Cloud AV 2012

Posted: November 23, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 220

Cloud AV 2012 Description

Cloud AV 2012 Screenshot 1Cloud AV 2012 is a duplicate of other variants of rogue AV programs from the FakeScanti (also known as Fake Scanti and Rogue:Win32/FakeScanti) subgroup. Unlike a legitimate anti-virus application, Cloud AV 2012 can't find or remove viruses, but supports the appearance of being able to do so by creating fake infection warnings and other types of problems, including blocking website access, blocking programs and changing your desktop. SpywareRemove.com malware experts strongly recommend that you remove Cloud AV 2012 from your PC as soon as you see Cloud AV 2012 appear since side effects of Cloud AV 2012's presence will cause your computer to have weakened security and be generally-dysfunctional. When possible, using anti-malware software to accomplish this will help to prevent lasting harm to your PC, since components of Cloud AV 2012 may use the names of default Windows files or utilize other techniques to conceal themselves.

A Forecast for Cloud AV 2012: Nothing but Trouble for Your Computer

Although Cloud AV 2012 can cause a wide range of problems for your PC, the stand-out symptom of Cloud AV 2012 infection is the appearance of unusual error messages in various formats. Fake warnings and errors from Cloud AV 2012 can take the form of desktop images, taskbar balloons, web browser pop-ups and even fake Windows Security Center alerts. These false infection warnings are used to tempt you to purchase Cloud AV 2012 to remove these nonexistent issues, and, naturally, SpywareRemove.com malware researchers strongly discourage falling for this waste of money.

Many of these false messages may also appear when you attempt to navigate to an anti-malware website or use anti-malware software to remove Cloud AV 2012. You should be aware that Cloud AV 2012 is incapable of finding or removing any sort of threat to your PC and that this behavior is intended purely to stop you from deleting Cloud AV 2012 and taking the 'easy' way out of its scam. These errors don't indicate that there are actual problems with the websites or programs themselves, although, in some cases, Cloud AV 2012 may attempt to uninstall popular brands of PC security software.

The Rest of Cloud AV 2012's Stormy Weather

Even if you've resolved to uninstall Cloud AV 2012 at the first opportunity, other issues that Cloud AV 2012 may cause can make this prospect intimidating and difficult. SpywareRemove.com malware research team recommends using an anti-malware program to be sure of finding and removing all components of a Cloud AV 2012 infection, and be prepared to skirt around issues like these:

  • Browser hijacks that redirect you to Cloud AV 2012's website or block access to other websites.
  • A changed desktop background.
  • Pop-up windows that imitate Windows programs like Windows Security Center.
  • Random reboots of Windows.
  • Programs that are arbitrarily-blocked from being launched.

In all cases, stopping Cloud AV 2012 from launching itself is the first step to avoiding these attacks so that you can properly-remove Cloud AV 2012 from your PC. In most cases, Safe Mode is the readiest-available method of achieving this. A complete system scan should also be used, since an incomplete scan may allow any Trojans that are present to install a new FakeScanti infection, such as

Cloud AV 2012 Screenshot 2Cloud AV 2012 Screenshot 3Cloud AV 2012 Screenshot 4Cloud AV 2012 Screenshot 5Cloud AV 2012 Screenshot 6Cloud AV 2012 Screenshot 7

