Jump to content

Removal instructions for CloudGuard


Recommended Posts

  • Staff

What is CloudGuard?

The Malwarebytes research team has determined that CloudGuard is adware. These adware applications display advertisements not originating from the sites you are browsing.

How do I know if my computer is affected by CloudGuard?

You may see this entry in your list of installed programs:

warning4.png

and this Scheduled Task:

warning3.png

How did CloudGuard get on my computer?

Adware applications use different methods for distributing themselves. This particular one was offered as a parental control.

main.png

How do I remove CloudGuard?

Our program Malwarebytes Anti-Malware can detect and remove this potentially unwanted program.

  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Enable free trial of Malwarebytes Anti-Malware Premium
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Is there anything else I need to do to get rid of CloudGuard?
  • No, Malwarebytes' Anti-Malware removes CloudGuard completely.
  • This PUP creates some scheduled tasks. You can read here how to check for and, if necessary, remove Scheduled Tasks.
How would the full version of Malwarebytes Anti-Malware help protect me?

We hope our application and this guide have helped you eradicate this hijacker.

As you can see below the full version of Malwarebytes Anti-Malware would have protected you against the CloudGuard adware. It would have warned you before the rogue could install itself, giving you a chance to stop it before it became too late.

protection1.png

Technical details for experts

You will see this sign in a HijackThis log:

O17 - HKLM\System\CCS\Services\Tcpip\..\{86308DB8-906A-4644-BFB4-ACEB40A65B72}: NameServer = 31.168.224.106,5.135.12.52
You may see these entries in FRST logs:

 (www.CloudGuard.me) C:\Program Files\CloudGuard\CloudGuard.exe Tcpip\..\Interfaces\{86308DB8-906A-4644-BFB4-ACEB40A65B72}: [NameServer] 31.168.224.106,5.135.12.52 () C:\Program Files\CloudGuard Task: {EDFF3E8C-6BB7-421F-A360-BB6660939788} - System32\Tasks\CloudScout => C:\Program Files\CloudGuard\CloudGuard.exe [2014-10-26] (www.CloudGuard.me) <==== ATTENTION
Alterations made by the installer:

File system details  ---------------------------------------------    Adds the folder C:\Program Files\CloudGuard       Adds the file CloudGuard.exe"="10/26/2014 1:01 AM, 528384 bytes, A       Adds the file config.ini"="11/4/2014 4:20 AM, 893 bytes, A       Adds the file Info.rtf"="8/20/2014 3:48 PM, 1274 bytes, A       Adds the file License.rtf"="11/4/2014 3:45 AM, 13694 bytes, A       Adds the file uninstall.exe"="3/27/2015 8:36 AM, 156665 bytes, A       Adds the file ZonaTools.XPlorerBar.dll"="10/26/2014 1:00 AM, 67584 bytes, A    In the existing folder C:\Windows\System32\Tasks       Adds the file CloudScout"="3/27/2015 8:36 AM, 5254 bytes, ARegistry details  ------------------------------------------    [HKEY_LOCAL_MACHINE\SOFTWARE\CloudGuard]       "Install_Dir"="REG_SZ", "C:\Program Files\CloudGuard"    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudGuard]       "DisplayName"="REG_SZ", "CloudScout Parental Control"       "DisplayVersion"="REG_SZ", "1.10"       "InstallLocation"="REG_SZ", "C:\Program Files\CloudGuard\CloudGuard.exe"       "NoModify"="REG_DWORD", 1       "NoRepair"="REG_DWORD", 0       "Publisher"="REG_SZ", "CloudGuard.me"       "UninstallString"="REG_SZ", ""C:\Program Files\CloudGuard\uninstall.exe" /S"       "VersionMajor"="REG_DWORD", 1       "VersionMinor"="REG_DWORD", 10
Malwarebytes Anti-Malware log:

Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 3/27/2015Scan Time: 8:52:33 AMLogfile: mbamCloudGuard.txtAdministrator: YesVersion: 2.01.0.1004Malware Database: v2015.03.27.04Rootkit Database: v2015.03.26.01License: FreeMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: MalwarebytesScan Type: Threat ScanResult: CompletedObjects Scanned: 298053Time Elapsed: 4 min, 26 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 1PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\CloudGuard.exe, 2896, Delete-on-Reboot, [a9d71a301d6dc67063ec10f633cf3ec2]Modules: 0(No malicious items detected)Registry Keys: 2PUP.Optional.CloudGuard.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CloudGuard, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, HKLM\SOFTWARE\CLOUDGUARD, Quarantined, [c1bf4802850568ce92dda82219eabf41], Registry Values: 1PUP.Optional.CloudGuard.A, HKLM\SOFTWARE\CLOUDGUARD|Install_Dir, C:\Program Files\CloudGuard, Quarantined, [c1bf4802850568ce92dda82219eabf41]Registry Data: 1Trojan.DNSChanger, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{86308DB8-906A-4644-BFB4-ACEB40A65B72}|NameServer, 31.168.224.106,5.135.12.52, Good: (), Bad: (31.168.224.106,5.135.12.52),Replaced,[116f84c629613ff7b8eefbffa75e21df]Folders: 2PUP.Optional.CloudGuard.A, C:\Users\{username}\AppData\Local\Temp\CloudGuard, Quarantined, [9fe1e466a5e5ff372c425b6fa360bd43], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard, Delete-on-Reboot, [fb85a1a9177364d21d94d471040124dc], Files: 11PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\CloudGuard.exe, Delete-on-Reboot, [a9d71a301d6dc67063ec10f633cf3ec2], PUP.Optional.CloudScout.A, C:\Users\{username}\Desktop\CloudScout.exe, Quarantined, [344c09418ffb023484c2351152b0ce32], PUP.Optional.CloudGuard.A, C:\Users\{username}\AppData\Local\Temp\CloudGuard\config.ini, Quarantined, [9fe1e466a5e5ff372c425b6fa360bd43], PUP.Optional.CloudGuard.A, C:\Users\{username}\AppData\Local\Temp\CloudGuard\ConsoleApplication1.dll, Quarantined, [9fe1e466a5e5ff372c425b6fa360bd43], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\License.rtf, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\config.ini, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\Info.rtf, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\settings.ini, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\uninstall.exe, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudGuard.A, C:\Program Files\CloudGuard\ZonaTools.XPlorerBar.dll, Quarantined, [fb85a1a9177364d21d94d471040124dc], PUP.Optional.CloudScout.A, C:\Windows\System32\Tasks\CloudScout, Quarantined, [562a73d7c9c16fc7e9c9d96c7b8a9868], Physical Sectors: 0(No malicious items detected)(end)
As mentioned before the full version of Malwarebytes Anti-Malware could have protected your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention
Save yourself the hassle and get protected.
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.