Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to remove the latest version of Opencloud Security?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Robin888

Robin888

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:53 AM

Posted 28 September 2011 - 12:15 AM

I've been combating the OpenCloud Security malware the whole day, which invalidated my regular spyware defender like Microsoft Forefront and Adware. I tried Malwarebytes but it was shut down a few seconds later apparently by the malware, and then cannot be accessed any more. Error information "Windows cannot access the specified device,path or file. You may not have the appropriate permissions to access the item." Tried to run the Malwarebytes from a memory stick and failed the same. Tried to at least see those malicious files using HiJackIt after renaming it, and it was shut down, and couldn't be accessed any more. Tried to run the GMER and save information about rootkits but it again was shut down about one minute later and couldn't be accessed any more. Essentially this bad guy seems able to identify any actions against it and stop them. I founded another victim posted about the same problem with the DDS report several hours ago, and think I should step out to say he is not alone. Apparently the latest version of OpenCloud Security malware has gained some ability to hide it better and proactively act against potential removal attempts. And a solution is in urgent need. Any help will be highly appreciated.

By the way, the malware also redirected my google results to some nonsense ads webpages which made it difficult to even find information from BleepingComputer.com!

Edited by Orange Blossom, 28 September 2011 - 08:46 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:04:53 PM

Posted 28 September 2011 - 10:48 AM

Hello Robin888 and :welcome: to BC,

Please run the following scans and post all logs in your next reply.

Let me know if you have any problems running any of the scans

If one fails to run please proceed to next.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


We Need to check for Rootkits with RootRepeal[/list]Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
<li>Rar Mirrors - Only if you know what a RAR is and can extract it.
<li>Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
<li>Open Posted Image on your desktop.
<li>Click the Report tab.
<li>Click the Scan button.
<li>Check all seven boxes: Posted Image
<li>Click Ok
<li>Check the box for your main system drive (Usually C:), and press Ok.
<li>Allow RootRepeal to run a scan of your system. This may take some time.
<li>Once the scan completes, a logfile will open Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

How is your machine running now?

Please post all logs in your reply
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:53 AM

Posted 29 September 2011 - 12:04 AM

As the member has an open topic here http://www.bleepingcomputer.com/forums/topic421009.html I will close this one.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users