Jump to content

Open Cloud AV


Recommended Posts

I am helping someone clean their laptop to remove Open Cloud AV. It was infected on October 3, 2011. I first loaded and ran Malwarebytes in safe mode without renaming the exe. It appeared to work, but then Open Cloud AV reappeared after I rebooted in normal mode. I then followed the existing Malwarebytes instructions (9/11) to remove the malware. I had a great deal of difficulty getting Malwarebytes started in Quick Scan because the current version of Open Cloud AV loops threads / processes to and grab processor cycles and keep modal warning windows and taskbar balloons grabbing focus from all other application windows.

Malwarebytes is now running, but very slowly because the Open Cloud AV balloons are continuing to be generated as random name file folders are created by the code. I am 2 hours into the scan and have only scanned 2500 objects in memory, including the register keys. If the scan will eventually include the constantly generated folders I don’t see how it can get ahead of the Open Cloud generator?

Can I successfully run the renamed Malwarebytes exe file in safe mode w/o network (recall that the first time I tried it did not work but I did not rename the Malwarebytes executable) if the scan does not complete?

Thanks

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.