. There are lots of files to backup and several programs to reinstall. I've attached the files you need to analyze the problem. Thanks, Leslie

A:Open Cloud Security/AV

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/423685 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 9 answers
RELEVANCY SCORE 67.2

I looked Open Cloud Security up on bleepingcomputer.com and I tried to follow the instructions. I'm using Windows XP, and i'm not savvy with regedit so I tried the antimalware route via safe mode. When I tried to open any form of safe mode i got the blue screen of death with some sort of memory dump notice at the bottom. So i started in my regular mode, used RKill (renamed iexplorer) to stop the rogue processes which allowed me to run antimalwarebytes. It took forever, and finally logged some things as killed, but open cloud security was still there. So in a fit of desperation I took to deleting what appeared to be folders which were definately not there before the infections. Files named with loooong numbers, as well as the files associated with open cloud security. Several clone shortcuts were found, but no program files. I went to the registry and deleted the only file i could find in the registry that has been linked to this virus. Then I restored last known good settings, but now I can't open a single program. The notice says to restore the file association in folder options in the control panel. But I don't even know how to do that. Does anyone know what happened? I'm not backed up in any way, and I will lose things which i would be very sad to lose, but I'm not against starting from scratch. It doesn't look like I have the virus anymore, but regardless, my computer is completely devastated. Is it possible that I deleted something that... Read more

Read other answers
RELEVANCY SCORE 67.2

Hi, I've had the open cloud security problem for about 2 weeks now, at first it kept popping up over and over again telling me I had all kinds of threats etc., I Googled it and followed the instructions for removal with the malwarebytes' malware removal kit, and it would find some infected files, and then the scan would stop just before it finished saying it experienced some kind of error. I also ran AVG and found some infected files, put them in the virus vault, and then emptied the vault. I put the open cloud security link from my desktop into the trash can and then emptied it, and the pop-ups about me being infected stopped, but I'm assuming it's still on here because I didn't really do anything, so I came on here, I read the preparation guide for removing the malware, and I downloaded the recommended files and ran the scans, and I'm attaching them below. I'm not very good with any of this, and I would really appreciate any help with removing it. Thank you.
 opencloudsecurity.log   6.06KB
  0 downloads
 DDS-opencloudsecurity.txt   23.79KB
  1 downloads
 Attach-opencloudsecurity.txt   8.58KB
  0 downloads

A:trying to remove open cloud security

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download AntiZeroAccess by Webroot to your DesktopDouble-click antizeroaccess.exe to run the program.NOTE: If running Vista or Windows 7, make sure to Right-click on it and select Run as an Administrator.
At the black window, type y and then press Enter.Once AntiZeroAccess has finished scanning, a report AntiZeroAccess_Log.txt will be created in the same location as the program.Please post the contents of the report in your next reply, and let me know how your system is running now. :thumbup:---Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it Click the "Scan" button to start scan. Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANTPlease post the contents of that log in your next reply.There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.===Please DownloadTDSSKiller.zip>>> Double-click on TDSSKiller.exe to run the application.Click on the Start Scan button and wait for the scan and disinfection process to be over.If an infected file is detected, the defaul... Read more

Read other 5 answers
RELEVANCY SCORE 67.2

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_23
Run by Aaron and Tracey at 21:38:29 on 2011-09-30
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.402 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Aaron and Tracey\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/se... Read more

A:Open Cloud Security Removal

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421411 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 67.2

I have tried everything to get rid of Open Cloud Security, and am having no luck.I got rid of the annoying popups, but some random exe file (3571092410.exe) continues to start every time except when I launch Safe Mode WITH Alternate Shell/Command Prompt.The random exe is blocking programs such as my Anti-Virus, Anti-Spyware, Regedit, etc. from executing as needed. I also suspect it may be spoofing certain programs, b/c when I run rkill it immediately closes but then opens again and finds nothing to kill here.Please help!Hi there,I am working with a nasty little virus.More details at this thread:http://www.bleepingcomputer.com/forums/topic421299.htmlBascially, I have tried everything. The DDS log is attached. Although I can find't the attached.txt that is suppose to be zipped. The random exe files in the root are renamed versions of rkill. However, I can't explain the random ones in the Windows directory.Gmer throws an error that it found system modifications and wants to run a full scan. But doing so causes it to crash. Image attached.Please help. Thanks.Merged topics then posts. ~ OB

A:Open Cloud Security Not Removing

Ok... I think I finally got rid entirely rid of it. I kind of winged it myself without any 3rd party tools, but have notes if you would like me to share them.

Can I get confirmation that my system is ENTIRELY clean based off these logs? I mean it runs fine now, but I want to be sure some I didn't leave some key logger or something hiding in there...

I have 2 concerns:
1) The GMER log mentions something about the file system and keyboard driver.
2) I see "Error 1012: There was an error while attempting to read the local hosts file" in Component Services (although I have no problems access the web).

Thanks go to this forum for all the tips and strategies!

-Brett

Read other 6 answers
RELEVANCY SCORE 67.2

Hi everyone on this helpful websiteFirst i must apologize for my language since I am not a native english speaker and I just try my best to write gramatically correct english hoping you guys can understand me and may give me a helping hand.Back to the theme:I've read the guide teaching how to remove OpenCloud Security on this site.http://www.bleepingcomputer.com/virus-removal/remove-opencloud-securityI have followed every step however I have not succeeded The problem shows at step 14 while running Malwarebyes' Anti-malwareI did run RKill, but Malwarebyes' Anti-malware just still cannot run the scan.Everytime I start scanning , it is shut down very soon, maybe a few secs after starting.I guess it's probably interrupted and terminated by Open Cloud Security.So I wonder if RKill did not succesfully do its job?After the black window closed, notepad pops out with only the below"This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 09/2011 Sunday at 20:03:51. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: Rkill completed on 09/2011 Sunday at 20:03:53. "Other than Malwarebyes' Anti-malware, I tried Spy Doctor, Trojan Killer, HijackThis.And they result in the same, being shut down very shortly after starting scanning.The softwares are unable to be opened again after they are shut down. (de... Read more

