Another computer infection has started to make its way and thus threaten computer users’ safety and tranquility. This is Cloud AV 2012, a rogue-antipsyware program that will try to make you believe that your machine has been infected with some kind of virus and that Cloud AV 2012 is the program you have to purchase in order to get rid of it.
Just like other infections we’ve talked about, this will fakely scan your PC and then will display a list of several infections that are present on the computer. It will then try to trick you into purchasing the program but don’t do so as this is a scam. Ignore the fake warnings that Cloud AV 2012 will present you with as all of these are false. The infection will display them regardless of how clean your computer is.
Most of the programs you run on your computer will be terminated and you won’t be able to run them. Thus, when you launch an executable, it will immediately be closed followed by a false security warning. This warning will say that the program you’re trying to run is infected.
The infection will make Windows use a Proxy Server. So, when you try to reach a certain webpage you want to visit, you will get instead a fake security alert telling you that the website you want to visit is malicious. Therefore, if you had the bad luck to get your PC infected with Cloud AV 2012, then here are the steps that must be followed in order to remove it:
1. Before starting the Cloud AV 2012 removal procedure, you will have to print out this guide because you will have to close all the windows and currently running programs at a certain moment in the cleaning procedure. Another computer would come in handy as well since your PC might be unable to download the tools you need to see the virus removed. Thus, you can use another computer to read the guidelines and to download the necessary programs that you can transfer to your infected computer using an external drive, USB flash drive or CD/DVD.
2. Make sure you boot in Safe Mode With Networking. As we’ve told you in previous posts on similar topics, the computer must be turned off and then on in order to boot in this mode. Press the F8 key when you see that something appears on the screen. Select Safe Mode With Networking and then hit Enter. Login as the same user you logged in in the normal Windows mode.
3. There are great chances for Cloud AV 2012 to have configured Windows to use a Proxy Server that will prevent you from getting to the webpages you want. To take care of this problem, you will have to launch Internet Explorer and then go to Tools>Internet Options.
4. When you’re at the Internet Options window, you will have to hit the Connections tab and then click the LAN settings button. You will then get to the LAN settings screen where you will have to check the “Use a proxy server for your LAN” box. Click OK after that.
5. As Cloud AV 2012 is bundled with TDSS rootkit infection, you will have to run TDSSKiller. Reboot after that if you are asked to do so. Make sure reboot again in the Safe Mode With Networking.
6. The next thing to do is to run Rkill and terminate all the processes that are associated with Cloud AV 2012 this way. Save it to your desktop and then double-click on the iExplore.exe to run the program. Rkill will now end the malware programs. Cloud AV 2012 might display another fake warning telling you that Rkill is a malicious program. It does to protect itself from tools that would remove it. Bypass the malware by leaving the warning open. When Rkill finishes ending the malicious processes, do not reboot the PC even if it asks you to do so.
7. Next in the fix is downloading MBAM (Malwarebytes’ Anti-Malware) and saving it to your desktop. When the download finishes, you will have to close all the open windows and running programs.
8. Initiate the MBAM installation by double-clicking on the mbam-setup.exe icon. Don’t modify the default settings but check the Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware options before hitting Finish. Don’t reboot the computer even if MBAM asks you to do this.
9. Go to the MBAM Scanner tab and then check the Perform Full Scan option. Click the Scan button after that and wait till you’re presented with a message telling you that the scan has completed.
10. Get back to the Scanner screen and see the scan results by clicking the Show Results button. A list of all the infections found will be displayed. Check them all and hit Remove Selected. These files will be deleted and then added to the program’s quarantine.
11. Reboot the computer if MBAM asks you to do so.
12. You will see the scan log displayed in Notepad. Review it, close it and exit MBAM.
Cloud AV 2012 should no longer be on your computer. Make sure you use a powerful antivirus program or you purchase the PRO version of MBAM in order to prevent other malicious programs from infecting your PC.