Your computer is infected with malicious software? Do you have pop-ups on your PC?
If so, search this blog for removal instructions or browse computer threats by category.

Wednesday, November 23, 2011

How to Remove Cloud AV 2012 (Uninstall Guide)

Tell your friends:
Cloud AV 2012 is a rogue antivirus program that claims to find malicious software on your computer. The rogue program disables certain Windows utilities and blocks genuine security products. It launches itself every time your PC is turned on and pretends to scan the system for malware. It is worth mentioning, however, that this fake AV reports exactly the same infections on different computers: Trojan.JBS.Ghost, Trojan-Downloader.JS.Remora, Net-Worm.Win32.Kido.ih and other stuff. Yeah, I know it's possible but not probably, right? So, basically, Cloud AV 2012 malware is playing on your fears to try to sell you completely BS security product. If you have fallen for the scam and have paid for the rogue program you should issue chargebacks through your credit card company. That's the only way to get your money back, besides, too many chargebacks will probably result in the merchant losing the ability to accept credit card payments. That's a good thing, isn't it? Then you need to remove Cloud AV 2012 and associated malware from your computer. To do so, please follow the removal instructions below.

Usually, such fake AVs as Cloud AV 2012 drive people nuts, especially because of never ending alerts and notifications about critical threats, etc.

However, they are not so dangerous after all and I think shouldn't be compared to more sophisticated malware, rootkits, worms or viruses. It's just well designed but useless application which reports non-existent infections. That's all. Then bad news is, however, that Cloud AV 2012 comes bundled with Trojans and sometimes even rootkits. There are usually a number of Trojans that can download additional malcode onto the infected computer and rootkits may hide/block legitimate antivirus programs. But that's not all, the rogue program modifies Windows Hosts file to redirect internet traffic to either infected or sponsored websites involved in click fraud schemes.

So there you go. I know it sounds like a lot of job, removing Cloud AV 2012 and associated malware is not that difficult after all. First, run rootkit removal utility. Then scan your computer with recommend anti-malware program. Finally, restore Windows Hosts file using Fix it utility. You may even use this debugged registration key 9992665263 to make your life and removal procedure a little bit easier. Just follow the steps in the removal guide below. If you need extra help removing it, please leave a comment below. Good luck and be safe online!

Cloud AV 2012 removal instructions:

1. First of all, download and run ZeroAccess/Sirefef/MAX++ removal tool. (works on 32-bit systems only! If you have 64-bit system, proceed to the next step)

2. Then use TDSSKiller. If you can't run it (rogue av blocks it), rename tdsskiller to winlogon and run the utility again.

3. And finally, download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

If you can't download it, please reboot your computer is "Safe Mode with Networking". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode with Networking" and press Enter key. That's It!

Read more detailed instructions here:

NOTE: Login as the same user you were previously logged in with in the normal Windows mode.

4. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Manual Cloud AV 2012 removal guide:

1. Right-click on Cloud AV 2012 icon and select Properties. Then select Shortcut tab.

The location of the malware is in the Target box.

2. In our case the malicious file was located in C:\Windows\System32 folder. Select the malicious file, rename it and change a file name extension.

Original file: Cloud AV 2012v121.exe

Renamed file: TcS22bF3nGaQWKf.vir (you may change only the file name and leave file extension .exe)

3. Restart your computer. After a reboot, download free anti-malware software from the list below and run a full system scan.

4. First, use TDSSKiller. Then download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

5. To reset the Hosts file back to the default automatically, download and run Fix it and follow the steps in the Fix it wizard.

Manual activation and Cloud AV 2012 removal:

1. Choose to remove threats and manually activate the rogue program. Enter one of the following codes to activate Cloud AV 2012.


2. Download recommended anti-malware software (Spyware Doctor) and run a full system scan to remove this virus from your computer.

