Popular Reviews

Adware Removal

» Adware Removal

Rogueware Removal

» Rogueware Removal

Keylogger Removal

Fix PC Errors

Helpful Definitions

Learn More

» Learn More

Antispyware Reviews

Registry Cleaner Reviews

Firewall Reviews

Spam Filter Reviews

Cloud Protection


 5th January 2012

Head in the Clouds Protection

With names like Cloud Protection, rogue antivirus programs are designed to convince computer users that they are facing severe threats and need to purchase their system-saving software immediately.  Countless worms, Trojans, viruses, rootkits, and scams certainly make security a must-have for every computer owner; and these rogues are counting on users making impulse decisions in an effort to keep their systems and data safe.  By taking a little time to learn how to recognize rogue antivirus programs, you can avoid wasting money and putting your system at risk.

What is Cloud Protection?

This rogue is part of the WinAVPro family and its interface is almost identical to its brother, Cloud AV 2012.  Because rogue programs tend to behave in the same ways, it is easy to recognize them when you know what you’re looking for.  The favorite tools of these rogues are false security scans and pop-ups that alert users to threats.  Cloud Protection cannot, however, scan your computer, and it cannot remove any threats.  What it can do is create ads that seek to persuade you that you need to buy the software.  Its protection is as empty as the threats it claims to have found.

Mode of Access

Rogues must enter your system by stealth, and they do this with the help of Trojans.  You may, for instance, want to watch a video online.  You receive a prompt saying that you do not have the correct video codec and need to download one.  You opt to do so in order to watch the video, but the codec is a Trojan in disguise.  Once you download the codec, you allow the Trojan to enter your system and deposit malware. Trojans can access your system when you click on affected links, images, ads, or banners or when you open affected emails.  The “free” or “trial” version of Cloud Protection is propagated this way.

There is also a “paid” or “full” version that must be user-installed.  This typically happens after the trial version has persuaded the user that there are infections, viruses, worms, and Trojans in their systems.  Wanting to protect the computer, the user purchases the software. Unfortunately, it can provide little protection, and they will still have to deal with the incessant pop-ups.  Other times, users install it after seeing ads on websites. 

Signs of Cloud Protection

If the rogue antivirus program was installed via Trojan, how do you know it is there?  Recognizing the signs and symptoms is essential so you can take action to remove Cloud Protection as soon as possible.

Immediately after download, rogues appear dormant. That is, you will not notice anything different.  During this time, though, the programs are quietly altering your security settings to ensure that they are able to run without fear of detection or removal.  After it has done this, you will start to notice changes in your computer’s performance, including:

·         Slower performance as the rogue diverts system resources away from your legitimate programs for its own use.

·         Unfamiliar icons in your system tray or on your desktop.

·         Redirects, especially when conducting searches.

The most prominent, and irritating, however, are pop-ups and false security scan results.  The pop-ups appear when you are browsing and if you happen to click on one of those unfamiliar icons.  Some examples:

Security Warning

Your computer continues to be infected with harmful viruses. In order to prevent permanent loss of your information and credit card data theft please activate your antivirus software.  Click here to enable protection.

Warning: Infection is Detected

Windows has found spyware infection on your computer!  Click here to update your Windows antivirus software.

Windows Security Center

Serious security vulnerabilities were detected on this computer.  Your privacy and personal data may be unsafe.  Do you want to protect your PC?

The security scan results windows are meant to imitate those issued by legitimate security programs.  The ones created by Cloud Protection feature a red and black color scheme and a shield logo.  It will indicate that there is a search ongoing or that one has just concluded and that you are “At Risk.”  You are urged to “Activate protection now” and “Remove all threats.”  Clicking on any portion of the ad leads you to a website, where you are prompted to enter your credit card information and purchase the software.  Remember, though, that this is a rogue program and there is little protection to be had.

Cloud Protection Removal

If left in your system, rogue programs can exploit security holes and allow other forms of malware to enter.  They can also make browsing difficult and insecure.  What is the best way to remove Cloud Protection?  Many people start by running their antivirus software, but this is ineffective because rogue antivirus programs are not classified as viruses, and in many cases, they have already altered your security settings anyway.  Likewise, using the Uninstall feature does not work to remove every trace and can allow the program to re-launch itself.

What does work?  Automatic removal using a reputable program like Enigma's SpyHunter or Malwarebytes Anti-Malware (Malwarebytes has free malware removal)  is the best option.  It allows even those with minimal computer expertise to quickly, effectively, and safely remove the rogue from their systems. 

Manual removal can also be very effective but it comes with greater risk. It is possible to delete necessary files, impairing function even more, and/or fail to remove all associated files.  Only those with experience with the system registry should try this.  Always remember to make a backup of your system registry before starting.  If you run into trouble along the way, please do not hesitate to contact us for personal assistance.

Stop Processes:

svhostu.exe

crss.exe

D88olEDV7kS7kSu.exe

Remove Registry Entry:

HKLM\\software\\microsoft\\Windows\\CurrentVersion\\Run “[random]“

Delete Files:

%AppData%\[random]

%AppData%\E77ikC6uQA5hAym

%AppData%\GxxTGN9pzF

%AppData%\g44tgnOLrfI2dJw

%AppData%\g44tgnOLrfI2dJw\\Cloud Protection.ico

%AppData%\ldr.ini

%Desktop%\Cloud Protection.lnk

%TempDir\2.tmp

%TempDir\svhostu.exe

%Programs%\Cloud Protection\Cloud Protection.lnk

%Programs%\Startup\crss.exe

%ProgramFiles\Internet Explorer\1.tmp

%SystemDir%\D88olEDV7kS7kSu.exe



We are affiliated with some of the legitimate programs recommended on this website. Should you choose to use the programs recommended here, we may receive a fee that will help support the site.

NEWS | ARTICLES | REVIEWS | CONTACTS | LINK TO US
All content copyright 2006-2017, RemoveAdware.com.au. Author: Wayne Davis.
All Rights Reserved. All trademarks and company brand names are acknowledged.
Privacy Policy | Terms Of Service