A:Need help on Open Cloud security removal

Ronarch,The information provided shows the characteristics of the ZeroAccess Rootkit.First, let's take care of this file:C:\Windows\4241468026:2236952579.exeIt throws a wrench in the works, and programs will not run successfully...Please download DummyCreator.zipUnzip the folder:Right-click and select: Extract allFollow the prompts to extractOpen the new folder that appears on the Desktop:Double-click DummyCreator/DummyMaker to run the tool.Now, copy/paste the following into the blank area:C:\Windows\4241468026Press the Create button. Save the content of the Result.txt to your Desktop, and post it in your reply.Next, restart the computer!Please do not run any malware removal programs while we are in the process of malware repairs. Doing so may just make matters worse, and that, you do not want!Thanks!

Read other 1 answers
RELEVANCY SCORE 66.4

I've tried the 'Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help' and did the steps but was unable to do the gmer option because it wouldn't let me open it. Heres the DDS logs that I did get to do.

A:Open Cloud Security / Google redirect

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421168 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers
RELEVANCY SCORE 66.4

It seems as if I've been hit at once by 2 different things. Not sure how it happened but it first started with the random redirecting which was blocked mostly by AVG, then after a few days all of a sudden Open Cloud Security hit me. After I used MBAM or CCleaner, I don't remember which one to try to stop the redirect, upon restarting Open Cloud appeared. It applies to both Firefox and Internet Explorer, not one by the way. I've looked up many different ways as to how to fix this but so far nothing, so I'm here.

I have did the whole ipconfig/flushdns thing and that seems to stop the redirect temporarily until I restart and it's back at it. As for the Open Cloud Security rogueware - MBAM and CCleaner always detect things, but after clearing it all out and rebooting in non-safe mode, it always comes back.

Hopefully someone can help me. I see many people have this redirect problem, but I seem to have gotten screwed further with this Open Cloud thing on top of it all.

A:Open Cloud Security and Google Redirect

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log c... Read more

Read other 22 answers
RELEVANCY SCORE 66.4

This past week my fianc? got a rogue antivirus on her PC ? Open Cloud Security ? while searching DeviantArt and listening to Pandora. Though I wasn?t present to observe, it appeared to be a drive-by installation (AFAIK, she didn?t click on any suspicious items).

Her PC stats:
What I know: Win XP Pro 32-bit, Ad-Aware free running constantly, router/hardware firewall, IE 8, EVGA GTX 460 @ 1024 MB, no virtual drive installed

What I can?t remember specifically offhand: Quad-core Intel, 2.5+ GB RAM, Mobo?(Asus ETS2 Energy Saver?)

I have searched numerous forums and sites for advice, and found many helpful tips ? but nothing has worked.

(NOTE: This post does not contain DDS and GMER logs, because I downloaded and transferred those programs to her computer with a flash drive and experienced problems, noted below:

DDS: began to run, but seemed to freeze up the machine?after 2 hours, the ?bar of asterisks? had not moved past ? of the way or so?I had to hard restart, and it took several tries on the initial BIOS screen, along with pulling the power cord out and letting the mobo power drain, before the BIOS would find the HD?s and continue the boot process.

GMER: Started and ran successfully, run overnight. In the morning, I tried to ?Save? a log for submittal, but received an error that there were ?not enough resources to complete the process? in My Documents or something similar, and then the computer froze?could move the mouse but not click anything, or pull up Task Manager?h... Read more

A:Open Cloud Security problem need advice

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your logs indicate that a ZeroAccess infection is present on your computer:Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\2478689085
Press Create button and post the content of the Result.txt.

Important: Restart the computer.===See if you can now run the DDS tool and include the log in your next reply.

Read other 1 answers
RELEVANCY SCORE 66.4

Referred from here: http://www.bleepingcomputer.com/forums/topic420705.html/ ~ OBBroni directed me here as the problem I had never went away. Here is the original post describing my problem:"It seems as if I've been hit at once by 2 different things. Not sure how it happened but it first started with the random redirecting which was blocked mostly by AVG, then after a few days all of a sudden Open Cloud Security hit me. After I used MBAM or CCleaner, I don't remember which one to try to stop the redirect, upon restarting Open Cloud appeared. It applies to both Firefox and Internet Explorer, not one by the way. I've looked up many different ways as to how to fix this but so far nothing, so I'm here.I have did the whole ipconfig/flushdns thing and that seems to stop the redirect temporarily until I restart and it's back at it. As for the Open Cloud Security rogueware - MBAM and CCleaner always detect things, but after clearing it all out and rebooting in non-safe mode, it always comes back.Hopefully someone can help me. I see many people have this redirect problem, but I seem to have gotten screwed further with this Open Cloud thing on top of it all."Now whenever I try to start Windows normally it blue screens. Here is what it says: http://i52.tinypic.com/oh6yvl.jpg Before it would only blue screen after I tried to start a program to get rid of it, such as MBAM or RKILL. I followed that guide before posting in this section and it says only do the G... Read more

A:Open Cloud Security and Google Redirect

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Run by Mark at 12:06:26 on 2011-09-28
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4084.3078 [GMT -4:00]
.
AV: AVG Internet Security *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64 ... Read more

