system
13
I ran into CloudAv 2012 today while webbrowsing with Firefox & Win7.
When it first popped up, I was unable to kill it. Flash kept requesting access to change my hard drive, and would not take NO as an answer until I 3-finger saluted and killed every suspicious looking program and process in task manager. I rebooted, and CloudAV 2012 launched automatically. I ran msconfig, cleared it from all the startup fields, and rebooted- this time, it did not launch, but was still on my PC. It did not install itself as a proxy server; I was able to use IE to troubleshoot online (wasn’t sure if Firefox was infected).
So, avast didn’t stop it, didn’t catch it in a scan, and didn’t even recognize it as a virus when I clicked on the virus .exe and initiated a scan. I found this thread in a google earch, installed Malwarebytes Anti-Malware, which appears to have found and destroyed it.
Here is the log from Malwarebytes. They may not all be CloudAv, but they’re all files that Avast missed:
Folders Infected:
c:\Users\xxxx\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012 (Rogue.CloudAV2012) → No action taken.
Files Infected:
c:\Users\xxxx\AppData\Roaming\dwme.exe (Malware.Packer) → No action taken.
c:\Users\xxxx\AppData\Roaming\firefox.exe (Malware.Packer) → No action taken.
c:\Users\xxxx\AppData\Local\Temp\dwme.exe (Malware.Packer) → No action taken.
c:\Users\xxxx\AppData\Local\Temp\tmph1549684543348720964.tmp (Trojan.Tracur) → No action taken.
c:\Users\xxxx\downloads\xvidsetup.exe (Adware.Hotbar) → No action taken.
c:\Users\xxxx\AppData\Roaming\ahst.lni (Malware.Trace) → No action taken.
c:\Users\xxxx\Desktop\cloud av 2012.lnk (Rogue.CloudAV2012) → No action taken.
c:\Users\xxxx\AppData\Roaming\microsoft\Windows\start menu\Programs\cloud av 2012\cloud av 2012.lnk (Rogue.CloudAV2012) → No action taken.