金山毒霸2009
金山清理专家
专杀工具
在线杀毒
密保
网盾
系统急救箱
ARP防火墙
病毒名:Win32.RiskWare.MalWarrior.g.208896
本病毒所有命名:
影响系统:
Win9x,WinMe,Linux
简介:
1.释放病毒文件 C:Documents and SettingsAll UsersApplication DataAdsl Software Limited C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007
行为分析:
这是一个诈骗钱财的间谍软件。它伪装为杀毒软件,骗取用户点击。当它当运行起来,就会下载大量的病毒到系统中,然后假装查杀出很多病毒,要用户缴费激活软件杀毒。
:
影响系统:
Win9x,WinMe,Linux
简介:
1.释放病毒文件 C:Documents and SettingsAll UsersApplication DataAdsl Software Limited C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007
行为分析:
这是一个诈骗钱财的间谍软件。它伪装为杀毒软件,骗取用户点击。当它当运行起来,就会下载大量的病毒到系统中,然后假装查杀出很多病毒,要用户缴费激活软件杀毒。
描述:
1.释放病毒文件
C:Documents and SettingsAll UsersApplication DataAdsl Software Limited
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007BASE
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007BASEvbase.dat
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007MalWarrior.exe
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007program.id
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007program.ini
C:Documents and SettingsAll Users「开始」菜单程序MalWarrior 2007
C:Documents and SettingsAll Users「开始」菜单程序MalWarrior 2007MalWarrior 2007.lnk
C:Documents and SettingsfishApplication DataAdsl Software Limited
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007BASE
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007BASEvbase.dat
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007DELETED
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007LOG
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007LOG20080610154531515.log
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007program.ini
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007SAVED
C:Documents and SettingsfishLocal SettingsTempmw4setup.exe
C:Documents and SettingsfishLocal SettingsTemporary Internet FilesContent.IE5R146ZVU7Install527[1].exe
C:Program FilesMalWarrior 2007
C:Program FilesMalWarrior 2007MWLauncher.exe 286KB
C:Program FilesMalWarrior 2007unins000.dat 2KB
C:Program FilesMalWarrior 2007unins000.exe
2.创建键值,建立服务,可以自启动
HKEY_CLASSES_ROOTTacOnlyOne MalWarrior dword:0032013c
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
MalWarrior ""C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe" /autorun"
HKEY_USERSS-1-5-21-1060284298-1085031214-725345543-1003SoftwareMicrosoftWindowsCurrentVersionRun
MalWarrior ""C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe" /autorun"
3.间谍软件安装结束后会自动扫描出很多的病毒,其实都是间谍软件自己下载的和安装的,然后强制用户缴费激活软件杀毒,而且
难以停止提醒注册的窗口,老是自动弹出。
1.释放病毒文件
C:Documents and SettingsAll UsersApplication DataAdsl Software Limited
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007BASE
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007BASEvbase.dat
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007MalWarrior.exe
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007program.id
C:Documents and SettingsAll UsersApplication DataAdsl Software LimitedMalWarrior 2007program.ini
C:Documents and SettingsAll Users「开始」菜单程序MalWarrior 2007
C:Documents and SettingsAll Users「开始」菜单程序MalWarrior 2007MalWarrior 2007.lnk
C:Documents and SettingsfishApplication DataAdsl Software Limited
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007BASE
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007BASEvbase.dat
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007DELETED
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007LOG
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007LOG20080610154531515.log
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007program.ini
C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007SAVED
C:Documents and SettingsfishLocal SettingsTempmw4setup.exe
C:Documents and SettingsfishLocal SettingsTemporary Internet FilesContent.IE5R146ZVU7Install527[1].exe
C:Program FilesMalWarrior 2007
C:Program FilesMalWarrior 2007MWLauncher.exe 286KB
C:Program FilesMalWarrior 2007unins000.dat 2KB
C:Program FilesMalWarrior 2007unins000.exe
2.创建键值,建立服务,可以自启动
HKEY_CLASSES_ROOTTacOnlyOne MalWarrior dword:0032013c
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
MalWarrior ""C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe" /autorun"
HKEY_USERSS-1-5-21-1060284298-1085031214-725345543-1003SoftwareMicrosoftWindowsCurrentVersionRun
MalWarrior ""C:Documents and SettingsfishApplication DataAdsl Software LimitedMalWarrior 2007Malwarrior.exe" /autorun"
3.间谍软件安装结束后会自动扫描出很多的病毒,其实都是间谍软件自己下载的和安装的,然后强制用户缴费激活软件杀毒,而且
难以停止提醒注册的窗口,老是自动弹出。
回复
评论病毒