Read other 58 answers
RELEVANCY SCORE 64.4

While I was on Facebook today, a message popped up out of the blue that said I was infected with the Zeus Keylogger and to click here to buy the "only" way to remove it. When I tried to shut it down with tskmngr.exe it screamed that it was "infected" and refused to let me run the program. I also began getting fake email alerts every four minutes, a fake virus scan with the Zeus warning every seven minutes, and a fake BSOD and reboot every ten minutes (It happened so often I timed them, and the reboots always jumped back to where I left of instead of a usual reboot.). I also ended up with a program running in the task bar called "Security Guard 2012" that refused to let me shut it down. It also killed MBAM, SUPER ANTI-SPYWARE, and RKiller and it's various names (I tried them all...). When I try to run it, they all return an error that says: "Windows can't access the specified device, path, or file. You may not have the appropriate permissions to access the item." I have even tried Safe Mode on all of them after fighting with it for two hours to get into Add/Remove Programs feature to uninstall / reinstall (and the whole time the pc is screaming "It's infected!!" at the top of it's lungs - lol.). I even resorted to going to: C:\WINDOWS\system32\Taskmgr.exe since alt+ctrl+del didn't work. This program also created an icon on the desktop under the same name. When I right-clicked i... Read more

A:Security Guard 2012 becomes Open Cloud AV, google redirects, and ads galore

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\338603927
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is ... Read more

Read other 3 answers
RELEVANCY SCORE 64.4

I got the nasty Open Cloud Security rogue anti-virus software. Popped up while I was out of the room so I wasn't able to do an immediate hard shut down in time. By the time I got back, a few minutes later, it had sunk its tentacles in pretty deeply. It has disabled my Malwarebytes Anti-Malware, my AVG anti-virus, and system restore, even in safe mode. When I try to run MBAM or GMER I got a notification that says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Again, this occurs even in Safe Mode (with networking). I've also got Google re-direct going on. I manually deleted what I could of the virus and that seemed to slow it down considerably, but it's still in there somewhere. Here is my DDS log:
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Mike at 12:02:27 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.346 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
C:\WINDOWS\370523963:3292588777.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla F... Read more

A:Open Cloud Security w/ Google Redirect; MBAM/AVG/GMER disabled

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421421 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 50.4

Hi,
My original post is located here: http://www.bleepingcomputer.com/forums/topic424108.html and they sent me over here. Just to sum up:

I am working on a dell inspiron 910 Mini running windows XP that got open cloud AV a week ago. Based upon the other posts about Open Cloud, I ran combo fix and Rouge killer. Finally I was able to, I think, delete Open Cloud. Scans of Avast and Malwarebytes now show no suspicious files. However in the process of removal I lost the ability to connect to the internet either wireless or by network cable. I am currently on another laptop on the same network, so the network would seem to be working.

I have tried winsockxpfix to no avail. When I try the command ipconfig /renew, I get a message saying that the RPC server is unavailable. Yet when I open services it states that it is running. I have tried making my network open with no success and I have tried it with and without broadcasting ssid. I have also tried renewing the available networks list. I have also tried uninstalling the wireless card so that I can re-install it, but windows stops the the uninstallation saying that it is necessary for startup.

So I guess the question is, did I really get rid of this awful thing?

A:Open Cloud Av - Did I get rid of it?

Hi SeanR, I know it looks like a lot, but it's really just a lot of text asking for only 4 scans. Once you've done these and posted the results in your next post, let me know how the computer is running.========================================================================================================================================================Download Security Check by screen317 from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.========================================================================================================================================================Please download and scan with SUPERAntiSpyware FreeDouble-click SUPERAntiSypware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.... Read more

Read other 10 answers
RELEVANCY SCORE 50.4

Referred from here: http://www.bleepingcomputer.com/forums/topic421880.html ~ OBI have a serious Open Cloud AV infection that is proving difficult to remove. On advice of a forum moderation I have started a thread here. I attempted to follow the Prep Guide but and did download DDS but was unable to get it to run on the infected computer. On advice of that same moderator I did download OTL and it would run, the two logs it produced follow. Thanks to anyone who can help.OTL LogOTL logfile created on: 10/8/2011 12:37:03 PM - Run 1OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Mike and Jean\Desktop64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstationInternet Explorer (Version = 8.0.7600.16385)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.75 Gb Total Physical Memory | 0.53 Gb Available Physical Memory | 30.53% Memory free3.49 Gb Paging File | 1.73 Gb Available in Paging File | 49.44% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 218.37 Gb Total Space | 140.11 Gb Free Space | 64.16% Space Free | Partition Type: NTFSDrive D: | 14.22 Gb Total Space | 2.35 Gb Free Space | 16.52% Space Free | Partition Type: NTFSDrive E: | 99.18 Mb Total Space | 95.72 Mb Free Space | 96.51% Space Free | Partition Type: FAT32 Computer Name: MIKEANDJEAN-PC | User Name: Mike and Jean | Lo... Read more

A:Open Cloud AV

OTL Log Continues[2011/10/03 20:50:27 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Mike and Jean\Desktop\spybotsd162.exe[2011/10/03 20:50:25 | 000,000,000 | ---D | C] -- C:\ICwVNtxP0ciDoGa[2011/10/03 20:50:21 | 000,000,000 | ---D | C] -- C:\WF4pmH5sQ7E8[2011/10/03 20:50:18 | 000,000,000 | ---D | C] -- C:\opm5aQJWfLTqUkB[2011/10/03 20:50:14 | 000,000,000 | ---D | C] -- C:\rekIVrONx[2011/10/03 20:50:11 | 000,000,000 | ---D | C] -- C:\zkUVrlOtx0c1v[2011/10/03 20:50:07 | 000,000,000 | ---D | C] -- C:\K9hYXwjVeBPAu[2011/10/03 20:50:04 | 000,000,000 | ---D | C] -- C:\dBrzONyxA[2011/10/03 20:50:01 | 000,000,000 | ---D | C] -- C:\H7fE8gTqhwUrOt[2011/10/03 20:49:57 | 000,000,000 | ---D | C] -- C:\rWJ7dEL8RqYUeOz[2011/10/03 20:49:54 | 000,000,000 | ---D | C] -- C:\X8fRZ9hTXjClB[2011/10/03 20:49:50 | 000,000,000 | ---D | C] -- C:\WdRL9gTqjeIrOtA[2011/10/03 20:49:43 | 000,000,000 | ---D | C] -- C:\CZ9XwjUVeBzNc1v[2011/10/03 20:49:39 | 000,000,000 | ---D | C] -- C:\LaQ6dWK8fLhXjC[2011/10/03 20:49:35 | 000,000,000 | ---D | C] -- C:\GL9gTqjYCkVzN[2011/10/03 20:49:27 | 000,000,000 | ---D | C] -- C:\ZqYCwkVrliHEwy3[2011/10/03 20:49:18 | 000,000,000 | ---D | C] -- C:\BbQEjOSns8wBvWX[2011/10/03 20:49:11 | 000,000,000 | ---D | C] -- C:\TNyA0uS2i3GaHdK[2011/10/03 20:49:05 | 000,000,000 | ---D | C] -- C:\CzPNyA1uv2b3m5[2011/10/03 20:4... Read more

