Open in app

Sign in

Write

Sign in

Removing the cloudNet Virus

Patrick Gichini
Decode_ke
Published in
3 min readSep 26, 2017

Last week, my brother’s laptop got infected with a million viruses. Almost literally, they were way too many. I normally don’t have any antivirus software installed(risky I know) but I have other measures and I do checkups manually on routine.

Out of the very many little buggers was one called cloudNet. CloudNet is some sort of a browser hijacker that records user data and is responsible for some annoying adds that keep popping up on your browsers all the time.

So I set out to rip it out, but I was in for some work:

Task manager.

Once you suspect that your computer has viruses, the first thing to do is check the task manager. Look for all the processes that have weird names and are taking up resources. Once you find them, stop them from running. You have to be careful not to disable useful process.

Another thing to do is right-click on those processes and find location folder. If you are sure it is a virus, delete the location folders.

After that, go the startup tab on the task manager. Why? Viruses usually like to auto-execute on startup so you’ll probably find a bunch of them there. Disable them, find the location folders and delete.

This one also did not work for me.

Control panel

After that, go to the control panel by pressing Win + X and selecting control panel. Go to programs and features.

Look for any programs that might look suspicious or untrusted and uninstall them manually.

Unfortunately for my case, the cloudNet program refused to uninstall.

Antivirus

I tried updating Windows defender’s definition but the scan wasn’t doing me any justice. I was still getting clean results.

The next step was to download a better antivirus. For me, it will always be Malwarebytes. Malwarebytes is the best free antivirus out there (according to me). I set it up to locate everything including rootkits and started the scan. The scan took a while and got rid of a bunch of viruses but the freaking cloudNet was still there. Too stubborn.

Manual

Now when all these tricks fail you, you have to root out these bad boys manually. This is a bit risky if you don’t know what you are doing as you might end up killing the useful guys.

Press Win + R and type regedit into the run dialog box to open the registry.

Once opened, go to the following folders:

  • HKEY_CURRENT_USER > Software > Microsoft > Windows > CurrentVersion > Run
  • HKEY_CURRENT_USER > Software > Microsoft > Internet Explorer > Main
  • HKEY_CURRENT_USER > Software > Any other random directory

If they have any shady directories or files, delete them.

You can also check:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

And delete all the shady directories. In my case, I deleted the cloudnet folder.

Apart from all these, it is good practice to refresh your browsers and disable all questionable extensions.

Originally published at Decode.

--

--

Patrick Gichini
Decode_ke

Written by Patrick Gichini

181 Followers
Editor for

Linux Ninja | Data Enthusiast | Sentimental Poet | Agent Boyfriend

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams