This virus is MEDDLESOME to put it mildly.

Running windows XP pro SP3 32-bit OS.

I've been working on removing this thing for a couple of days now. This is the type of virus that makes your current AV software inaccessible.

Also, it has corrupted some windows files that operate the 'local area connection' and ethernet card preventing access to update ANY malware/AV software that I am able to install from a flash drive.



In order to determine some info about my internet connection I tried some commands in command line module:

E:\>ipconfig all
'ipconfig' is not recognized as an internal or external command, operable program or batch file.

E:\>netsh
'netsh' is not recognized as an internal or external command, operable program or batch file.

E:\>path
PATH=H:\Program Files\AMD APP\bin\x86;E:\Program Files\ATI Technologies\ATI.ACE\Core-Static

E:\>reg query HKLM\Software\Microsoft\Reskit /v Version
'reg' is not recognized as an internal or external command, operable program or batch file.


Anyone know why the normal commands aren't working?



It has also created a problem with accessing windows firewall settings (not able to change settings). When I attempt to open 'Windows Firewall' from the control panel, the following msg pops up:



Windows Firewall settings cannot be displayed because the associated service is not running. Do you want to start the Windows Firewall/Internet Connection Sharing (ICS) service?


yes --- no

Clicking yes yields:



Staring the Windows Firewall/Internet Connection Sharing (ICS) service...


Then..



Windows cannot start the Windows Firewall/Internet Connection Sharing (ICS) service.





At this point, it seems my best option is to repair windows XP or do a clean install. Unfortunately, while I do have my Windows XP PRO key, I do not have the disk. I do have an unused windows Vista and windows 7 disk with key. I'd really prefer to use Windows XP though.

Any thoughts on obtaining a new copy of Windows XP Pro? I purchased m y copy from the university I attended, a student version with key. I'm concerned that any other version of windows XP Pro will not accept my student version key. Also, the only method for downloading a copy of Windows XP Pro seems to be through uTorrent. Never used this sort of service before and not sure I should because I don't know if the key will work.

I've considered doing a clean install of windows 7 student version, however, prior to this mess, when i purchased this version, I performed a compatibility test using Microsoft Windows 7 Compatibility Utility and determined I had significant hardware compatibility issues. This could have been from outdated drivers, but I am not sure now.

Any thoughts are appreciated. I'd really like to salvage my desktop.

Computers are like disposable razors. Ditch it/donate it to your local library, hospice, or recycling center and buy one thats tens times better at a fraction of what you bought that one for.

Sometimes when DOS commands stop working its because the virus has inserted a name space or registry value that changes the path to system resources.

Try using /sfc if you can. Look for free registry repairs etc.

Try saving this to a notepad doc and changing it to .reg and running it

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Si ze"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Computers are like disposable razors. Ditch it/donate it to your local library, hospice, or recycling center and buy one thats tens times better at a fraction of what you bought that one for.



I bet you think it is fun to donate other electronic devices that simply don't work. Why not give the folks donating their time (or working for next to minimum wage) an item that will not work so they can spend countless hours trying to get it to work properly? Local libraries and hospice generally operate on tax payer money or grant/donations. This suggestion is one reason why these facilities simply don't have the resources needed to operate without appearing to be a drain within local municipalities.

Agreed, however, that computers are like disposable razors in some respects. However, this is a system I built and will be inclined to build a new system should this not get resolved. I'd prefer not to spend money on this until i am convinced there is no way to fix the issues at hand.

Sometimes when DOS commands stop working its because the virus has inserted a name space or registry value that changes the path to system resources.

Try using /sfc if you can. Look for free registry repairs etc.


/sfc causes and instance of MS-DOS to open for a brief moment before closing. Too quickly to read any output.

If that registry fixer allows you run programs(it should) download malware bytes and install it or run it off a flash drive and see what it finds.

Can't you just pop the drive out and put it in a different machine or find an old drive laying around to do a clean install and installation of the AV with the updates, then plug the old drive back in and clean it?

Have you tried starting your computer in safe mode?

Can't you just pop the drive out and put it in a different machine or find an old drive laying around to do a clean install and installation of the AV with the updates, then plug the old drive back in and clean it?