Read other 39 answers
RELEVANCY SCORE 50.4

Hello,My brother in laws machine recently become infected with the open cloud malware. I have attempted to follow the guides on your site but am still unable to get rid of this thing. I've tried the rkill and malwarebytes but during the mbam run it kicks off in 1 minute. I disabled any cd emulators as well. I ran the dds and was able to create some logs. I also attempted to run the GMER but that kicks off 1 minute in as well. I attempted to use superantispyware to remove it and it shows the open cloud but then shuts down. When attempting to run the programs again I am getting an error advising me that I do not have permissions to run the programs. I have the logs and can post. Looking for some advise on the next step. ThanksAttach.txt.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 4/29/2009 2:21:01 PMSystem Uptime: 9/28/2011 12:33:29 PM (0 hours ago).Motherboard: First International Computer, Inc. | | K8MC51GProcessor: AMD Sempron™ Processor 3400+ | Socket 754 | 2009/201mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 149 GiB total, 4.45 GiB free.D: is CDROM ()E: is CDROM ()G: is RemovableH: is FIXED (FAT32) - 4 GiB total, 2.233 GiB free.I: is RemovableJ: is RemovableK: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}Des... Read more

A:Open Cloud

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\2348756298
Press Create button and post the content of the Result.txt.

Important: Restart the computer.===Please post the log. Wait for my next instructions.

Read other 2 answers
RELEVANCY SCORE 50.4

Hi! I got infected with OpenCloud AV and tried following the removal suggestions from this site and others with no luck. I'm not able to run rkill, maleware bytes or any other antiviral software, even in safe mode. My computer was pretty much unusable until I did a system restore. Now my computer will at least turn on, but I'm still having a tons of problems. I still can't use antiviral software, I seem to have some search engine redirect virus, I get random pop-ups saying "Congratulations you just won..." when I use the internet, my computer keeps freezing and has problems shutting down. OpenCloud AV is not present on my desktop anymore, but I have no reason to believe it's not still on my computer.

I wasn't able to run GMER, every time I tried I got a blue screen error message and my computer restarted. Unfortunately, I haven't been able to read what the message says because it flashes so quickly.

I was able to run DDS and attached the logs. Thanks so much for reading this, I really need some help!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:15:10 on 2011-10-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.469 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\2194736433:3472502397.ex... Read more

A:Open Cloud AV and something else??

Good evening. Please download DummyCreator.zip by Farbar from here and save it to your Desktop - you will then need to unzip it.Right click on the zipped folder and from the menu that appears, click on Extract All...In the "Extraction Wizard" window that opens, click on Next> and in the next window that appears, click on Next> again. In the final window, click on Finish. Double click DummyCreator.exe to run the tool. Copy and paste the following into the edit box:

C:\WINDOWS\2194736433 Click the Create button. Make sure you have a copy of Result.txt that should appear once the tool has completed.
Important: Restart the computer and then let me have a copy of Result.txt in your next reply.

Read other 8 answers
RELEVANCY SCORE 50.4

I contracted Open Cloud AV and followed the removal instruction on this web, located athttp://www.bleepingcomputer.com/virus-removal/remove-opencloud-antivirusto the letter. Including downloading Rkill and Malwarebytes. It did not remove this bug, but it did manage to remove just about everything else on my computer, including photos, important documents, and software, including some of the Microsoft stuff that came with the computer such as Office. Not only these, but it also seems to have removed Rkill and Malwarebytes after it completed and re-booted. Aside from the recycling bin the only desktop icon I have now is something called ?Security Guard 2012?. Is there anything I can do?

A:Open Cloud AV

Hello, I've split you to your own topic.It actuall removed none of those things,this the malware doing it. so run these next.This infection family will also hide all the files on your computer from being seen. To make your files visible again, please download the following program to your desktop:Unhide.exe Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives. If there are any files that were purposely hidden by you, you will need to hide them again after this tool is run.Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!Be sure to download TDSSKiller.exe (v2.5.6.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.Click the Start Scan button.Do not use the computer during the scanIf the scan completes with nothing found, click Close to exit.If malicious objects are found, they will sho... Read more