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Cloud AV 2012 may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%APPDATA%\XHHH5sQQJ7dK8RZ\Cloud AV 2012v121.exe File name: Cloud AV 2012v121.exe
Size: 2.8 MB (2801664 bytes)
MD5: 420b6e9c65701b4b6720f25762f6186d
Detection count: 101
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\XHHH5sQQJ7dK8RZ\
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\Microsoft\8AF2\66C.exe File name: 66C.exe
Size: 286.2 KB (286208 bytes)
MD5: 535b08b0737a0524b133be6401338383
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Microsoft\8AF2\
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\AED99\502F9.exe File name: 502F9.exe
Size: 172.54 KB (172544 bytes)
MD5: a206e763d2bbed0eee677180c0ebe359
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\AED99\
Group: Malware file
Last Updated: November 24, 2011
%APPDATA%\13DB7\lvvm.exe File name: lvvm.exe
Size: 188.41 KB (188416 bytes)
MD5: 430ab1341e367ee43e2c57e9accd7be2
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\13DB7\
Group: Malware file
Last Updated: November 24, 2011
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%AppData%\[RANDOM CHARACTERS]\Cloud AV 2012.ico File name: %AppData%\[RANDOM CHARACTERS]\Cloud AV 2012.ico
Mime Type: unknown/ico
Group: Malware file
%DesktopDir%\Cloud AV 2012.lnk File name: %DesktopDir%\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Temp%\8.tmp File name: %Temp%\8.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%AppData%\dwme.exe File name: %AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%SYSTEM%\Cloud AV 2012v121.exe File name: %SYSTEM%\Cloud AV 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Local_AppData%\dwme.exe File name: %Local_AppData%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%PROGAM_FILES%\LP\BAD6\C29.exe File name: %PROGAM_FILES%\LP\BAD6\C29.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%PROGAM_FILES%\24245\lvvm.exe File name: %PROGAM_FILES%\24245\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\FCE03\0FD4B.exe File name: %AppData%\FCE03\0FD4B.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%AppData%\FCE03\3F0D.CE0 File name: %AppData%\FCE03\3F0D.CE0
Mime Type: unknown/CE0
Group: Malware file
%AppData%\LUUJ1wscH0aTNzF\Cloud AV 2012.ico File name: %AppData%\LUUJ1wscH0aTNzF\Cloud AV 2012.ico
Mime Type: unknown/ico
Group: Malware file
%TempDir%\1.tmp File name: %TempDir%\1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%TempDir%\dwme.exe File name: %TempDir%\dwme.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\LP\4B7F\027.exe File name: %ProgramFiles%\LP\4B7F\027.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles%\LP\4B7F\2.tmp File name: %ProgramFiles%\LP\4B7F\2.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\LP\4B7F\3.tmp File name: %ProgramFiles%\LP\4B7F\3.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\LP\4B7F\4.tmp File name: %ProgramFiles%\LP\4B7F\4.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%ProgramFiles%\03F0D\lvvm.exe File name: %ProgramFiles%\03F0D\lvvm.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Programs%\Cloud AV 2012\Cloud AV 2012.lnk File name: %Programs%\Cloud AV 2012\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Desktop%\Cloud AV 2012.lnk File name: %Desktop%\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%SystemDir%\Cloud AV 2012v121.exe File name: %SystemDir%\Cloud AV 2012v121.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Windows%\system32\[RANDOM CHARACTERS].exe File name: %Windows%\system32\[RANDOM CHARACTERS].exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[USERNAME]\Application Data\svhostu.exe File name: %Documents and Settings%\[USERNAME]\Application Data\svhostu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Documents and Settings%\[USERNAME]\Local Settings\Temp\[RANDOM CHARACTERS].tmp File name: %Documents and Settings%\[USERNAME]\Local Settings\Temp\[RANDOM CHARACTERS].tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%Documents and Settings%\[USERNAME]\Application Data\[RANDOM CHARACTERS]\ File name: %Documents and Settings%\[USERNAME]\Application Data\[RANDOM CHARACTERS]\
Group: Malware file
%Documents and Settings%\[USERNAME]\Start Menu\Programs\Cloud AV 2012\ File name: %Documents and Settings%\[USERNAME]\Start Menu\Programs\Cloud AV 2012\
Group: Malware file
%Documents and Settings%\[USERNAME]\Desktop\Cloud AV 2012.lnk File name: %Documents and Settings%\[USERNAME]\Desktop\Cloud AV 2012.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file

More files

Registry Modifications


The following newly produced Registry Values are:

Regexp file mask%AppData%\iexplore.exe%AppData%\svhostu.exeHKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceListHKEY_CURRENT_USER\Software\Cloud AV 2012HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

2 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.