Associated Cloud AV 2012 files and registry values:

  • C:\WINDOWS\system32\Cloud AV 2012v121.exe
  • %AppData%\dwme.exe
  • %DesktopDir%\Cloud AV 2012.lnk
  • %Programs%\Cloud AV 2012\Cloud AV 2012.lnk
  • %Programs%\Cloud AV 2012
Registry values:
Share this information with your friends:


Anonymous said...

I rid myself of this virus by going under properties and opening the file location. From there, I deleted that folder along with any other folder in the /roaming folder that had this program in it.

Anonymous said...

I deleted it by formatting my harddrive & rewriting over it 8 times with some binary numbers. Drastic yes, effective...very!!!

Anonymous said...

Is there anyway to get rid of it WITHOUT downloading anything? because the cloud av 2012 keeps me from accessing the internet on my desktop, please help!

Anonymous said...

Reboot in safe mode/networking and you should get internet

dave said...

Was able to follow your directions. Thanks so much! Can I delete the cloud AV 2012 or the Privacy protection icon on the desktop?

Anonymous said...

will microsoft security essentials get rid of it?

Anonymous said...

I was able to delete it from my pc via malwarebytes however when I go on certain sites like yahoo the "your pc is infected" comes up but just in the browser. How do I rid this?

Anonymous said...

yes Dave you can delete anything and everything cloud AV2012 related

Anonymous said...

This is soo Difficult... Instead of doing all these steps theirs really no faster way... I tried doing the System restore 2wice and it wouldnt take... I'm tired of this BS on my computer... I feel like smashing the computer into pieces.. What do I do what can I do I'm sick of being on the computer already I just want this crap gone..

Anonymous said...

Thanks so much for this information. We had this malware on two computers and these instructions worked like a charm. Appreciate the simple and easy to follow steps

Brit said...

i searched my computer for the name and wherever i found it i just deleted then emptied recycling bin. now when i search it isnt found so does this mean its gone and I just did it my own way? please help. oh, and my protection i use is trend micro.

Anonymous said...

I tried renaming the file and then rebooting and running TDSSKiller. It didn't work and I couldn't even run TDSSKiller. The minute I went back into Normal Mode all hell broke loose again and I couldn't run anything. Any suggestions?
Thank you!

Anonymous said...

It worked for me. Thanks so much!!!!!!!!!!!!!!!!!!

Anonymous said...

all i did was click on the icon on the computer, then went to active now and punched in the 9992665263 then it disappeared that was so weird though after I got the number in it look like it was activting it then was removed from the entire computer couldn't find it in any files or in the start menu search

Anonymous said...

got rid of it but now my internet isnt working

i checked the proxies and network settings everything is fine


Anonymous said...

the icon and the whole av cloud 2012 disappeared but it doesn't connect to the internet???

Anonymous said...

or u can just download avg and it will take it off. simple as that

Anonymous said...

a better anti virus is Panda Cloud AntiVirus its not a scam but i had Cloud Av 2012 removed from my pc and now I can see it in a file called QzP0ycA1iDoFpHs and the good thing is it wont activate what do I do?!?!?!?

Anonymous said...

Panda Cloud AV, very good concept, crap program.

I have tested it in various pcs. The ugly interface is horrible slow so in one of them which has an old CPU them it was a pain just to load it whereas other AVs loaded fine in it. Not many options. One process crashes ALL the time in the 3 pc's I have tested it when you try to load the main menu interface, two of them with W7 and one with XP SP3 so it's just program's fault. Tons of false positives, you upload that innocent .whatever to virustotal and just Panda and other 2 AV's no one knows about detects it. Not clear what it analizes or not at first sight, whereas in other avs you have a nice screen with a log of what's going on.
The thing which has upset me the most has been this: It detects some false positive files and deletes them. It says Recycle bin has 2 files, you press the button to go to it and no files are seen there. I manually went to the Panda folder to see what I suspected Those 2 files were (renamed) in the program folder (/quarantine).