Saturday, August 27, 2011

Remove OpenCloud Antivirus

Remove OpenCloud Antivirus
OpenCloud Antivirus is a fake antivirus. OpenCloud Antivirus infected your computer through a malicious website or Trojan. OpenCloud Antivirus scan the whole infected computer without any notice. After finish scanning, OpenCloud Antivirus shows false result that there are a lot of malware infections found on the computer. Moreover, the users of the infected computer will receive several warning alerts trying to force the users to purchase the fake full version of OpenCloud Antivirus. OpenCloud Antivirus cannot detect and remove any kind of virus, malware or trojan. OpenCloud Antivirus is a SCAM. Do not believe any warning or alert given by OpenCloud Antivirus. Most important, do not purchase the full version of OpenCloud Antivirus as it really cannot remove any kind of malware! OpenCloud Antivirus is delivered through many ways that involve installing via a bogus scanner page created to look like a Windows application screen. Another way of how OpenCloud Antivirus spreads is via a Trojan infection generated to look like a flash update or video codec.





OpenCloud Antivirus can be removed first by stopping its processes (wskinn.exe, OpenCloud Antivirus.exe, c:\Program Files\csrss.exe, c:\Program Files\conhost.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by OpenCloud Antivirus (Read the removal guide below to remove OpenCloud Antivirus successfully).



When OpenCloud Antivirus is installed, OpenCloud Antivirus will be configured to start automatically y installing a file called csrss.exe in the Window Startup folder. Once Windows is started, csrss.exe will automatically be launched, which will then start the main executable for this infection called %AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe. Please note that the csrss.exe file that this infection installs in the Startup folder should not be confused with the legitimate Microsoft C:\Windows\System32\csrss.exe file, which is required for Windows to operate normally.



OpenCloud Antivirus should be removed immediately!





Removal Guide

Kill Process

(How to kill a process effectively?)

%AppData%\OpenCloud Antivirus\csrss.exe

%StartupFolder%\csrss.exe



Delete Registry

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %'

HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList



Remove Folders and Files

%UserProfile%\Desktop\OpenCloud Antivirus.lnk

%StartupFolder%\csrss.exe

%StartMenu%\OpenCloud Antivirus

%AppData%\OpenCloud Antivirus

No comments:

Post a Comment