Win32.RiskWare.MalWarrior.g.208896 手动专杀及 病毒资料

这是一个诈骗钱财的间谍软件。它伪装为杀毒软件，骗取用户点击。当它当运行起来，就会下载大量的病毒到系统中，然后假装查杀出很多病毒，要用户缴费激活软件杀毒。

1.释放病毒文件
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\BASE
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\MalWarrior.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.id
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini
C:\Documents and Settings\All Users\「开始」菜单\程序\MalWarrior 2007
C:\Documents and Settings\All Users\「开始」菜单\程序\MalWarrior 2007\MalWarrior 2007.lnk
C:\Documents and Settings\fish\Application Data\Adsl Software Limited
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\BASE
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\BASE\vbase.dat
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\DELETED
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\LOG
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\LOG\20080610154531515.log
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\program.ini
C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\SAVED
C:\Documents and Settings\fish\Local Settings\Temp\mw4setup.exe
C:\Documents and Settings\fish\Local Settings\Temporary Internet Files\Content.IE5\R146ZVU7\Install527[1].exe
C:\Program Files\MalWarrior 2007
C:\Program Files\MalWarrior 2007\MWLauncher.exe 286KB
C:\Program Files\MalWarrior 2007\unins000.dat 2KB
C:\Program Files\MalWarrior 2007\unins000.exe

2.创建键值，建立服务，可以自启动
HKEY_CLASSES_ROOT\TacOnlyOne MalWarrior dword:0032013c

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior ""C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe" /autorun"

HKEY_USERS\S-1-5-21-1060284298-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run
MalWarrior ""C:\Documents and Settings\fish\Application Data\Adsl Software Limited\MalWarrior 2007\Malwarrior.exe" /autorun"

3.间谍软件安装结束后会自动扫描出很多的病毒，其实都是间谍软件自己下载的和安装的，然后强制用户缴费激活软件杀毒，而且

难以停止提醒注册的窗口，老是自动弹出。