Skip to main content

Open Cloud AV- removal guide

Getting Rid of Open cloud FakeAV:
Open Cloud antivirus is from the same family of as wolfram and PC security shield and therefore may be just the symptom of a much more Malignant infection, Lately, the infection comes bundled with a SpinCAV or ZeroAccess dropper. Therefore the steps given here assume to deal only with neutralizing only the open cloud AV infection. Please be sure to use a broad spectrum of tools to remove any further infections that are present.
Now on with the kill.
Let’s drop the infected file into my computer
image
Open Cloud starts up
image
And soon locks down the computer.
image
Click on leave to get here
image
Enter this code into the activation box and click on activate
DB038748-B4659586-4A1071AF-32E768CD-36005B1B-F4520642-3000BF2A-04FC910B
After this it should give you this screen.
image
The major part is done now run any major tool to remove the infection completely after suspending it using process explorer.
image
Associated OpenCloud Security files and registry values:
Windows XP:
  • C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\OpenCloud Security.exe
  • C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\csrss.exe
  • C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\wf.conf
  • C:\Documents and Settings\[UserName]\Application Data\OpenCloud Security\sysl32.dll
  • Windows Vista/7:
  • C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\OpenCloud Security.exe
  • C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\csrss.exe
  • C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\wf.conf
  • C:\Users\[UserName]\AppData\Roaming\OpenCloud Security\sysl32.dll
Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"="%Temp%\csrss.exe"
Oh and one more thing if it does not allow exe files to run reset shell keys using the following fixes one after another into a reg file.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="Explorer.exe"
Then Paste this into notepad safe as inf and install it.
[Version]
Signature="$Chicago$"
Provider=tausif
[DefaultInstall]
AddReg=UnhookRegKey
[UnhookRegKey]
HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*"
HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe ""%1"""
HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*"
HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools,0x00000020,0
The shell Keys should be reset now and allow you to run any exe files. If you’re still unable to run any AV applications then hunt for a different infection on the PC.

Comments

Popular posts from this blog

Removing corporate wireless restrictions completely : "The policies of your network prevent the creation of ad hoc (computer-to-computer) networks. For more information, contact your system administrator."

So i was recently tasked with removing wireless restrictions from a VP's windows 7 laptop that some infrastructure company had placed while contracted with our network, since he needed to enable setting up of adhoc connections on his laptop and he always got

"The policies of your network prevent the creation of ad hoc (computer-to-computer) networks. For more information, contact your system administrator."


A little bit of probing revealed that adhoc and peer to peer connections were blocked as evidenced by the the command 

netsh wlan show filter on an  elevated command prompt revealed that adhoc network type was blocked by group policy:

I removed the restrictions by:

1: open services.msc as administrator, scroll down to WLAN AutoConfig:

Migrating Outlook Profile to Office 365

We had a migration from Hosted Exchange to Office 365 and i was tasked with automating the local Outloook profile migration for Users:

I Created a GUI utility using powershell which would allow users to create an Office365 Profile and set it as default, I prepared PRF files for each version of office and an autodiscover.xml to be used for local autodiscover and uploaded them to a hosted site:

The PRF file to set settings for Office 365 are hard to find: i used the below entries:


;AutomaticallygeneratedPRFfilefromtheMicrosoftOfficeCustomizationandInstallationWizard;**************************************************************;Section1-ProfileDefaults;**************************************************************[General]Custom=1ProfileName=%UserName%-O365DefaultProfile=YesOverwriteProfile=YesModifyDefaultProfileIfPresent=false;**************************************************************;Section2-ServicesinProfile;**************************************************************[Service…

To Unlock Windows Update locked due to group policy.

To Unlock Windows Update locked due to group policy.




Open gpedit.msc and browse to the location /Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication Settings and double click "turn off access to all windows update features" and set it to disabled.