Manually repair the tampered browser Homepage

Rogue websites, as the name suggests, are those websites that use improper means to modify your homepage. They emerged after the decline of notorious rogue software. Some rogue websites also carry together with viruses and use some Trojans to spread together to calculate your computer.
Setting the default homepage is a normal user behavior. Anti-virus software cannot determine whether the browser homepage is set by the user or tampered with. Therefore, anti-virus software basically listens to and does not intercept the fixing of the homepage, you don't have to count on anti-virus software to clear rogue websites.

Of course, there are many ways to fix the home page, such as clicking "use lifecycle page" (figure 1) in Internet properties and using some security auxiliary tools, but you will find these previously very clever methods, it doesn't work very well now. After using the Security Repair Tool to repair the home page, it was not long before the home page was tampered with and cannot be completely repaired. What should I do to completely fix the homepage?

Basic requirements: completely clear rogue websites

In the face of rogue websites occupying the browser home page, it is useless to go crazy. How can we clear rogue websites?

You must first consider the situation that can be completely repaired once. The system Repair Tool SREng [Download] We previously introduced has a lot to do here. Start SREng and check if there is any registry key marked in red in "startup project". Delete the key if any. You can also click "System Repair", click "Advanced Repair", and select "Automatic Repair" to repair the system.

Run security guard 360 again, click "advanced" (Figure 2), set it on the "repair IE" tab by default, and then click "repair now. After this operation, you can open the browser to find that the homepage is a blank page by default, and the rogue website is "opened.

If the browser homepage is tampered with after the restart, it is necessary to consider that the rogue website is related to a program. The rogue website is included in the program and cannot be easily cleared, so it is best to uninstall the program directly. So how can we determine which program has a problem?

Think about what programs you downloaded and what programs you run before the browser goes wrong. You can take troubleshooting methods to solve them, test them one by one, and finally lock the problematic program and uninstall it. This process takes some time and patience.

Advanced Analysis: Why is the homepage tampered?

Cause 1: Use Rootkit to tamper with the homepage

The above method has been used to clear rogue websites, and now it is easy. But you may be curious, why are we using such a complicated method to clear rogue websites? Why does a simple Internet attribute repair fail? So we have to talk about the Rootkit Technology Used by rogue websites.

Knowledge: the operating system consists of the kernel and the shell. The kernel runs on the Ring 0 level and has the most complete and lowest-layer management functions, the system core module and various driver modules are located on the Ring 0 layer. Almost all commands are passed to the kernel to determine whether to execute them. Once a command that may cause damage to the system is found, the kernel returns an "unauthorized" flag, the program that sends this command may be terminated.

With the Rootkit Technology, a rogue website can have the same running level as the kernel to enter the kernel space, so that it has the same access permissions as the kernel, can modify kernel commands. Therefore, when you use a single Repair Tool to repair the browser homepage, this command will be intercepted and tampered with by a rogue website using the Rootkit Technology when you enter the system kernel, thus the command will become useless, the repair tool does not work. 9348 and kuku530 are representative of this technology.

Cause 2: Take the bundle route

Why do some rogue websites frequently tamper with the home page and will appear soon after it is cleared? This is because, in addition to using Rootkit Technology to protect yourself, rogue websites also have a way to occupy the browser homepage, that is, bundling. When a program runs, it activates them and changes the homepage. The disadvantage of this method is that it is easy to repair and cannot be completely repaired.

Most programs that bundle rogue websites are frequently used, such as various plug-ins, crack patches, and game clients. For example, you download a game plug-in from a software download site. When you run a game plug-in, the rogue website embedded in the plug-in will judge the browser homepage, modify the homepage if it is not your own, and skip it if it is your own.

In addition to common programs, rogue websites will also be bundled with other things, such as the operating system (114la, tomatolei), optimization software (930930 ), what's more funny is that some so-called ie protection tools will tamper with the home page (Figure 3 ).