Malware Removal Instructions

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 23 November 2011

How to Remove Cloud AV 2012 (Uninstall Guide)

Posted on 11:19 by Unknown
Cloud AV 2012 is a rogue antivirus program that claims to find malicious software on your computer. The rogue program disables certain Windows utilities and blocks genuine security products. It launches itself every time your PC is turned on and pretends to scan the system for malware. It is worth mentioning, however, that this fake AV reports exactly the same infections on different computers: Trojan.JBS.Ghost, Trojan-Downloader.JS.Remora, Net-Worm.Win32.Kido.ih and other stuff. Yeah, I know it's possible but not probably, right? So, basically, Cloud AV 2012 malware is playing on your fears to try to sell you completely BS security product. If you have fallen for the scam and have paid for the rogue program you should issue chargebacks through your credit card company. That's the only way to get your money back, besides, too many chargebacks will probably result in the merchant losing the ability to accept credit card payments. That's a good thing, isn't it? Then you need to remove Cloud AV 2012 and associated malware from your computer. To do so, please follow the removal instructions below.



Usually, such fake AVs as Cloud AV 2012 drive people nuts, especially because of never ending alerts and notifications about critical threats, etc.



However, they are not so dangerous after all and I think shouldn't be compared to more sophisticated malware, rootkits, worms or viruses. It's just well designed but useless application which reports non-existent infections. That's all. Then bad news is, however, that Cloud AV 2012 comes bundled with Trojans and sometimes even rootkits. There are usually a number of Trojans that can download additional malcode onto the infected computer and rootkits may hide/block legitimate antivirus programs. But that's not all, the rogue program modifies Windows Hosts file to redirect internet traffic to either infected or sponsored websites involved in click fraud schemes.



So there you go. I know it sounds like a lot of job, removing Cloud AV 2012 and associated malware is not that difficult after all. First, run rootkit removal utility. Then scan your computer with recommend anti-malware program. Finally, restore Windows Hosts file using Fix it utility. You may even use this debugged registration key 9992665263 to make your life and removal procedure a little bit easier. Just follow the steps in the removal guide below. If you need extra help removing it, please leave a comment below. Good luck and be safe online!

http://deletemalware.blogspot.com


Cloud AV 2012 removal instructions:

1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only! If you have 64-bit system, proceed to the next step)

2. Then use TDSSKiller. If you can't run it (rogue av blocks it), rename tdsskiller to winlogon and run the utility again.

3. And finally, download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. That's It!

Read more detailed instructions here: http://www.computerhope.com/issues/chsafe.htm


NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

4. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Manual Cloud AV 2012 removal guide:

1. Right-click on Cloud AV 2012 icon and select Properties. Then select Shortcut tab.

The location of the malware is in the Target box.



2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.

Original file: Cloud AV 2012v121.exe



Renamed file: TcS22bF3nGaQWKf.vir (you may change only the file name and leave file extension .exe)



3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.

4. First, use TDSSKiller. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

5. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.


Manual activation and Cloud AV 2012 removal:

1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate Cloud AV 2012.

9992665263
1148762586
1171249582
1186796371
1196121858

2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.


Associated Cloud AV 2012 files and registry values:

