PSSnyder

I have done that before, and I think a lot of users probably keep the free version on their computers. What I would like to see is for Malwarebytes to be able to make at least some money off of the probable large number of users who don’t turn on AV and simply use the free version as a one time scanner.

Lot's of CTO's have strong preferences for AVs like BitDefender, MS Defender, Symantec, etc., and won't change to another product. However many would like to have a "second opinion" option and removal tool. When we think we may be under attack we download the free MalwareBytes app, scan, and then delete it. We would really like to have a MalwareBytes version that stays on our system, costs maybe $10-$15 a year, and scans on demand only (no active AV). We would feel better about paying a fair price for the occasional use and possible virus removal, and would not have to be concerned about interference between AV engines when two are active.

I am helping someone clean their laptop to remove Open Cloud AV. It was infected on October 3, 2011. I first loaded and ran Malwarebytes in safe mode without renaming the exe. It appeared to work, but then Open Cloud AV reappeared after I rebooted in normal mode. I then followed the existing Malwarebytes instructions (9/11) to remove the malware. I had a great deal of difficulty getting Malwarebytes started in Quick Scan because the current version of Open Cloud AV loops threads / processes to and grab processor cycles and keep modal warning windows and taskbar balloons grabbing focus from all other application windows. Malwarebytes is now running, but very slowly because the Open Cloud AV balloons are continuing to be generated as random name file folders are created by the code. I am 2 hours into the scan and have only scanned 2500 objects in memory, including the register keys. If the scan will eventually include the constantly generated folders I don’t see how it can get ahead of the Open Cloud generator? Can I successfully run the renamed Malwarebytes exe file in safe mode w/o network (recall that the first time I tried it did not work but I did not rename the Malwarebytes executable) if the scan does not complete? Thanks

Thanks - I am trying the specific Open Cloud AV removal method of Sept 11. This variant seems especially difficult as it starts a loop of processes and threads that makes it very, very difficult to get Malwarebytes to run. Open Cloud keeps your program in the background by using modal warning windows to cover it. I was successful in getting focus to the Malwarebytes window only by repeated use of "switch to" from task manager. It is running now but very slowly, probably due to constant creation of files by Open Cloud with warning balloons in the task bar. If this does not work I will upload HiJackThis logs to the other forum. BTW - when I updated MalWareBytes the McAffee AV module that is "turned off" reported unauthorized outgoing email, I guess Open Cloud is sending "invitations" to people in the address book. Thanks again, PS

I am helping someone who has a laptop that was infected by open cloud av on October 3, 2011. I read the warning that it may be impossible to remove the trojan backdoor installed by the malware. I have been impressed by the sophistication of the code and I am concerned that it can't be effectively removed? [i know very little about trojans, but I noticed that the roaming folder was being modified - making me think that the code was actively communicating with an unknown server] Given what you know about this variant, what are the odds that the backdoor can't be locked? Thanks, PS