Im-Infected / Rogue / System Warrior

System Warrior

This part of web site contains full description and analysis on System Warrior as well as removal procedures and necessary tools.

Options : » Discuss » Print » Bookmark

Date Posted: November 11th, 2009

Discussion: No Response

System Warrior is a counterfeit security application originating from the authors of the WiniSoft family of fake security programs. System Warrior can sneak invade a computer together with a Trojan that can disable installed antivirus program to prevent detection. System Warrior will set itself to run on Windows start-up by making changes on the registry, adding its own entries.

During its stay on computer, SystemWarrior virus will prove its dominance by disabling various Windows functionalities including Task Manager, Folder Options and Registry Editor. SystemWarrior will also block Internet access of the affected computer instead it will display a fake error page that will lead users to a malicious websites. Never download and install a program from unknown sources. Uninstall this threat and use a legitimate program as SystemWarrior removal tool.

Type Rogue
Sub-Type FakeAV
Aliases  
OS Affected Windows
Detected By MalwareBytes

What are the Symptoms of System Warrior Infection?

Users will be redirected to SystemWarrior – Online Protection where installation files will be downloaded to visitors computer.

systemwarrior

It will modify Windows Registry and add the following entries:

  • HKEY_CURRENT_USER\Software\SystemWarrior
  • HKEY_LOCAL_MACHINE\SOFTWARE\SystemWarrior
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “gwy8.tmp.exe”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SystemWarrior
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “SystemWarrior”

The threat will drop the following malicious files:

  • %Documents and Settings%\All Users\Start Menu\Programs\SystemWarrior\1 SystemWarrior.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\SystemWarrior\2 Homepage.lnk
  • %Documents and Settings%\All Users\Start Menu\Programs\SystemWarrior\3 Uninstall.lnk
  • %Documents and Settings%\All Users\Desktop\SystemWarrior.lnk
  • %Program Files%\SystemWarrior Software\SystemWarrior\SystemWarrior.exe
  • %Program Files%\SystemWarrior Software\SystemWarrior\gwy8.tmp.exe

How to Remove System Warrior Manually

1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode

2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary

3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.

4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.

How to Easily Remove SystemWarrior

1. Download and run Removal Tool to remove SystemWarrior

System Warrior Discussions

  1. No comments yet.
  1. No trackbacks yet.