Wednesday, May 11, 2011

BackDoor-CEP.gen.cq Virus Removal / Precautions

According to McAfee.com, this is a Trojan detection. Unlike viruses, Trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include e-mail, malicious or hacked Web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.


Also Known As

Rootkit-Pakes.BF (Trojan horse)
TR/Koutodoor.psa
HEUR:Trojan.Win32.Generic
Gen:Variant.Koutodoor.15
Trojan.Dropper-27717
Trojan.MulDrop.origin
W32/Koutodoor.N.gen!Eldorado
W32/Koutodoor.KWD!tr.bdr
Trojan:Win32/Koutodoor.E
Trojan.Koutodoor
Win32/Koutodoor.HM trojan (variant)
W32/Koutodoor.CUS.dropper
Trj/CI.A
Trojan.Win32.Generic.127F033C
Troj/Kouto-D
TROJ_DLOADR.SMOM
Backdoor.Koutodoor.odu


What It Attempts To Do
  1. Attempts to connect to a high risk domain that could pose a security risk.
  2. Attempts to write to a memory location of a Windows system process.
  3. Enumerates many system files and directories.
  4. Adds or modifies Internet Explorer cookies

Stopping the BackDoor-CEP.gen.cq Virus

Stopping the BackDoor-CEP.gen.cq virus from starting up is the best method from being infected.  Process Lock is a program that stops programs from running if they have not been authorized by the management client.  Process Lock monitors all active processes and reports what is running.  What's so easy about it, is that they offer a feature called "Kill All Not Acknowledged".  This allows you to set what you want to be able to run, and what you do not.  Therefore, a process that the virus tries to start will be denied before it has a chance to infect your system.

Process Lock is not just a process blocker, but it is also a computer monitoring solution.  Process Lock has the ability to record computer sessions, block specific programs, watch children and spouse activity and so much more.  Check out their site at http://www.cloudteksoftware.com/software.html


Removing the BackDoor-CEP.gen.cq Virus

In order to completely remove the threat from a computer, it is best to download and run Malwarebytes Anti-Malware. Sometimes, Trojans will block the downloading and installation of MBAM. If this happens, download it from a clean computer and rename the executable file before executing on the infected computer.

To thoroughly clean a computer, it is best to do a separate scan of another security program so that other infected files not detected by anti-virus application can be remove as well. Download and run SuperAntiSpyware Portable Scanner.

A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool and start scanning with Norton Power Eraser.







Posted by at