Cloud AV 2012 - How to remove

Cloud AV 2012

Cloud AV 2012 is a fake antivirus program from the same family as AV Protection 2011 and Open Cloud Antivirus. The rogue is distributed through infected websites, spam emails or faked “free” applications. After execution, the trojan downloader will install Cloud AV 2012 and it will start causing havoc on your PC.
The first signs of Cloud AV 2012 infection are multiple alerts from the system tray and popups. They will claim that each program you execute are infected. In majority of cases Cloud AV 2012 will prevent legitimate programs from starting. These alerts look like this :

Windows Security Alert

To help protect your computer, Windows Firewall has blocked some features of this program.

Do you want to keep blocking this program?

Zeus Trojan

Warning: Infection is Detected

Windows has found spyware infection on your computer!

Click here to update your Windows antivirus software

Warning! Infection found

Unwanted software (malware) or tracking cookies have been found during last scan. It is highly recommended to remove it from your computer.

Keylogger Zeus was detected and put in quarantine.

Keylogger Zeus is a very dangerous software used by criminals to steal personal data such as credit card information, access to banking accounts, passwords to social networks and e-mails.

You can ignore these alerts, but Cloud AV executable will try other tricks to convince you that your PC is infected. For example, it will show various messages about spam emails sent to your contacts and so on. Thus many of the users will run a system scan with Cloud AV 2012 and will get more false results. False results and lack of real antivirus engine rates this program as Rogue antivirus, which should be removed. Never pay for Cloud AV 2012. This would fund future rogue development and problems for you and other users.

How to remove Cloud AV 2012

  1. Download process explorer ( https://www.2-viruses.com/wp-content/uploads/PE/eXplorer.exe ) and save it in desktop.
  2. Run process explorer and look for randomly named processes that run from C:\Windows\System32 in the end of process list. The process name would look like 352sadsgasgsag235 or similar, or Cloud AV 2012v121.exe
  3. You can also try fake-registering Cloud AV 2012 using this key:  6526765122.
  4. Stop that Cloud AV 2012 process and write down the exact name and path. Once you stop correct processes, the malware windows will close and icon will disappear.
  5. Rename the Cloud AV 2012  file on disk and reboot.
  6. Cloud AV 2012 might come with other parasites as well. Scan your PC with spyhunter or Malwarebytes Anti-Malware to make sure your system is clean and finalize Cloud AV 2012 removal. Full versions of these programs would have prevented the infection.

How to get rid of Cloud AV 2012 (video guide)

Automatic Malware removal tools

Download Spyhunter for Malware detection
(Win)

Note: Spyhunter trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions,

Download Combo Cleaner for Malware detection
(Mac)

Note: Combo Cleaner trial provides detection of parasites and assists in their removal for free. limited trial available, Terms of use, Privacy Policy, Uninstall Instructions, Refund Policy ,

Manual removal

Removal guides in other languages

16 responses to “Cloud AV 2012

  1. Removing Cloud AV 2012 Virus / PC running Windows Vista / No downloads required.

    I just restarted my computer in safe mode typed the words “system resore” above the start button, clicked on system restore and I picked one of the previous safe restore points the computer recommended and the computer did the rest.

    System restore is a big “undo” bottom that takes your computer back to a safe restore date before it was hijacked by a virus without affecting personal files like your photos, spreadsheets or other documents….all without downloading any additioinal files.

    Hope this helps.

  2. I was hit with this virus today. I basiclly rebooted in safe mode and ran Maleware Bytes full system scan. It worked! I didn’t have my Maleware Bytes real time protection, so I am not sure if that would have prevented the spyware/trojan from embedding itself.

    I am currrently doing a full virus scan just to make sure. But from what I did and read just now on some sites, a spyware or maleware program like Maleware bytes will take care of the little annoying virus.

    Good luck.

  3. Ok, I removed all of the files manually through the registry editor and it is just now starting to block websites. As soon as I got the virus I unplugged from the internet but am currently back on it because I thought I had deleted all of what was left of it. I ran my anti-malware/spyware software and it picked up some trojans, but I cannot seem to actually do anything now because Cloud AV 2012 still says my computer is infected. I deleted the majority of everything but idk what to do from here. Less than 24 hours before I received this virus I also had the AV protection 2011 virus which seemed to be almost the same thing but was much easier to get rid of.

  4. I too got hit with this bug. I have Windows XP firewall running, I have F-SECURE DEEP GUARD RUNNING, I have ran f-secure 6 times and it has yet to see or pick-up anything so any of you who are using F-SECURE, BEWARE, IT’S USELESS ON THE CLOUD AV 2012 BUG!

  5. I had this problem once before but did not realize that dwme.exe was still on my computer, the eXplorer.exe program is VERY useful in getting rid of this thing, not only will you not have to reboot in to safe mode, you also will be able to start your other desired processes with ease.

    I am now running a complete system scan with Malware Bytes, then Spyware Doctor, then Registry mechanic to totally get rid of other unwanted things from being started/installed.

    Also, if you look in your AppData/Roaming folder, you will most likely see a whole bunch of random named folders, DELETE them ALL! These are also part of the problem and start up other malware on their own. eXplorer.exe ftw!

    Thanks.

  6. I am SOOO glad this worked! My mom, (technilogically impaired) Almost bought the stuff. Thank you SOOOOOOOOOOO much!

  7. Hey @ Brad I’m trying system restore but its not workin. Tried 5 different restore dates and I keep getting the message ” YOUR COMPUTER CANNOT BE RESTORED TO ….. it says the date. NO CHANGES HAVE BEEN MADE TO YOUR COMPUTER. TO CHOOSE ANOTHER RESTORE POINT RESTART SYSTEM RESTORE. Do you have any ideas how to help? PLEASSSSSE…..

  8. The only other option is to make sure when you clicked “pick another restore point” a second window should open and has another option in the bottom left that says “show restore dates older than 5 days” once you click on that box it shows older restore points pick the oldest that says “system scheduled checkpoint” not “windows update”.

    Good luck….

  9. One other point to confirm that you are starting your computer in safe mode, this means you are tapping F8 during the initial start up of your computer then you are selecting “safe mode with command prompt”.

    Once your computer boots then…..in safe mode type the words “system resore” above the start button, clicked on system restore and I picked one of the previous safe restore points the computer recommended and the computer did the rest.

    System restore is a big “undo” bottom that takes your computer back to a safe restore date before it was hijacked by a virus without affecting personal files like your photos, spreadsheets or other documents….all without downloading any additioinal files.

  10. Brad Pomeroy
    System Restore does not always fix malware. It is worth trying though, but system restore does not store ALL the files and settings.

  11. It’ simple, I sincerely hope so, just remove all the files related to clod AV in the roaming folder in the C drive, and then rename the cloudAV executable file in the C drive which you can find by finding the target folder in properties; rename this file and then reboot. Voila!! It’ll be solved.
    Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *