Open Cloud Security has hijacked a computer on our network. Our McAfee software has not detected it, and I can find no info of how to get rid of this obnoxious beasty. Not regedit savvy, so I need some explicit instructions .... PULEEZ!
first of all, please disable internet connection, zip the 'OpenCloudSecurity.exe' file with password 'infected' and send it to firstname.lastname@example.org, and mention the Id you receive in this thread.
delete these files mentioned below:
This fakealert drops these file at
There will be registry entry as it here:
OpenCloudSecurity = "%AppData%\OpenCloud Security\OpenCloud Security.exe"
e.g. %appdata% : "C:\Documents and Settings\UserName\Application Data"
you would like to run the fakealert stinger also for detection <http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx>.
Hopw these steps will help!
We have shut our main system down from the internet until McAfee posts a fix for this annoying virus. it showed up this morning on our system also and it's completely dominated our main system. This virus seems to anticipate all challenges and counteracts. It's even disabled the McAfee firewall. What a bummer! We have about two days until we have to completely wipe the drive and format. Any help would be appreciated.
Please start system in safe mode and run McAfee FAkeAlert Stinger <http://www.mcafee.com/us/downloads/free-tools/fake-alert-stinger.aspx>.
There are other posts in Top Threat Section e.g. <https://community.mcafee.com/community/security/top_threats/blog/2011/09/30/open cloud-security--fak...>
also submit this sample to email@example.com, <http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx>
Infected this morning. I tried looking for these files, but couldn't find them:
I was able to save the Fake Alert Stinger on a thumb drive and copy it to the infected computer. I opened the computer in safe mode and followed the directions for the Stinger, and it said it ran, but it didn't seem to actually do anything. I tried running McAfee in Safe Mode and it said the computer was fine. I rebooted and started the computer normally and the first thing to pop up was the Open Cloud garbage.
I can't send you the 'OpenCloudSecurity.exe' file because my computer says it isn't there.
I tried using the Windows program uninstaller, but it doesn't even see the OpenCloud program.
We had a client with this and the filenames appear to be obfuscated now.
In addition, this malware appears to block access to network drives and also manages to disable McAfee VirusScan 8.7.
Working on obtaining samples for submission.
just got the same virus today also, it seems like many people are getting it today. hopefully mcafee will have a fix up soon. i tried various things including what moxie did but nothing yet seems to work. i will keep trying and let you guys know if im successful