Wednesday 11 November 2009

SystemWarrior Malware

Ran into a new faked anti-virus program today called System Warrior. It claims to have found lots of malware on a clean system:



I've pasted the FreeFixer log from the infected system below, and marked the malware items in red. Hopefully this will help you to remove SystemWarrior:

FreeFixer v0.49 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-11 14:51


Registry Startups (3 whitelisted)
HKLM\..\Run, SystemWarrior = "C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe" -min
HKCU\..\Run, zrn6.tmp.exe = C:\WINDOWS\system32\zrn6.tmp.exe

Processes (21 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\zrn6.tmp.exe
C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe

Recently created/modified files (16 whitelisted)
0 minutes, c:\Program Files\SystemWarrior Software\SystemWarrior\Uninstall.exe
0 minutes, c:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
0 minutes, c:\WINDOWS\system32\zrn6.tmp.exe
0 minutes, c:\Documents and Settings\roger\Local Settings\Temp\zrn6.tmp.exe
0 minutes, c:\Documents and Settings\roger\Local Settings\Temp\tbg5.tmp.exe


End of FreeFixer log

No comments:

Post a Comment