Probably. I don't have another tower to use. Just this lap top I am using now. I'd still have to find a windows XP disk to use.

Here you made me use google http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

Have you tried starting your computer in safe mode?

Many many times.

One interesting detail I noticed while attempting to determine why I couldn't get the network connection to work properly...

Everytime I shut down from safe mode and restarted into safe mode, the connection 'local area connection #' (the only connection I have) would increase by 1 each time. I was up to 'local area connection 6' when I discovered the trouble with the command line.

I've run malwarebytes, spybot, MSE and CCleaner all from a flash drive. None are able to update, I've run them with the databases they contained with the latest copy of the setup file available from their corresponding websites.

The ones that will run determined several issues and problems, all were fixed. There are no new issues or fixes needed upon new scans.

This problem seems to be located in corrupted registry entries. All KBs that I looked at indicated using the Windows XP Pro disk to repair the DLL files and registry entries.

Just create a bootable live CD http://www.ubcd4win.com/index.htm That should have most of the tools you'll need to repair it.

http://forums.mydigitallife.info/threads/25580-Windows-XP-Pro-OEM-SP3-Archive-%28Untouched-ISOs%29

Claims to have untouched ISOs.

Many many times.

One interesting detail I noticed while attempting to determine why I couldn't get the network connection to work properly...

Everytime I shut down from safe mode and restarted into safe mode, the connection 'local area connection #' (the only connection I have) would increase by 1 each time. I was up to 'local area connection 6' when I discovered the trouble with the command line.

I've run malwarebytes, spybot, MSE and CCleaner all from a flash drive. None are able to update, I've run them with the databases they contained with the latest copy of the setup file available from their corresponding websites.

The ones that will run determined several issues and problems, all were fixed. There are no new issues or fixes needed upon new scans.

This problem seems to be located in corrupted registry entries. All KBs that I looked at indicated using the Windows XP Pro disk to repair the DLL files and registry entries.

Did you check to see if your on a proxy? go to internet connection > tools> connections > lan> uncheck proxy

I saw you have Win7 & Vista. I would install Win7 and then download/create a bootable WinXp disk.


Win7 during the install should allow to format your drives.

I saved this to notepad file, saved on flash drive. Connected flash drive to the tower, changed filename to .reg, double clicked and ran it. My registry was edited with the data provided.

Still unable to get the command line to perform any of the commands listed above.

Windows Firewall unchanged.

When I open Internet Explorer, the browser goes directly to the home page selected in the settings: about:blank

If I enter any url, for example: msn.com

and press enter, then...

http://msn.com <-- in the address bar

Blank Page <--- displayed on the tab

If I click on the address bar and press enter again:

Internet Explorer cannot display the webpage
What you can try:
'Diagnose Connection Problems' button is shown.

Click on button and following the Network Diagnostics for Windows XP prompts yields:

'Windows has detected a problem with the Winsock provider catalog on this computer. ....reset catalog to default configuration?

Select yes and next yields msg to restart for changes to take effect.

Restart with the same problem starting back at Opening Internet Explorer above.



Try saving this to a notepad doc and changing it to .reg and running it

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"
[HKEY_CLASSES_ROOT\.exe\PersistentHandler]
@="{098f2470-bae0-11cd-b579-08002b30bfeb}"
[HKEY_CLASSES_ROOT\exefile]
@="Application"
"EditFlags"=hex:38,07,00,00
"TileInfo"="prop:FileDescription;Company;FileVersion"
"InfoTip"="prop:FileDescription;Company;FileVersion;Create;Si ze"
[HKEY_CLASSES_ROOT\exefile\DefaultIcon]
@="%1"
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\open]
"EditFlags"=hex:00,00,00,00
[HKEY_CLASSES_ROOT\exefile\shell\open\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shell\runas]
[HKEY_CLASSES_ROOT\exefile\shell\runas\command]
@="\"%1\" %*"
[HKEY_CLASSES_ROOT\exefile\shellex]
[HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
@="{86C86720-42A0-1069-A2E8-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers]
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\PEAnalyser]
@="{09A63660-16F9-11d0-B1DF-004F56001CA7}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\PifProps]
@="{86F19A00-42A0-1069-A2E9-08002B30309D}"
[HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHan dlers\ShimLayer Property Page]
@="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"

Here you made me use google http://www.bleepingcomputer.com/virus-removal/remove-opencloud-security

This repair and all others I have been able to find require connection to the internet.

Do you have files that you need to keep?

Just create a bootable live CD http://www.ubcd4win.com/index.htm That should have most of the tools you'll need to repair it.

Requires XP disk. I don't have it.

the first step in the fix is to boot into safe mode and disable the proxy, if you did that and you still cant connect to the internet I cant guess what is going on.

I saw you have Win7 & Vista. I would install Win7 and then download/create a bootable WinXp disk.


Win7 during the install should allow to format your drives.

If I am unable to repair the registry then I will give this a shot. However, it was made very clear using the Windows 7 Compatibility utility from Microsoft that my system has significant hardware compatibility issues with Windows 7 OS.

It's possible that my system would not be able to perform any tasks when attempting to finish this installation or after installation.

the first step in the fix is to boot into safe mode and disable the proxy, if you did that and you still cant connect to the internet I cant guess what is going on.

Thanks g++ for taking a look here.

I feel confident that a Windows XP Pro disk would solve this problem. I suppose I'm getting close to purchasing a new XP Pro OS. This seems to be priced around $75 to $85.

I feel confident that a Windows XP Pro disk would solve this problem. I suppose I'm getting close to purchasing a new XP Pro OS. This seems to be priced around $75 to $85.

There's always the not-strictly-legal method (which is bullshit considering you own the software and weren't given a goddamn disk). You can check the SHA1 hash at https://msdn.microsoft.com/en-us/subscriptions/securedownloads/default.aspx. You'll probably need some sort of MS account to log in (I use hotmail, not sure what the other options are). Click the OS section on the left menu, scroll down to Windows XP, and then find whatever iso you downloaded in the list on the right. Click view to get the hash.

There's always the not-strictly-legal method (which is bullshit considering you own the software and weren't given a goddamn disk). You can check the SHA1 hash at https://msdn.microsoft.com/en-us/subscriptions/securedownloads/default.aspx. You'll probably need some sort of MS account to log in (I use hotmail, not sure what the other options are). Click the OS section on the left menu, scroll down to Windows XP, and then find whatever iso you downloaded in the list on the right. Click view to get the hash.

Pardon my ignorance here, what do I do with the SHA1 hash?

There's always the not-strictly-legal method (which is bullshit considering you own the software and weren't given a goddamn disk). You can check the SHA1 hash at https://msdn.microsoft.com/en-us/subscriptions/securedownloads/default.aspx. You'll probably need some sort of MS account to log in (I use hotmail, not sure what the other options are). Click the OS section on the left menu, scroll down to Windows XP, and then find whatever iso you downloaded in the list on the right. Click view to get the hash.



Better yet, how does one register their copy of windows so that the download would be "available" instead of "unavailable" at this site?

Pardon my ignorance here, what do I do with the SHA1 hash?

You run a program to check the hash of the file you have and then compare that to the legit hash on the microsoft site. If they match, you're good to go. I use MD5summer, but I don't use it often and it's probably not the best you could find. A search for sha1 hash checker/program should yield enough options to choose from.


Better yet, how does one register their copy of windows so that the download would be "available" instead of "unavailable" at this site?

Unfortunately, to download from that site you have to have a subscription. It's like 700 bucks for the OS sub with I think a 500 dorra renewal. Considering Win7 is available online for free through their Digital River deal, you'd think they could toss people a bone and throw up some of the older OSes, but no such luck.

I was able to perform a clean install of Windows 7 Ultimate. No hardware issues so far, and seems to be running better than it has in a long time. Problem seems solved. Running Microsoft essentials and spybot simultaneously.

Thanks folks for attempting to help recover XP, without the disk and an internet connection, seems to be much more difficult than a clean install of Windows 7 with the disk right in front of me.

I'll see how Windows 7 goes... I was really quite content with XP.

I think you'll like Win7 fine. I went from XP to 7 a while back and have been happy with it.

Just turn off user Account Controls, and the notification that UAC is off, and it's great. It has the functionality of XP, and the looks of Vista. I run 7 on all of my PCs and have no issues it.