Read other 50 answers
RELEVANCY SCORE 50.4

I am having similar problems with Open Cloud AV to those mentioned in the forum, and I have been trying to apply the fixes mentioned here. Some details about my set-up and what I have tried:- Windows XP Service Pack 3, HP Pavilion Laptop- I started seeing the bogus "infection" warnings and saw a shortcut to Open Cloud AV on the desktop.- MBAW was installed, but I was unable to launch it (or any other type of antivirus software)- Task Manager was mostly unresponsive, many programs wouldn't launch, or would quickly quit.- I had internet access, but various ads would launch when opening IE or FF.- I have tried rkill (including renaming it).- I have tried re-installing and updating MBAM (including renaming it.) I can do both, but it quits just after "enumerating items to be scanned..."- Upon restart, the shortcut to MBAM no longer works.- I checked the Proxy Settings for both browsers, neither has proxy checked. (Is there somewhere else to look for a proxy setting?)- Windows Update will not run, nor will MS Security Essentials.- I ran tdsskiller. It finds problems, but the only options are to skip, copy to quarantine, and delete. I have tried all. There is no "ensure cure" that I can see. It asks to reboot. (Very slow) Whether I reboot or not, rescans show additional problems.- I have used Add/Remove Software to remove Java.- It still seems like "something" is preventing attempts to scan and fix problems.- I have tried many of these st... Read more

A:Open Cloud AV

have you rebooted after this, if no do that now. Then try MBAM again.If needed... This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.

Read other 8 answers
RELEVANCY SCORE 50.4

I got Open Cloud a few days ago, but I was too lazy to do anything about it until today. I followed this tutorial here:
http://www.bleepingcomputer.com/virus-removal/remove-opencloud-antivirus

but when I run the rKill thing it doesn't work right. I'll see the black box, and then the Open Cloud pop up and the icon on my desktop disappears after about a minute or 2, then 10 seconds later, and it's back and the black box is still there. That's been happening on and off for the past half an hour and it's very frustrating >.<

Now rkill has a message written on notepad saying it removed some stuff, but Open Cloud is still popping up and removing itself!

Please help, it makes my computer really slow, and I have a lot of homework to get done...

A:Open Cloud AV won't go away!

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 3 answers
RELEVANCY SCORE 50.4

downloaded bleeping computers anti malware to get rid of open cloud virus in safemode. instructions seemed to say to run in safe mode aswell. when i try to run the malware download i get this message:Windows cannot accesss the specified device path or file. you may not have appropriate permission to access the item.Please help!!! I purchased norton360 antivirus innitially online and tried to run that and i couldnt, then i tried pctools spyware and now this... been working on this for days please help me :-(

A:open cloud

I also ran this Rkill download before the anti malware
recieved this message after:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 06/06/2012 at 13:41:44.
Operating System: Windows Vista ™ Home Premium
Processes terminated by Rkill or while it was running:

C:\Users\5448\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ECB5GOOK\iExplore[2].exe
Rkill completed on 06/06/2012 at 13:41:47.

Read other 2 answers
RELEVANCY SCORE 50.4

i have tried the rkill and uninstalling microsft security essentials and reinstalling still no luck also there is a user on my computer called dutususer that i have never seen before i cant delete it eitherEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. Duplicate topic post deleted as well. ~ Animal

A:open cloud help plz

Hello and welcome.Please download MiniToolBox, save it to your desktop and run it. Checkmark the following checkboxes: Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Please follow our Removal Guide here How to remove Google Redirects. You will move to the Automated Removal InstructionsIf it finds something make sure Cure is selectedNext click Continue then Reboot nowA log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.Now do RKill....Download and Run RKillPlease download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
A blac... Read more

Read other 4 answers
RELEVANCY SCORE 50.4

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

A:open cloud help plz

Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?
if after 48hrs you have not replied to this thread then it will have to be closed!Gringo

Read other 3 answers
RELEVANCY SCORE 49.6

I have been asked to clean a laptop that was infected with the open cloud av malware on 10/3/2011. Malwarebytes is now warning that this variant includes a trojan that make it impossible to guarantee a clean machine. They suggest changing all account numbers and passwords. Having played with removal for a day I am amazed at the sophistication of this variant. I am inclined to recommend a low level reformat and reinstall. What do your experts think about this nasty code. Thanks, PS

A:open cloud av malware

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 1 answers
RELEVANCY SCORE 49.6

On Sunday evening (Oct 2) my PC got inadvertantly infected with the Open Cloud virus.

We have a Windows XP Home operating system, and two people use the computer - my wife Martha and I - with separate login accounts.

Martha was browsing with the Firefox broswer and got the Open Cloud infection. She called me immediately and I attempted to remove it, since it was overtaking the machine, showing messages and terminating programs repeatedly.

I will tell you what I have done to remove it, and what the remaining behavior is. This virus is more difficult than I originally imagined, and I will need help to get the machine completely clean.

Initially, before searching for professional advice, I deleted all of the Open Cloud folders and files, and followed this with a registry cleaner (CC Cleaner), that scans the registry and removes remaining references to deleted executables. I did this as triage, because I couldn't manage to do ANYTHING on the machine until I removed the files.

Then I went to another machine and looked up on BleepingComputer what to do. Over the next 48 hours, I tried several things recommended by BleepingComputer professionals, including following all of the three procedures listed in the following URLs, in the order they were suggested:
+ http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security
+ http://www.bleepingcomputer.com/forums/topic421637.html
+ http://www.bleepingcomputer.com/forums/topic34773.html

Unfortunately, none o... Read more

A:Open Cloud infection

I managed to resolve my problem. The solution is given in the following post.

http://www.bleepingcomputer.com/forums/topic422225.html

The current topic can now be closed.

Rich Wagner

Read other 2 answers
RELEVANCY SCORE 49.6

I have a problem with open cloud which is really messing with my computer, I cannot run RKILL or at least it doesn't run automatically. I have tried to download the RKILL program but it never seems to run...help please.

