Cloud Protection

Posted: October 10, 2011
Threat Metric
Threat Level: 10/10
Infected PCs 89

Cloud Protection Description

Cloud Protection Screenshot 1Cloud Protection is a new variant of older forms of rogue anti-malware programs from the FakeScanti family. This group of fake malware scanners (including Cloud Protection) uses fake error messages to make you believe that your PC is seriously damaged and follows up on the scam by asking you to purchase a registration key to fix the problem. SpywareRemove.com malware experts have combed over Cloud Protection and found Cloud Protection to be totally lacking in real anti-virus or anti-malware functionality, however, and they recommend against purchasing Cloud Protection. Until you remove Cloud Protection and any related infections (such as the ZeroAccess rootkit) from your PC with a real anti-malware program, your computer may be subjected to attacks that redirect your web browser or shut down security-related software.

Countless Reasons to Avoid a Cloud Protection Forecast

Cloud Protection is part of a family of rogue security programs that prefer to distribute themselves with ZeroAccess, a rootkit that have a variety of capabilities, most particularly towards attacking your computer's security. While ZeroAccess is active, you may be unable to run standard anti-malware software or experience unusual crashes that prevent you from removing Cloud Protection. However, SpywareRemove.com malware analysts note that appropriate rootkit-removal software can still delete the latest versions of ZeroAccess, and sufficiently-broad anti-malware programs should also be able to remove Cloud Protection in the process.

Other Cloud Protection-related problems can also extend to:

IDing a Fake Cloud Protection Infection

SpywareRemove.com malware researchers present the following examples of Cloud Protection's fake warnings to allow you to ignore any pop-ups that resemble these false leads. However, since their appearance on your PC does indicate that your PC is already infected with Cloud Protection, further action, such as usage of an anti-malware product, is required.

svchost.exe
svchost.exe was replaced with unauthorized program.
It has encountered a problem and needs to close.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us. We will treat this report as confidential and anonymous.

Windows Security Alert
To help protect your computer, Windows Firewall has blocked some features of this program.
Do you want to keep blocking this program?
Name: Zeus Trojan
Publisher: Unauthorized

Warning! Infection found
Unauthorized sending E-MAIL with subject "RE:" to [FAKE EMAIL] was CANCELLED.

Warning! Infection found
Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.
Keylogger Zeus was detected and put in quarantine.
Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

Security Warning
Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software. Click here to enable protection.

Security Warning
Malicious programs that may steal your private information and prevent your system from working properly are detected on your computer.
Click here to clean your PC immediately.

Security Warning
There are critical system files on your computer that were modified by malicious software.
It may cause permanent data loss.
Click here to remove malicious software.

Warning: Infection is Detected
Windows has found spyware infection on your computer!
Click here to update your Windows antivirus software

Warning: Spyware Detected
Windows has found spy programs running on your computer!
Click here to update your Windows antivirus software

Windows Security Center
Serious security vulnerabilities were detected on this computer. Your privacy and personal data may be unsafe. Do you want to protect your PC?

Besides the symptoms that have been noted here, Cloud Protection and the ZeroAccess rootkit may show few symptoms of being on your computer and, if removed in an improper fashion, may remain on your PC even if they appear to be removed. Use Safe Mode and a completely-updated security program to scan your hard drive, before assuming that your Cloud Protection removal attempt has succeeded. If necessary, SpywareRemove.com malware experts also note that you can fake registration for Cloud Protection with the code '9992665263.'

