OpenCloud Antivirus can be removed first by stopping its processes (wskinn.exe, OpenCloud Antivirus.exe, c:\Program Files\csrss.exe, c:\Program Files\conhost.exe) and then kill its files by using Emsisoft HiJackFree. Then the user has to remove all the related files and folder. Finally, restore the registry entries added and modified by OpenCloud Antivirus (Read the removal guide below to remove OpenCloud Antivirus successfully).
When OpenCloud Antivirus is installed, OpenCloud Antivirus will be configured to start automatically y installing a file called csrss.exe in the Window Startup folder. Once Windows is started, csrss.exe will automatically be launched, which will then start the main executable for this infection called %AppData%\OpenCloud Antivirus\OpenCloud Antivirus.exe. Please note that the csrss.exe file that this infection installs in the Startup folder should not be confused with the legitimate Microsoft C:\Windows\System32\csrss.exe file, which is required for Windows to operate normally.
OpenCloud Antivirus should be removed immediately!
Removal Guide
Kill Process
(How to kill a process effectively?)
%AppData%\OpenCloud Antivirus\csrss.exe
%StartupFolder%\csrss.exe
Delete Registry
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" = 'C:\Program Files\conhost.exe "%1" %'
HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\C0AB6693AB3202B4B9D95716ED5CE4A6\SourceList
Remove Folders and Files
%UserProfile%\Desktop\OpenCloud Antivirus.lnk
%StartupFolder%\csrss.exe
%StartMenu%\OpenCloud Antivirus
%AppData%\OpenCloud Antivirus
No comments:
Post a Comment