Win32.RiskWare.MalWarrior.g.208896

王朝system·作者佚名  2008-08-14
窄屏简体版  字體: |||超大  

病毒名称(中文):

恶毒战士2007

病毒别名:

仲裁法勇士、疾病战士

威胁级别:

★★☆☆☆

病毒类型:

木马程序

病毒长度:

208896

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个诈骗钱财的间谍软件。它伪装为杀毒软件,骗取用户点击。当它当运行起来,就会下载大量的病毒到系统中,然后假装查杀出很多病毒,要用户缴费激活软件杀毒。

1.释放病毒文件

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE\vbase.dat

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\MalWarrior.exe

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.id

C:\DocumentsandSettings\AllUsers\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.ini

C:\DocumentsandSettings\AllUsers\「开始」菜单\程序\MalWarrior2007

C:\DocumentsandSettings\AllUsers\「开始」菜单\程序\MalWarrior2007\MalWarrior2007.lnk

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\BASE\vbase.dat

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\DELETED

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\LOG

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\LOG\20080610154531515.log

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\program.ini

C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\SAVED

C:\DocumentsandSettings\fish\LocalSettings\Temp\mw4setup.exe

C:\DocumentsandSettings\fish\LocalSettings\TemporaryInternetFiles\Content.IE5\R146ZVU7\Install527[1].exe

C:\ProgramFiles\MalWarrior2007

C:\ProgramFiles\MalWarrior2007\MWLauncher.exe286KB

C:\ProgramFiles\MalWarrior2007\unins000.dat2KB

C:\ProgramFiles\MalWarrior2007\unins000.exe

2.创建键值,建立服务,可以自启动

HKEY_CLASSES_ROOT\TacOnlyOneMalWarriordword:0032013c

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

MalWarrior""C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe"/autorun"

HKEY_USERS\S-1-5-21-1060284298-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run

MalWarrior""C:\DocumentsandSettings\fish\ApplicationData\AdslSoftwareLimited\MalWarrior2007\Malwarrior.exe"/autorun"

3.间谍软件安装结束后会自动扫描出很多的病毒,其实都是间谍软件自己下载的和安装的,然后强制用户缴费激活软件杀毒,而且

难以停止提醒注册的窗口,老是自动弹出。

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
 
 
© 2005- 王朝網路 版權所有 導航