A:Open cloud issues

Hello I moved you to the Am I Infected forum.It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If you run into this problem when following the steps in this guide you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.Please follow our Removal Guide here Remove OpenCloud Security (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 49.6

Hi, I apologize for the length, but I'm not sure how to sum this up well. I have been referred here from the am I infected forum, having been referred there from the Windows XP Forum. I will try to sum up as best as I can. I should also point out that this is my wife's computer so I don't have an in depth knowledge of what led up to the infection. I have a Dell Mini Inspiron 910 that became infected with Open Cloud AV. I followed the removal guides I found online and had thought I finally got rid of it, but that doesn't seem to be the case. In the process I have now lost the ability to connect to the internet on that computer either on wireless or through network cable. When I pull up the details of the wireless connection it says that the ip is invalid. I cannot connect in to the internet in safe mode either. Unfortunately I am unable to accurately recount every step I took previously. (I have since learned that this was foolish on my part.)I am using a different computer and an external hard drive (both of which have been scanned extensively to ensure no infections.) to download what is needed and I always save it to the desktop of the new computer before I start working with that downloaded program.My original post about wireless connection can be found here: http://www.bleepingcomputer.com/forums/topic424108.html - I have made sure that IE browser>>click tools>>internet options>> Proxy server is not checked and that automaticall... Read more

A:Leftovers from Open Cloud AV?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424950 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 13 answers
RELEVANCY SCORE 49.6

My mothers computer was infected with open cloud.
I restarted in safe mode and ran malware and removed the infected files.
I no longer get redirects but I still can not update MSE.
How can I verify that I have properly romoved open cloud and what can I do to fix MSE?
I also ran rkill and it found nothing.
here is a ddr log
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Compaq_Administrator at 16:59:34 on 2011-10-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1358 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Com... Read more

A:Open cloud infected?

gmer txt here
is it normal for it to scan well over an hour?
I had to stop it after a while
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-18 18:20:30
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160812AS rev.3.AHH
Running: 95no0kru.exe; Driver: C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\kgxdafob.sys
---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F83360, 0x20574D, 0xE8000020]
? C:\DOCUME~1\COMPAQ~1.YOU\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[2272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2272] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AD1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2272] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD10D C:... Read more

Read other 9 answers
RELEVANCY SCORE 49.6

I too have the OPen Cloud virus. I have looked at verious other posts to attempt to fix teh issue but have been unsuccessful. I did the preparation steps 6-9. But gmer did nto create a log for me to save. It did run. I had my computer in safe mode. Previously I had tried rkill.exe adn then malwarebytes but when I ran malwarebytes it would close itself down after a second or two. I tried to do the one that was to loaded form a clean computer onto a zip drive. It would not open that up.
Hoping someone can help!

A:Open Cloud virus

Were you able to create the DDS logs? If so, please post them in a reply to this topic. If not, please explain what happens when you try to create them.

Orange Blossom

Read other 3 answers
RELEVANCY SCORE 49.6

Hello,

2 days ago in the middle of a search I suddenly started getting pop-ups for open cloud AV suggesting my computer was infected. I attempted to do a system restore and the problem seemed fixed, however I was still being redirected on websites. Then, open cloud AV returned the next day. I've tried running scans, tdsskiller, malwarebytes, spybot S&D, tried deleting program from files, etc. Nothing is getting rid of this! Malwarebytes will not run for more than 20 seconds. Spybot says it detects a trojan and resolves but everytime I run, its still comes up on list. Spybot detects Win32.Palevo but nothing else. There was also another icon that appeared on my desktop but is now gone named Security Guard 2012. I will occasionally get the "blue screen" but it doesn't shut down the computer. I've tried ending processes with task manager but rarely can I get it to open. Proxy settings are not effected everytime I check. This is really driving me crazy. Usually, I'm capable of getting rid of viruses myself but this one really has me stumped. Please help!!!

A:OPEN CLOUD AV VIRUS - PLEASE HELP!

Hello and welcome to Tech Support Forum.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Read other 15 answers
RELEVANCY SCORE 49.6

Moving Security to the Cloud. (2 web pages)

Combining scanning approaches could keep PCs safe from viruses.

-- Tom
 

A:Moving Security to the Cloud

Cool article, Thanks for postint! it will be interesting to see how this theory plays out. It makes a lot of sense.
 

Read other 3 answers
RELEVANCY SCORE 49.6

Hello to all,

today saw a commercial about Kaspersky Security Cloud. Was thinking whaaaattt...??!!

So today reinstalled Windows 10 64bit clean on a new GPT EFI Dynamic Drive and must say, that thing is snappy.

Kaspersky Version 18.0.0.405(b)

The interface and features feel allot like the Internet Security 2017 but allot more smooth.

My Question to you all here in the Community is how do you think about it?

My Security config. changed again. Will post a new one soon.

Best regards
Val.
 

A:Kaspersky Security Cloud?

I'm waiting that Kaspersky releases it in Belgium to buy it ! But it looks very promising
 

Read other 0 answers
RELEVANCY SCORE 49.6

Hello,
 
 I am currently doing a project on cloud computing security. I am trying argue about how secure the cloud is and am doing researcher to that end. I am reaching out to any cloud security professionals or anyone that has any information on cloud security. If you just want to give your opinion on cloud security, that is fine too. I want to know what people think about the security of the cloud. 

A:Cloud Computing Security

Are you doing data security in the "cloud"? Or Security as a service (cloud security)?

Read other 2 answers
RELEVANCY SCORE 49.6

Partly Cloudy With a Chance of Data Compromise: Cloud Security Quiz

I got 16/20
all the best
 

A:cloud security quiz

Interesting to freshen up your knowledge, got 16/20 where visiting on forum and reading articles should really help you out to learn and not take it as granted.
 

Read other 0 answers
RELEVANCY SCORE 49.2

Hello, I have recently contracted the Open CLoud Av malware program. I have tried the online walkthrough on this website and when MalwareBytes begins the scan, seconds later the program is terminated. I am very stressed about this because I have read this malware turns into a potential keylogger and I am quite worried. I have little to none knowledge with computers, and I have searched the forums to see if someone had a situation similar to my own and I did find some, except most of the posts have all kinds of crazy code in it that I don't understand at all. I contacted Best Buy and they said it would cost $150 just for a 1 time malware removal. That being said I would greatly appreciate it if someone with knowledge on the subject could assist me with this problem. THanks in advance.

P.s I am running on Windows Vista.

-JAke

A:Open Cloud AV removal failure

Hello,This infection changes settings on your computer so that when you launch an executable, a file ending with .exe, it will instead launch the infection rather than the desired program. To fix this we must first download a Registry file that will fix these changes. From a clean computer, please download the following file and save it to a removable media such as a CD/DVD, external Drive, or USB flash drive.FixNCR.reginsert the removable device into the infected computer and open the folder the drive letter associated with it. You should now see the FixNCR.reg file that you had downloaded onto it. Double-click on the FixNCR.reg file to fix the Registry on your infected computer.If no joy try running SAS... Run SAS even if the MBAM works and post both logs.Next run Superantisypware (SAS): Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences...... Read more

Read other 10 answers
RELEVANCY SCORE 49.2

Hello there,

I updated Firefox a couple of days ago, and I failed to notice that Noscript didn't carry over to the new version automatically. Within a few minutes I had a lovely piece of scareware called Open Cloud AV installed without my knowledge or consent onto my laptop, which caused the usual pop-ups, fake BSODs, fake reboots, etc. I downloaded and ran Malwarebytes, and deleted Open Cloud's icons manually, as they were left behind by the quarantine/deletion. The pop-ups have gone away, but there's a lingering problem: The CPU keeps maxing out for no apparent reason. Malwarebytes' tooltip balloon keeps telling me that it's blocking access to a potentially malicious website, which is almost always being accessed by Ping.exe. I halted Ping.exe in Task Manager, but scans are coming up negative for any trojans or viruses, aside from the initial Malwarebytes scan, of course. I've run Lavasoft's Ad-Aware and TDSSKiller, and both indicate no threats. Also, whenever I restore a prior Firefox session, a new tab appears with an advertisement, though I don't get any of these unwanted tabs through normal browsing. I'm running out of solutions and I am WAY out of my element on this one. Help would be GREATLY appreciated!

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Charles Varriale at 22:27:38 on 2011-10-05
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5942.2133 [GMT -4:00]
.
AV: Lavasoft Ad-Wa... Read more

A:Open Cloud AV - Lingering CPU Issues

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

Read other 18 answers
RELEVANCY SCORE 49.2

Hello, I have recently gotten the Open Cloud Antivirus virus, and I am unable to get rid of it because it has blocked my exe files. I tried running Malwarebytes in safe mode, but it gave me the message that I did not have the permission to use the program. When I run safe mode with networking, my browsers (FF and IE) say that the page could not be found. In addition to this, I have redirects when I try to open a web page. Help would be appreciated! Thanks!

A:Open Cloud Antivirus and redirects

tn2642Please follow our Removal Guide here Remove OpenCloud Antivirus (Uninstall Guide) .After reading how the malware is misleading you ...You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 9 answers
RELEVANCY SCORE 49.2

Hello,

I have a Dell Vostro 1000 with Windows XP, Service Pack 3.

About two weeks ago, Firefox stopped working. My mistake was to think nothing of it and use Internet explorer instead. About a week or so ago, my URLs were being redirected to pay for ad sites (although the links appeared to be content relevent).

Two nights ago Open Cloud AV (I don't ever recall installing this) opened up and showed issues. I closed it down as quickly as I could and tried to run MS Security Essentials, but it wouldn't start. I didn't note the error, unfortunately.

My first attempt was with AVG 2012 and it found nothing.

I tried downloading Malwarebytes, as well as Superantispyware, but couldn't download it onto that machine, I was continually redirected.

I downloaded the following to a flash drive and ran (IIRC this is the order, over a period of a day):
FixNCR
SUPERantispyware

Then
Rkill with the following names:
Rkill
IExplore
WiNlOgOn
eXplorer

mbam-setup

Initially, I ran in safe mode without networking and logged in as administrator.
Many items were caught and quarantined.
Then I tried to updated Security Essentials logged in as admin in safe mode with networking and access was denied.

Then, I rebooted and logged in as my user, in safe mode with networking and there was definitely still an issue. I tried downloading and updating Superantispyware which it appeared to do, but when running the scan, it stopped after 20 seconds or so.
I tried MBAM and the same sym... Read more

A:Open Cloud AV issues and URL redirects

I did check the Internet Explorer Proxy settings, and proxy is not enabled.

Read other 2 answers
RELEVANCY SCORE 49.2

Bleeping Computer Administrators,

I know there are other posts very well explaining how to get out of the terrible situation that is Open Cloud AV. I've dealt with a VERY similar malicious program before. I dealt with it my running Rkill and then Malwarebyte's Anti-Malware. I have recently been infected with Open Cloud AV. I looked up how to remove it, and seeing as the steps were the same, I did the same. Rkill terminated the process, but MBAM would not open. I tried to open it with some 'Inherit.exe' but that didn't work. I download Anvira, which I was told worked as well, and that program didn't find Open Cloud on a full scan. I restarted my computer and tried it all again, still to no avail.
I still can't open MBAM, and Rkill doesn't find/doesn't terminate Open Cloud AV.

I'm pretty desperate, and I'm not great with computers.

