PC in Danger: SystemWarrior

1. What is SystemWarrior?

SystemWarrior is a computer program designed for the purpose to deceive internet users, by asking them to pay for useless software. The main task - using fraudulent techniques, convince user that the computer system is infected with viruses and requires immediate assistance. SystemWarrior is installed by Trojan.FakeSmoke and is closely related to fake Windows Security Center and Internet browser redirects (a notification of a virus attack along with recommended false computer security application will be displayed instead of a website user is expecting to view).

All of the alerts generated by SystemWarrior are faked and used only in order to scare user, making him to seek for possible solutions. In fact, a solution is offered at the same time - rogue application, which has to be downloaded. SystemWarrior is one of them. Here are fake alerts generated by SystemWarrior:

Spyware Alert!
Your computer is infected with spyware. It could damage your critical files or expose your private data on the internet. Click here to register your copy of SystemWarrior and remove spyware threats from your PC.
Attention: DANGER!
SystemWarrior has detected 721 critical spyware objects while scanning the system. Register SystemWarrior to block or remove threatening objects. Click "Remove" to register the version to render revealed threats.
Windows Security Center
Your computer is infected by spyware - threat have been found while scanning your files and registry. It is strongly recommended that you disinfect your PC and activate realtime protection against future intrusions. Register the SystemWarrior antispyware to clean your computer and prevent new security and privacy attacks. You will be able to downloads database updates and get online protection against internet attacks.
Infiltration Alert!
Your computer is being attacked by an internet virus. It could be a password-stealing attack, a trojan-dropper or similar. Do you want SystemWarrior to block this attack?

Right after user downloaded and installed rogue program (automatic download and installation may be common for some rogue applications), simulated computer scan for viruses, Trojans and other threats will be launched. To show user that viruses exist, during SystemWarrior installation over 700 different chaotically-named files will be uploaded to C:\Windows\ and C:\Windows\System32\ directories, assigning them the names of various threats. After the "scan" is done, user will be prompted about malicious objects by supplying the report, which is significantly overstated. Objects in the report cannot harm the computer, more serious problem - SystemWarrior itself, so it must be removed as soon as possible.

2. SystemWarrior screen shot:

3. How to remove SystemWarrior:

Internet connection might be disabled or Internet browser might be blocked by SystemWarrior, so it won't be possible to download any files to infected computer. In this case please download all files required for SystemWarrior removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
To remove SystemWarrior download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:
After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove SystemWarrior.
Restart the computer to complete SystemWarrior removal procedure.

4. SystemWarrior files:

SystemWarrior.exe, cfr2.tmp.exe

5. Hijackthis entries:

O4 - HKLM\..\Run: [SystemWarrior] "C:\Program Files\SystemWarrior Software\SystemWarrior\SystemWarrior.exe" -min

O4 - HKCU\..\Run: [cfr2.tmp.exe] C:\WINDOWS\system32\cfr2.tmp.exe