cancel
Showing results for 
Search instead for 
Did you mean: 
mack
Level 7
Report Inappropriate Content
Message 1 of 52

Open Cloud Security malware has hijacked network computer

Open Cloud Security has hijacked a computer on our network.  Our McAfee software has not detected it, and I can find no info of how to get rid of this obnoxious beasty.  Not regedit savvy, so I need some explicit instructions .... PULEEZ!

Thanks,

Mack

51 Replies
nownitin
Level 12
Report Inappropriate Content
Message 2 of 52

Re: Open Cloud Security malware has hijacked network computer

Hello Mack,

first of all, please disable internet connection, zip the  'OpenCloudSecurity.exe'  file with password 'infected' and send it to virus_research@avertlabs.com, and mention the Id you receive in this thread.

delete these files mentioned below:

This fakealert drops these file at

  • %AppData%\OpenCloud Security\
  • %AppData%\OpenCloud Security\OpenCloudSecurity.exe
  • %AppData%\OpenCloud Security\OpenCloudSecurity.ico
  • %AppData%\OpenCloud Security\wf.conf
  • %StartMenu%\Programs\OpenCloud Security\
  • %StartMenu%\Programs\OpenCloud Security\OpenCloudSecurity.lnk
  • %UserProfile%\Desktop\OpenCloud Security.lnk

There will be registry entry as it here:

         HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run    

             OpenCloudSecurity = "%AppData%\OpenCloud Security\OpenCloud Security.exe"

e.g. %appdata% : "C:\Documents and Settings\UserName\Application Data"

you would like to run the fakealert stinger also for detection <http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx>.

Hopw these steps will help!

Regards,

Nitin Kumar

McAfee SME

nownitin
Level 12
Report Inappropriate Content
Message 3 of 52

Re: Open Cloud Security malware has hijacked network computer

moved the detection to Top Threat section.

nownitin
Level 12
Report Inappropriate Content
Message 4 of 52

Re: Open Cloud Security malware has hijacked network computer

Re: Open Cloud Security malware has hijacked network computer

We have shut our main system down from the internet until McAfee posts a fix for this annoying virus. it showed up this morning on our system also and it's completely dominated our main system. This virus seems to anticipate all challenges and counteracts. It's even disabled the McAfee firewall. What a bummer! We have about two days until we have to completely wipe the drive and format. Any help would be appreciated.

nownitin
Level 12
Report Inappropriate Content
Message 6 of 52

Re: Open Cloud Security malware has hijacked network computer

Re: Open Cloud Security malware has hijacked network computer

Infected this morning.  I tried looking for these files, but couldn't find them:

  • %AppData%\OpenCloud Security\
  • %AppData%\OpenCloud Security\OpenCloudSecurity.exe
  • %AppData%\OpenCloud Security\OpenCloudSecurity.ico
  • %AppData%\OpenCloud Security\wf.conf
  • %StartMenu%\Programs\OpenCloud Security\
  • %StartMenu%\Programs\OpenCloud Security\OpenCloudSecurity.lnk
  • %UserProfile%\Desktop\OpenCloud Security.lnk

I was able to save the Fake Alert Stinger on a thumb drive and copy it to the infected computer.  I opened the computer in safe mode and followed the directions for the Stinger, and it said it ran, but it didn't seem to actually do anything.  I tried running McAfee in Safe Mode and it said the computer was fine.  I rebooted and started the computer normally and the first thing to pop up was the Open Cloud garbage.

I can't send you the 'OpenCloudSecurity.exe'  file because my computer says it isn't there.

I tried using the Windows program uninstaller, but it doesn't even see the OpenCloud program.

RRMX
Level 7
Report Inappropriate Content
Message 8 of 52

Re: Open Cloud Security malware has hijacked network computer

We had a client with this and the filenames appear to be obfuscated now.

In addition, this malware appears to block access to network drives and also manages to disable McAfee VirusScan 8.7.

Working on obtaining samples for submission.

Re: Open Cloud Security malware has hijacked network computer

Thanks, RRMX.  Glad to know it was just me.

Highlighted

Re: Open Cloud Security malware has hijacked network computer

just got the same virus today also, it seems like many people are getting it today. hopefully mcafee will have a fix up soon.  i tried various things including what moxie did but nothing yet seems to work. i will keep trying and let you guys know if im successful

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community