Ran into a new faked anti-virus program today called System Warrior. It claims to have found lots of malware on a clean system:
I've pasted the FreeFixer log from the infected system below, and marked the malware items in red. Hopefully this will help you to remove SystemWarrior:
FreeFixer v0.49 log
http://www.freefixer.com/
Operating system: Windows XP Service Pack 2
Log dated 2009-11-11 14:51
Registry Startups (3 whitelisted)
HKLM\..\Run, SystemWarrior = "C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe" -min
HKCU\..\Run, zrn6.tmp.exe = C:\WINDOWS\system32\zrn6.tmp.exe
Processes (21 whitelisted)
C:\Program Files\FreeFixer\freefixer.exe
C:\DOCUME~1\roger\LOCALS~1\Temp\zrn6.tmp.exe
C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
Recently created/modified files (16 whitelisted)
0 minutes, c:\Program Files\SystemWarrior Software\SystemWarrior\Uninstall.exe
0 minutes, c:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
0 minutes, c:\WINDOWS\system32\zrn6.tmp.exe
0 minutes, c:\Documents and Settings\roger\Local Settings\Temp\zrn6.tmp.exe
0 minutes, c:\Documents and Settings\roger\Local Settings\Temp\tbg5.tmp.exe
End of FreeFixer log
Wednesday, 11 November 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment