McAfee Detection FakeAlert-SecurityTool.bt

System Changes
Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following registry elements have been created:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\

The following registry elements have been changed:
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{92780B25-18CC-41C8-B9BE-3C9C571A8263} = 8193
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\NEXTID = 8194
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\PO28273LJGGI28273 = %ALLUSERSPROFILE%\Application Data\pO28273LjGgI28273\pO28273LjGgI28273.exe

How to remove this Virus threat

1.Disable System Restore on Windows ME and windows XP only.
2.Update to current engine and DAT files for detection and removal.
3.Run a complete system scan.

This should remove the threat, this threat is a low security threat but never the less it should always be cleaned before using the world wide web.

avast Win32:Caxnet [Trj]
AVG (GriSoft) Rootkit-Pakes.BG (Trojan horse)
avira TR/Koutodoor.psa
Kaspersky HEUR:Trojan.Win32.Generic
BitDefender Gen:Variant.Koutodoor.18
clamav Trojan.Dropper-27717
Dr.Web Trojan.MulDrop.origin
F-Prot W32/Koutodoor.N.gen!Eldorado
FortiNet W32/Koutodoor.KWD!tr.bdr
Microsoft Trojan:Win32/Koutodoor.E
Symantec Trojan.Koutodoor
Eset Win32/Koutodoor.HM trojan (variant)
norman W32/Suspicious_Gen2.LZIQS (trojan)
panda Trj/Genetic.gen
rising Trojan.Win32.Generic.1282E422
Sophos Troj/Kouto-D
Trend Micro TROJ_DLOADR.SMOM
vba32 Trojan.Downloader.gen.h (suspected)

The following files have been added to the system:
%WINDIR%\SYSTEM32\szccw.dll
%TEMP%\nsd12.tmp
%PROGRAMFILES%\Microsoft\ie13\Internat Explorer\target.lnk
%ALLUSERSPROFILE%\Desktop\Internat Explorer.jgp
%WINDIR%\SYSTEM32\drivers\fmsde.sys
%PROGRAMFILES%\Microsoft\ie13\Internat Explorer\Desktop.ini
The following files were temporarily written to disk then later removed:
%TEMP%\hmufctw.bat
%TEMP%\nsq13.tmp
%TEMP%\ygnpyvce.bat
%TEMP%\nsi11.tmp
%WINDIR%\SYSTEM32\mhzscp.bat
%TEMP%\faxjdr.exe
%TEMP%\tmp.bat
%TEMP%\yxcdiz.exe
%TEMP%\nsq13.tmp\System.dll
%TEMP%\wcyolgo.bat
%TEMP%\ftrnkqxw.bat

This is a Trojan detection Unlike viruses Trojans do not self replicate they are spread manually under the premise that they are beneficial. The most common installation methods involve system security exploitation unsuspecting users manually executing unknown programs. Distribution channels include email malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks and what have you.

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files

The following registry elements have been created:

• HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\

• HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\29AEB4A0365755F6-B862CAE984EA4D0E\

• HKEY_CURRENT_USER\SOFTWARE\ENIGMA PROTECTOR\29AEB4A0365755F6-B862CAE984EA4D0E\02F01F553A112DCE-00C9DB38C18D5FD1\

• HKEY_CURRENT_USER\SOFTWARE\ENIGMADEVELOPERS\

The following files have been added to the system:

* %WINDIR%\SYSTEM32\svhest.dll

* %WINDIR%\SYSTEM32\svhest.exe

To remove Generic Trojan BackDoor!cyh!E437DACF​F88B Virus

Download Malwarebytes’ Anti-Malware if you do now have this free software, from  here and save it to your computer.

• Double click mbam-setup.exe and install
• At the end of the installation be sure a checkmark
  • Update Malwarebytes’ Anti-Malware
  • and Launch Malwarebytes’ Anti-Malware
  • do a full scan and allow your computer to fix your virus.
    

I was able to capture this W32.SillyFDC.BDO worm on my test machine and run a few tests to see which software did the best cleaning and its safe to say Spy Sweeper by Webroot was the winner.
Webroot AntiVirus 2010 with Spy Sweeper is one of the best apps that will protect your PC from virus threats,  spyware, adware, worms and Trojans malware. One great thing i found about spy sweeper is that it protects your PC real time without bottle necking or slowing down your net speed or even your PC’s resources. Unlike Norton which really takes away a good portion of your memory and hogs your system resources.

W32.SillyFDC.BDO worm
When executed this worm copies itself as the following files:

• %SystemDrive%\services.exe
• %Windir%\services.exe

It then creates the following registry entry so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”ServiceControlApp” = “%SystemDrive%\services.exe”

The worm also modifies the following registry entries:

• HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”ShowSuperHidden” = “0″
• HKEY_ALL_USERS\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\”HideFileExt” = “1″

To clean this threat, simply run Webroot Spy Sweeper

Clean this threat manually:

1. Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Run a full system scan.
4. Delete any values added to the registry.

W32.Palevo.B is a worm that spreads through instant messaging clients.

Antivirus Protection Dates

• Initial Rapid Release version May 4, 2010 revision 009
• Latest Rapid Release version May 4, 2010 revision 020
• Initial Daily Certified version May 4, 2010 revision 048
• Latest Daily Certified version May 4, 2010 revision 048
• Initial Weekly Certified release date May 5, 2010

Threat Assessment

Wild

• Wild Level: Low
• Number of Infections: 0 – 49
• Number of Sites: 0 – 2
• Geographical Distribution: Low
• Threat Containment: Easy
• Removal: Easy

Damage

• Damage Level: Low
• Payload: Spreads through instant messaging programs.

Distribution

• Distribution Level: Medium