Getting Rid of Open cloud FakeAV:
Open Cloud antivirus is from the same family of as wolfram and PC security shield and therefore may be just the symptom of a much more Malignant infection, Lately, the infection comes bundled with a SpinCAV or ZeroAccess dropper. Therefore the steps given here assume to deal only with neutralizing only the open cloud AV infection. Please be sure to use a broad spectrum of tools to remove any further infections that are present.
Now on with the kill.
Let’s drop the infected file into my computer
Open Cloud starts up
And soon locks down the computer.
Click on leave to get here
Enter this code into the activation box and click on activate
DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B
After this it should give you this screen.
The major part is done now run any major tool to remove the infection completely after suspending it using process explorer.
Associated OpenCloud Security files and registry values:
Windows XP:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Then Paste this into notepad safe as inf and install it.
[Version]
Signature="$Chicago$"
Provider=tausif
[DefaultInstall]
AddReg=UnhookRegKey
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
The shell Keys should be reset now and allow you to run any exe files. If you’re still unable to run any AV applications then hunt for a different infection on the PC.
Open Cloud antivirus is from the same family of as wolfram and PC security shield and therefore may be just the symptom of a much more Malignant infection, Lately, the infection comes bundled with a SpinCAV or ZeroAccess dropper. Therefore the steps given here assume to deal only with neutralizing only the open cloud AV infection. Please be sure to use a broad spectrum of tools to remove any further infections that are present.
Now on with the kill.
Let’s drop the infected file into my computer
Open Cloud starts up
And soon locks down the computer.
Click on leave to get here
Enter this code into the activation box and click on activate
DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B
After this it should give you this screen.
The major part is done now run any major tool to remove the infection completely after suspending it using process explorer.
Associated OpenCloud Security files and registry values:
Windows XP:
- C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\OpenCloud Security.exe
- C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\csrss.exe
- C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\wf.conf
- C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\sysl32.dll
- Windows Vista/7:
- C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe
- C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\csrss.exe
- C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\wf.conf
- C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\sysl32.dll
- HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="%Temp%\csrss.exe"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Then Paste this into notepad safe as inf and install it.
[Version]
Signature="$Chicago$"
Provider=tausif
[DefaultInstall]
AddReg=UnhookRegKey
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
The shell Keys should be reset now and allow you to run any exe files. If you’re still unable to run any AV applications then hunt for a different infection on the PC.
No comments:
Post a Comment