«

»

Aug 28

OpenCloud Antivirus Rogue of the FakeScanti Family

OpenCloud Antivirus is a rogue of the FakeScanti Family, that uses scare tactics of fakealerts and the blocking of any application trying to run to scare the user into purchasing the rogue to clean the fake scan results it shows.

OpenCloud Antivirus (FakeScanti) GUI

Files and Locations:
%APPDATA%\OpenCloud Antivirus\OpenCloud Antivirus.exe
%APPDATA%\OpenCloud Antivirus\OpenCloud Antivirus.ico
%APPDATA%\OpenCloud Antivirus\sysl32.dll
%APPDATA%\OpenCloud Antivirus\wf.conf
%PROGRAMS%\OpenCloud Antivirus\OpenCloud Antivirus.lnk

About locations:
%APPDATA% and  are token’s that refer to specific Windows directories for the different Operating Systems being used.

%APPDATA%
XP:
<drive>:\Documents and Settings\<user>\Local Settings\Application Data

Vista and Windows 7:
<drive>:\Users\<User>\AppData\Local

%PROGRAMS%
XP:
<drive>:\Program Files (English)

Vista/Windows 7:
<drive:>\Program Files  <drive>:\Program Files (x86)

 Current two sites associated with the rogue:
xmlstatreports.com
paybycardonline.com

This rogue can be removed using manually methods, however, the OpenCloud Antivirus rogue is difficult as it will try and re-infect the PC, and requires re-starting into safe mode, so it is recommend to use our Antispyware/Antivirus removal tool, VIPRE Antivirus. You can download a free trial to remove the BlueFlare Antivirus rogue from your computer for no cost by clicking on the link below:

http://www.vipreantivirus.com/Antivirus-Trial/VIPRE-Antivirus/

If you are unable to download and install our malware removal tool because this has infected your computer and is not allowing you to install the program, you can use our VIPRE Rescue Disc here:

http://live.sunbeltsoftware.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>