OpenCloud Security FakeAlert are commonly found to be installed by other trojandownloaders. These trojans usually arrive as e-mail attachments, or via drive-by-downloadattacks exploiting vulnerabilities in Windows and third-party applications.

Upon execution, It copies itself to the following paths:

 

  • %USERPROFILE%\Application Data\ OpenCloudSecurity\OpenCloud Security.exe
  • %ALLUSERSPROFILE%\Application Data\ OpenCloud Security\OpenCloud Security.exe

This FakeAlert evolves its appearance and may present itself using one ofthe following graphical user interfaces:

avsec1.jpg

 

 

This infection will also terminate the majority of programsthat you attempt to run.

When you start an executable it will automatically beclosed and you will then be shown a security warningfrom the Windows taskbar stating that the program is infected.

 

avsec2.jpg

While running, this fakealert will display a variety of fake security alerts and warnings . The various alerts are shown below:


avsec3.jpgavsec6.jpg

 

avsec7.jpg

 

Mitigation:

Mitigation

 

  • Users should be cautious with suspicious e-mailattachments.
  • Users should apply the latest security patches for Windows and third-party applications including the following, which are popular targets:
    • Internet Explorer
    • Microsoft Office (Excel, Word, PowerPoint, etc.)
    • Adobe Reader
    • Java
    • Flash Player
    • RealPlayer
    • QuickTime
  • Users should browse the website cautiously, avoid to browse unknown site.

 

Note: If you are already infected with the this fakealert and not able to execute anything.

Start the machine in 'Safe Mode with Networking' and run the McAfee FakeAlert Stinger <http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx>

keep the sensitivity Level to 'very high' , it is 'verylow' by default.