病毒名称(中文):
恶毒战士2007
病毒别名:
仲裁法勇士、疾病战士
威胁级别:
★★☆☆☆
病毒类型:
木马程序
病毒长度:
208896
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个诈骗钱财的间谍软件。它伪装为杀毒软件,骗取用户点击。当它当运行起来,就会下载大量的病毒到系统中,然后假装查杀出很多病毒,要用户缴费激活软件杀毒。
1.释放病毒文件
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE\vbase.dat
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\MalWarrior.exe
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.id
C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.ini
C:\DocumentsandSettings\AllUsers\「开始」菜单\程序\MalWarrior2007
C:\DocumentsandSettings\AllUsers\「开始」菜单\程序\MalWarrior2007\MalWarrior2007.lnk
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE\vbase.dat
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\DELETED
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\LOG
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\LOG\20080610154531515.log
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.ini
C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\SAVED
C:\DocumentsandSettings\fish\LocalSettings\Temp\mw4setup.exe
C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\R146ZVU7\Install527[1].exe
C:\ProgramFiles\MalWarrior2007
C:\ProgramFiles\MalWarrior2007\MWLauncher.exe286KB
C:\ProgramFiles\MalWarrior2007\unins000.dat2KB
C:\ProgramFiles\MalWarrior2007\unins000.exe
2.创建键值,建立服务,可以自启动
HKEY_CLASSES_ROOT\TacOnlyOneMalWarriordword:0032013c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior""C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe"/autorun"
HKEY_USERS\S-1-5-21-1060284298-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior""C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe"/autorun"
3.间谍软件安装结束后会自动扫描出很多的病毒,其实都是间谍软件自己下载的和安装的,然后强制用户缴费激活软件杀毒,而且
难以停止提醒注册的窗口,老是自动弹出。