Thanks for your time,
-Dylan

A:LOTS of problems with Open Cloud AV

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 4 answers
RELEVANCY SCORE 49.2

I got an Open Cloud infection on my Windows XP machine, and it inserted a process with random numbers into the Task List that wouldn't go away. That process caused all AntiVirus and AntiMalware programs to terminate prematurely. The troublesome process has 10 random digits followed by a colon followed by 9 more random digits [ddddddddd:ddddddddd.exe]. It is very hard to remove.I have noticed many posts on this forum of other people with the same issue, and many of these are not resolved yet.I discovered a post by another member that helped me solve my problem, so I want to give other people something to consider in trying to solve this difficult problem if they have gotten it. I am NOT a computer professional, nor am I one of the certified BleepingComputer experts, but I did spend more than 40 hours studying this problem, analyzing my machine, and solving the problem over the past 5 days. So while my comments may not solve your problem, they may give you something to try that uses ONLY the standard tools that come with Microsoft Windows XP. There is nothing else to download, and no other programs that you need to trust.Credit for the resolution of my problem goes to Brett, who posted the thread that suggested the MAGIC step: http://www.bleepingcomputer.com/forums/topic421299.html/I have amplified his MAGIC step to suit my particular situation, but I suspect it will be similar for many other people who have this issue. The recovery steps that solved my problem are ... Read more

A:Open Cloud infection my recovery

PS: If you want to see may original post and plea for help, that gives some detail on how I discovered the problems that Open Cloud produced, go here: http://www.bleepingcomputer.com/forums/topic421998.html/

Read other 2 answers
RELEVANCY SCORE 49.2

Hi .. I'm Jennie and I'm trying to remove a virus from my BF's computer for him. I've been trying everything available on the internet for 2 days, to no avail. This virus is combating me like a prized boxer in the ring. It's been on his computer since Monday afternoon (that we know of, that's the first time the "pop ups" started).I have downloaded malwarebytes, spyware doctor, rkill, eXplorer, Mini Toolbox, RegCure, CC Cleaner, Paretologic, Trojan Hunter, and various other virus/antispyware/trojan/etc programs trying to remove this POS infection .. and as soon as the application is installed and begins to run .. Open Cloud kills it after a few moments and then renders it inoperable until I uninstall it and re-install it again .. only to kill it again after only a few seconds of scanning(Spyware Doctor did make it to 66% once, and Trojan Hunter made it all the way through once but thats it).Google is also hijacked as well, when you open the home page it goes directly to google but if you issue a search and click a link it immediantly jumps to www.nobelsearch.com and then it flips over to hxxp://63.209.69.107/search/web/Open%20Cloud%20Security/a11/itcg-20446_3637/v5 .I've researched and executed every tutorial I can find, and nothing has worked. So here I am begging for your help. My BF is studying for his OT exam, and cannot use his computer (it won't let him run the application he was given to help him practice the certification... Read more

A:Complicated Open Cloud Infection

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/421349 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 4 answers
RELEVANCY SCORE 49.2

Hi, i need help removing the Open Cloud virus from my laptop. It won't let me run any of the usual malware removal tools, in reg or safe mode. This one is really tough.

The laptop is running XP, SP2

Thank you so much for your help

A:Open Cloud virus removal help

Hello,Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.Orange Blossom

Read other 5 answers
RELEVANCY SCORE 49.2

I have been infected by the Open Cloud Antivirus virus, and whenever I try to run Malwarebytes, SAS, or Gmer, it would run for a few seconds then the program will shut down immediately. I was referred to post here by boopme. http://www.bleepingcomputer.com/forums/topic421484.html


 attach.txt   19.78KB
  2 downloads
.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23
Run by Administrator at 23:43:47 on 2011-10-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1725 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Accessories\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\3009287083:1424793932.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
.
============== Pseudo HJT Report ===============
.
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [VX... Read more

A:Open Cloud Antivirus and redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Please download DummyCreator.zip and unzip it.Run the tool.Copy and paste the following into the edit box:

C:\WINDOWS\3009287083
Press Create button and post the content of the Result.txt.

Important: Restart the computer.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is... Read more

Read other 27 answers
RELEVANCY SCORE 49.2

I have learned my lesson. Open Cloud AV is NOT legit. It took my PC shop almost a week to get rid of it.The $75 charge showed up on my VISA as from YOUTUBESTUDIO.PRO out of Riga, Latvia. I have not been able to find anything to link Open Cloud to this "company". Even though I showed all the screen shots, message forums, etc. VISA won't dispute it until I have something concrete.Has anyone been able to get the charges reversed or link these two "companies" together?Thanks(Moderator edit: post moved to more appropriate forum. jgw)

Read other answers
RELEVANCY SCORE 49.2

Hello all,

I updated Firefox a couple of days ago, and I failed to notice that Noscript didn't carry over to the new version automatically. Within a few minutes I had a lovely piece of scareware called Open Cloud AV installed without my knowledge or consent onto my laptop, which caused the usual pop-ups, fake BSODs, fake reboots, etc. I downloaded and ran Malwarebytes, and deleted Open Cloud's icons manually, as they were left behind by the quarantine/deletion. The pop-ups have gone away, but there's a lingering problem: The CPU keeps maxing out for no apparent reason. Malwarebytes' tooltip balloon keeps telling me that it's blocking access to a potentially malicious website, which is almost always being accessed by Ping.exe. I halted Ping.exe in Task Manager, but scans are coming up negative for any trojans or viruses, aside from the initial Malwarebytes scan, of course. I've run Lavasoft's Ad-Aware and TDSSKiller, and both indicate no threats. I'm running out of solutions and I am WAY out of my element on this one. Help would be GREATLY appreciated!

I'm using Windows 7, btw. Further information can be provided on request, as long as I can get at it.

I'm also not entirely sure how to obtain a log to post, and I didn't see a tutorial on that anyplace. Thanks in advance!

EDIT: Also, whenever I restore a prior Firefox session, a new tab appears with an advertisement, though I don't get any of these unwanted tabs throu... Read more

A:Open Cloud AV Lingering CPU Issues

With the information you have provided I believe you will need help from the malware removal team. Please make sure that you read the information about getting started first.Then start a new thread HERE and include or required logs.Including a link to this thread will be helpful. Good luck and be patient. Help is on the way!

Read other 2 answers