Analysis of various malicious web pages and Internet Explorer vulnerability Countermeasures

In the past, I often heard a friend say that I only watch the news on the Internet and check some materials. I Don't download things, I don't receive emails, but what is virus? Today, Internet vulnerabilities such as Internet Explorer allow you to browse the Web page to make your computer look beyond the control of your computer, or drive disks, or even Trojans, spread viruses, in addition, the spread of this form is getting worse and worse, so I have to talk less about it. Now I want to analyze all kinds of malicious web pages.
Before analyzing the analysis, we will first introduce how to modify the Registry. Because the registry is a hub in Web viruses, it is used to make your computer completely invisible.
Method 1: direct modification
Regedit is typed in the run and then edited. This is the usual method for modifying the registry.
Method 2: reg package import Method
Now we will take unlocking the Registry as an example (in fact, it is better and more convenient to unlock the registry using tools such as rabbit. Here we just explain how to build the reg package)
For WIN 9x/ME/NT 4.0, save the following content as the *. reg file in notepad and import it.

REGEDIT4
A blank line is required. Otherwise, the modification will fail.
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"DisableRegistryTools" = dword: 00000000

For Windows 2000 or XP, change REGEDIT4 to Windows Registry Editor Version 5.00.

Method 3: inf Installation Method
For 98/ME, save the following content as a. inf suffix file, right-click the file and select install

[Version]
Signature = "$ CHICAGO $"
[Defainstall install]
ADDREG = unlock. ADD. REG
DELREG = unlock. DEL. REG
[Unlock. ADD. REG]
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciessystem
[Unlock. DEL. REG]
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciessystem

If it is 2000 or XP, change CHICAGO to Windows NT
For other modified formats, I will not mention them here. You can find the materials by yourself. If you do not have any other inf packages, you can contact me :)

Method 4: vbs script
Save the following content as a. vbs suffix File
Dim unlock
Set unlock = WScript. CreateObject ("WScript. Shell ")
Unlock. Popup "unlocks the registry for you"
Unlock. RegWrite "HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesSystemDisableRegistryTools" 0 "REG_DWORD"

Method 5: Hehe, uses his own way to cure his own body. I will not describe it here (I will go to the Internet to find information myself)
Edit the Registry in DOS.
Please remember to back up the registry before modifying the registry !! Remember !!
Now that we know the method, we can analyze all kinds of malicious websites and their strategies.
Malicious websites can be divided into the following categories:
1. Use the IE text vulnerability to modify the Registry through the edited script.
1. Slightly modify the Registry: for example, title blocking, default homepage, search page, and add advertisement. Let's take a look at the original code section.
// A. setCLSID ("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}"); the malicious web page uses this ID to modify the registry.
// Shl. regWrite ("HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer \ NoRun" 01 "REG_BINARY"); this code disappears your running menu.
Clear method:
This article does not provide a general solution for the browser to be modified, because there are many articles on how to restore the Registry by repairing the Registry on the Internet.
In my opinion, this type of modification can generally be repaired using the registry Repair Tool without manual modification.
Commonly used tools include: Super Rabbit magic, Master optimization, 3721 magic gem, and IE repair device that comes with anti-virus king.
Rising registry repair tools5Page % 20% 201% 20% 202% 20% 203% 20% 204% 20% 20% 20

% 20