扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
这是一个诈骗钱财的间谍软件。它伪装为杀毒软件,骗取用户点击。当它当运行起来,就会下载大量的病毒到系统中,然后假装查杀出很多病毒,要用户缴费激活软件杀毒。
1.释放病毒文件
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\BASE
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.id
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini
C:\Documents and Settings\All Users\「开始」菜单\程序\MalWarrior 2007
C:\Documents and Settings\All Users\「开始」菜单\程序\MalWarrior 2007\MalWarrior 2007.lnk
C:\Documents and Settings\fish\Application Data\Adsl Software Limited
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\BASE
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\DELETED
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\LOG
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080610154531515.log
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\SAVED
C:\Documents and Settings\fish\Local Settings\Temp\mw4setup.exe
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\R146ZVU7\Install527[1].exe
C:\Program Files\MalWarrior 2007
C:\Program Files\MalWarrior 2007\MWLauncher.exe 286KB
C:\Program Files\MalWarrior 2007\unins000.dat 2KB
C:\Program Files\MalWarrior 2007\unins000.exe
2.创建键值,建立服务,可以自启动
HKEY_CLASSES_ROOT\TacOnlyOne MalWarrior dword:0032013c
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior ""C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe" /autorun"
HKEY_USERS\S-1-5-21-1060284298-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior ""C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe" /autorun"
3.间谍软件安装结束后会自动扫描出很多的病毒,其实都是间谍软件自己下载的和安装的,然后强制用户缴费激活软件杀毒,而且
难以停止提醒注册的窗口,老是自动弹出。
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号