Files:
  • C:\WINDOWS\system32\Cloud AV 2012v121.exe
  • %AppData%\dwme.exe
  • %DesktopDir%\Cloud AV 2012.lnk
  • %Programs%\Cloud AV 2012\Cloud AV 2012.lnk
  • %Programs%\Cloud AV 2012
Registry values:
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "[SET OF RANDOM CHARACTERS]"
Share this information with your friends:
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in Rogue programs | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • What is wrtc.exe and how to remove it?
    wrtc.exe - by Perion Network Ltd. What is wrtc.exe? wrtc.exe is a part of IncrediMail software, digitally signed by Perion Network Ltd. This...
  • Remove ShopperReports (Uninstall Guide)
    ShopperReports is defined as adware or a potentially unwanted program that displays marketing related results in a side pane of the browser...
  • Trojan.MBRlock, Внимание! Ваш компьютер заблокирован
    Trojan.MBRlock is a very disturbing piece of malicious code which infects the master boot record (MBR) and prevents Windows from starting. ...
  • False Positive: Ikarus and Comodo detecting TDSSKiller as a Trojan horse
    This awkward moment when you realize that your favorite rootkit removal utility is detected as malware. I probably wouldn't even have no...
  • Remove RiskTool.Win32.BitCoinMiner (Uninstall Guide)
    RiskTool.Win32.BitCoinMiner is a risk tool or potentially unwanted application that may use your computer's resources to generate bitco...
  • Remove Rattlingsearchsystem.com (Uninstall Guide)
    Rattlingsearchsystem.com is a ZeroAccess/Sirefef rootkit-related browser hijacker that redirects users to shady websites while searching on...
  • Remove TR/ATRAPS.Gen2, removal instructions
    Cyber crooks and third parties that buy stolen data are increasingly using more and more sophisticated techniques, in a variety of different...
  • Remove Ask Search and Ask Toolbar (Uninstall Guide)
    Ask Search and Ask Toolbar are very often incorrectly classified as virus/spyware that may cause search redirects. The majority of us pref...
  • How to remove 'TidyNetwork' adware virus from your computer
    As internet users most of us have seen those irritating little pop-up windows that are advertising something that we normally have little or...
  • Remove Windows Attention Utility (Uninstall Guide)
    Windows Attention Utility is a rogue security application that generates misleading warnings about nonexistent viruses and attempts to lure...

Categories

  • Adware
  • Answers
  • Antivirus software
  • Browser Hijackers
  • Cloud Computing
  • Fake Alerts
  • Giveaways
  • Hoax
  • How-To
  • IaaS
  • Internet
  • Malicious websites
  • Malware
  • PaaS
  • Parental Controls
  • Passwords
  • Phishing
  • Process Information
  • Ransomware
  • Rogue programs
  • Rootkits
  • SaaS
  • Security Advisories
  • Spam
  • Spyware
  • Trojans
  • Viruses
  • Web Browsers
  • Worms

Blog Archive

  • ►  2013 (173)
    • ►  December (6)
    • ►  November (13)
    • ►  October (11)
    • ►  September (20)
    • ►  August (4)
    • ►  July (17)
    • ►  June (31)
    • ►  May (25)
    • ►  April (15)
    • ►  March (17)
    • ►  February (7)
    • ►  January (7)
  • ►  2012 (86)
    • ►  November (2)
    • ►  October (4)
    • ►  September (6)
    • ►  August (6)
    • ►  July (11)
    • ►  June (1)
    • ►  May (5)
    • ►  April (7)
    • ►  March (7)
    • ►  February (17)
    • ►  January (20)
  • ▼  2011 (239)
    • ►  December (8)
    • ▼  November (18)
      • Wmupdate.exe Process Information
      • Achtung!!! Ein Vorgang illegaler Aktivitaten wurde...
      • Las operaciones sobre las actividades ilegales se ...
      • How to Remove Cloud AV 2012 (Uninstall Guide)
      • Remove Expandsearchanswers.com (Uninstall Guide)
      • Remove "Files indexation process failed" Warning (...
      • POLITIE Ransomware, Onwettige activiteiten gedetec...
      • How to Remove AV Protection 2011 (Uninstall Guide)
      • Remove "System Fix" (Uninstall Guide)
      • Webplayersearch.com, search.webplayer.tv and Adware
      • How to Remove AV Security 2012 (Uninstall Guide)
      • Remove Crackajacksearchsystem.com (Uninstall Guide)
      • Remove "Privacy Protection" (Uninstall Guide)
      • How to Remove System Security 2012 (Uninstall Guide)
      • Remove Get-answers-fast.com (Uninstall Guide)
      • Remove Remarkablesearchsystem.com (Uninstall Guide)
      • Remove Eximioussearchsystem.com (Uninstall Guide)
      • Remove Adjectivesearchsystem.com (Uninstall Guide)
    • ►  October (21)
    • ►  September (24)
    • ►  August (28)
    • ►  July (32)
    • ►  June (16)
    • ►  May (23)
    • ►  April (15)
    • ►  March (16)
    • ►  February (9)
    • ►  January (29)
  • ►  2010 (2)
    • ►  December (2)
Powered by Blogger.

About Me

Unknown
View my complete profile