Cloud Protection Screenshot 2Cloud Protection Screenshot 3Cloud Protection Screenshot 4Cloud Protection Screenshot 5Cloud Protection Screenshot 6

Aliases


Mal/FakeAV-OZ [Sophos]a variant of Win32/Kryptik.AAJZ [NOD32]Adware/WindowsRecovery [Panda]Gen:Variant.Kazy.40147 [BitDefender]a variant of Win32/Kryptik.TWI [NOD32]Trojan.Win32.Jorik [Ikarus]Trojan.Agent/Gen-FakeSysArtemis!1B426E933853 [McAfee-GW-Edition]Trojan.Win32.Jorik!IKTrojan.Win32.Jorik.Fraud.fla [Kaspersky]TROJ_FAKEAV.ZXNa variant of Win32/Kryptik.UES [NOD32]Generic FakeAlert.bz [McAfee]Gen:Variant.Graftor.1637Win32:FakeAlert-BHX [GData]
More aliases (62)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Cloud Protection may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%USERPROFILE%cmhost.exe File name: cmhost.exe
Size: 174.59 KB (174592 bytes)
MD5: 999ab3d32d2aa4c05962142ebbca8f41
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: October 20, 2011
%TEMP%svhostu.exe File name: svhostu.exe
Size: 102.91 KB (102912 bytes)
MD5: 55e3ebfc4a5b7a14a46b9051c10a08ec
Detection count: 33
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: October 17, 2011
%ALLUSERSPROFILE%\Application Data\6DSS92c31Apgjk.exe File name: 6DSS92c31Apgjk.exe
Size: 347.13 KB (347136 bytes)
MD5: 15d961278fc23d262a41b43c91b79849
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: October 25, 2011
%TEMP%\Low\9b88.exe File name: 9b88.exe
Size: 430.08 KB (430080 bytes)
MD5: a537b08413c63a31533833bed1002b13
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\Low\
Group: Malware file
Last Updated: October 25, 2011
%PROGRAMFILES%\1B272\lvvm.exe File name: lvvm.exe
Size: 193.53 KB (193536 bytes)
MD5: 30b417d498af215d9d4c04f9182813f7
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\1B272\
Group: Malware file
Last Updated: October 25, 2011
%ALLUSERSPROFILE%\Application Data\1kAlMiG2Kb7FzP.exe File name: 1kAlMiG2Kb7FzP.exe
Size: 429.05 KB (429056 bytes)
MD5: 19db38e4385b31dd3460bffd8be2ee7f
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: November 1, 2011
%ALLUSERSPROFILE%\Application Data\PeOuyECqQC.exe File name: PeOuyECqQC.exe
Size: 502.78 KB (502784 bytes)
MD5: 1b426e933853d2bcb271183c696a3084
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %ALLUSERSPROFILE%\Application Data\
Group: Malware file
Last Updated: October 25, 2011
%AppData%\ldr.ini File name: %AppData%\ldr.ini
Mime Type: unknown/ini
Group: Malware file
%AppData%\E77ikC6uQA5hAym File name: %AppData%\E77ikC6uQA5hAym
Group: Malware file
%AppData%\GxxTGN9pzF File name: %AppData%\GxxTGN9pzF
Group: Malware file
%AppData%\g44tgnOLrfI2dJw File name: %AppData%\g44tgnOLrfI2dJw
Group: Malware file
%AppData%\g44tgnOLrfI2dJw\Cloud Protection.ico File name: %AppData%\g44tgnOLrfI2dJw\Cloud Protection.ico
Mime Type: unknown/ico
Group: Malware file
%Programs%\Cloud ProtectionCloud Protection.lnk File name: %Programs%\Cloud ProtectionCloud Protection.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%Programs%\Startupcrss.exe File name: %Programs%\Startupcrss.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%ProgramFiles\Internet Explorer\1.tmp File name: %ProgramFiles\Internet Explorer\1.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file
%SystemDir%\D88olEDV7kS7kSu.exe File name: %SystemDir%\D88olEDV7kS7kSu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%Desktop%\Cloud Protection.lnk File name: %Desktop%\Cloud Protection.lnk
File type: Shortcut
Mime Type: unknown/lnk
Group: Malware file
%TempDir\svhostu.exe File name: %TempDir\svhostu.exe
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
%TempDir\2.tmp File name: %TempDir\2.tmp
File type: Temporary File
Mime Type: unknown/tmp
Group: Malware file

More files

Registry Modifications


The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM CHARACTERS]"

7 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.