<div>
Scan the laptop offline with Microsoft Standalone System Sweeper:<br />
<br />
<a href="http://connect.microsoft.com/systemsweeper" rel="ugc">http://connect.microsoft.com/systemsweeper</a><br />

</div>


<div>
Thanks for the advice, guys. I cannot seem to kill either instance of csrss.exe.<br />
<br />
I am now running a full scan with Microsoft Standalone System Sweeper. Will update when it's finished.
</div>


<div>
Microsoft Standalone System Sweeper finished its scan. It found &amp;&nbsp;removed 2 infections:<br />
<br />
1. Rogue:Win32/FakeScanti<br />
2. TrojanDropper:Win32/Sirefe<wbr />f.I<br />
<br />
I wrote down the details for the files/directories infected by the 2nd one:<br />
\users\thinkpad\appdata\lo<wbr />cal\temp0.<wbr />2406449833<wbr />7964824.ex<wbr />e<br />
\users\thinkpad\appdata\lo<wbr />callow\sun<wbr />\java\depl<wbr />oyment\cac<wbr />he\6.0\12\<wbr />6b7fb14c-4<wbr />4fa79d3<br />
\windows\temp\9b88.exe<br />
<br />
I was hoping that removing these 2 infections would solve the problem. But it hasn't b/c when I try to install &amp;&nbsp;run Malwarebytes, again it only scans for less than 20 seconds and then abruptly shuts down. So seems like there is definitely some infection left over.<br />
<br />
Right now I'm using a copy of Trinity Rescue Kit (<a href="http://trinityhome.org/" rel="ugc">http://trinityhome.org/</a>) to run a full scan using Avast AntiVirus. However, I think I will ultimately have to edit the registry entries to remove the references to the infected processes that are launching every time I boot Windows. I will need to use an offline registry editor. Is there one of those on the Ultimate Boot CD for Windows??<br />
<br />

</div>


<div>
Thanks Alienwalker. Running that free removal tool from the link you sent me seems to have finally killed off this nasty malware. I am now able to run Malwarebytes with no problems. Thanks!
</div>


<div>
<div class="content wysiwyg-content">
I have a client's laptop (running Windows 7 Ultimate) that was infected with OpenCloud AV spyware. I tried to download and run Malware Bytes. It installs and updates just fine, but then the program abruptly shuts down after less than 1 minute. Ditto for SuperAntiSpyware. This happens even in Safe Mode.<br />
<br />
Client already had a paid version of AVG Anti-Virus installed. However, when I try to run a scan, it says &quot;No infection was found during this scan&quot; after less than 10 seconds of scanning. So it seems that the spyware infection is tricking AVG into thinking it did a full scan when it obviously did not.<br />
<br />
I tried to run ComboFix but got a warning that it would not run unless I first uninstall AVG. However, I get an error message when I try to uninstall AVG, so that failed.<br />
<br />
I found that the shortcut link for OpenCloud AV points to annGG4ammHsWjfL.exe under Windows\System32\ so I deleted that file and rebooted. But still having all the above problems. <br />
<br />
Running RKill doesn't find any illegal processes.<br />
<br />
Feeling really stuck here. How can I get rid of this infection?
</div>
</div>


I have a client's laptop (running Windows 7 Ultimate) that was infected with OpenCloud AV spyware. I tried to download and run Malware Bytes. It installs and updates just fine, but then the program abruptly shuts down after less than 1 minute. Ditto for SuperAntiSpyware. This happens even in Safe Mode.

Client already had a paid version of AVG Anti-Virus installed. However, when I try to run a scan, it says "No infection was found during this scan" after less than 10 seconds of scanning. So it seems that the spyware infection is tricking AVG into thinking it did a full scan when it obviously did not.

I tried to run ComboFix but got a warning that it would not run unless I first uninstall AVG. However, I get an error message when I try to uninstall AVG, so that failed.

I found that the shortcut link for OpenCloud AV points to annGG4ammHsWjfL.exe under Windows\System32\ so I deleted that file and rebooted. But still having all the above problems. 

Running RKill doesn't find any illegal processes.

Feeling really stuck here. How can I get rid of this infection?

Cannot Remove OpenCloud AV Spyware

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.

Anti-Virus Apps

Windows 7 is an operating system from Microsoft. Features include multi-touch support, a redesigned Windows Shell with a new taskbar, referred to as the Superbar, a home networking system called HomeGroup, and performance improvements.

Windows 7

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge; it has also come to include programs that engage in various kinds of electronic fraud. Anti-spyware is software that removes or blocks that software; some common vendors include Malwarebytes, McAfee, Spybot-Search and Destroy, Ad-Aware and BitDefender.