Reasons for the registry being modified and how to fix it:
In fact, the malicious Web page is an ActiveX Web file containing harmful code that appears because the browser's registry was maliciously altered.
1, ie default connection home was modified
IE browser above the title bar is changed to "Welcome to visit the website" style, which is the most common tampering means, the number of victims.
The registry entries that were changed are:
Hkey_local_machinesoftwaremicrosoftinternet Explorermainstart Page
Hkey_current_usersoftwaremicrosoftinternet Explorermainstart Page
By modifying the "Start Page" key value, to modify the browser IE default connection to the home page, such as browsing "* * *" will be your IE default connection to change the homepage of the http://ppw.****.com ", even for the purpose of advertising their home page, Also appear to be too overbearing some, this is also this kind of webpage is disgusting reason.
Solution:
A. Registration Form Law:
① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field, and then press "OK" button;
② Expand the registry to
Hkey_local_machinesoftwaremicrosoftinternet Explorermain, in the right half of the window find the String value "Start Page" double click to change the key value of the start page to "About:blank To
③ Similarly, expand the registry to Hkey_current_usersoftwaremicrosoftinternet Explorermain
The string value "Start Page" is found in the right half window, and then processed by the method described in ②.
④ quit Registry Editor, restart the computer, everything OK!
Special example: When IE's starting page becomes a certain URL, even if you modify the settings through the options, restart will become their web site, very difficult. In fact, they are in your machine to add a self running program, it will start the system will be your IE start page to their site.
Solution:
Run Registry Editor Regedit.exe, and then expand
Hkey_local_machinesoftwaremicrosoftwindowscurrent Versionrun The primary key, then deletes the Registry.exe subkey under it, and then deletes the running program C:Program Files Egistry.exe, finally reset the start page from the IE option.
2, tampering with IE's default page
Some IE have been changed to the start page, even if the "Use default page" is set still invalid, because the IE start Page's default page has also been tampered with. Specifically, the following registry key is modified:
Hkey_local_machinesoftwaremicrosoftinternet Explorer
The key value of the Maindefault_page_url "Default_Page_URL" is the default page for the start page.
Solution:
A. Run the Registry Editor, and then expand the subkey above, the "Default_page_ur" subkeys in the key values of those tampering with the Web site is good, or set to the default value of IE.
B.msconfig some or the program written to the hard disk, restart the computer after the home page settings have been changed back, you can use the System Configuration Utility to solve. Start-run, type msconfig Click OK, switch to the Startup tab in the pop-up window, and disable the suspect program startup entry.
3, modify IE Browser default home page, and lock settings, prohibit users to change back.
The main is modified in the registry of IE settings in the following key values (DWORD value is 1 is not optional):
[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan
El] "Settings" =dword:1
[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan
El] "Links" =dword:1
[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan
El] "Secaddsites" =dword:1
Solution:
Change the above DWORD value to "0" to restore functionality.
4, IE's default home page Gray button is not optional
This is due to registry HKEY_USERS. Defaultsoftwarepoliciesmicrosoftinternet Explorercontrol Panel under the DWORD Value "Homepage" The key value was modified for the sake of. The original key value is "0" and is modified to "1" (that is, the gray-not-selectable state).
Solution:
Change the key value of "homepage" to "0".
5, IE title bar was modified
In the default state of the system, the application itself provides information about the title bar, but it also allows users to add information to the registry entries themselves, and some malicious websites take advantage of this: they change the key values under String window title to their website name or more advertising information, So as to change the viewer IE title bar.
The registry entries that are specifically changed are:
Hkey_local_machinesoftwaremicrosoftinternet Explorermainwindow Title
Hkey_current_usersoftwaremicrosoftinternet Explorermainwindow Title
Solution:
① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field, and then press "OK" button;
② Expand the registry to
Hkey_local_machinesoftwaremicrosoftinternet Explorermain, locate the String value "window title" in the right half window, delete the string value, or change the key value of window title to "IE browser" and so you like the name;
③ Similarly, expand the registry to
Hkey_current_usersoftwaremicrosoftinternet Explorermain is then processed by the method described in ②.
④ quit Registry Editor, restart your computer, run IE, and you'll find that the problem that bothers you is solved!
6, IE right button menu was modified
The registry entries that were modified are:
Hkey_current_usersoftwaremicrosoftinternet Explorermenuext is created under the new Web page advertising information, and thus in the IE right-click menu appears!
Solution:
Open the registration Mark Editor to find
Hkey_current_usersoftwaremicrosoftinternet Explorermenuext
Delete the relevant advertising provisions can be, pay attention not to download software flashget and netants also deleted Ah, these two are "normal" ah, unless you do not want to see them in IE's right-click menu.
7, ie default search engine was modified
In IE browser's toolbar has a search engine's tool button, can realize the network search, is tampered with only then clicks that Search Tool button to link to that tampering website. This behavior occurs because the following registry is modified:
Hkey_local_machinesoftwaremicrosoftinternet Explorersearchcustomizesearch
Hkey_local_machinesoftwaremicrosoftinternet explorersearchsearchassistant
Solution:
Run Registry Editor, expand the above subkeys in turn, and then "Customizesearch" and "Searchassis"
Tant "of the key value to a search engine URL can be.
8. Pop-up dialog box when system starts
The registry entries that were changed are:
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogon
The string "LegalNoticeCaption" and "LegalNoticeText" are built under it, where "legalnoticecaption" is the caption of the balloon, and "LegalNoticeText" is the text content of the prompt box. Because of their existence, so that every time we log on to the Windwos desktop, there is a prompt window, display those Web page advertising information! Look, how annoying!
Solution:
Open Registry Editor to find
Hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogon
This primary key, and then find the "LegalNoticeCaption" and "Legalnoticetex" in the right window.
T "These two strings, the deletion of these two strings can be resolved when landing a prompt box phenomenon.
9. Browsing the Web page registry is disabled
This is due to the registration form
Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciessystem under the DWORD value "DisableRegistryTools" was modified to "1" for the sake of Restore the use of the registry by restoring its key value to "0".
Solutions
Use the Notepad program to create a file with Reg as the suffix name, and copy the following content to it:
REGEDIT4
[Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciessystem
] "DisableRegistryTools" =dword:00000000
10, browsing the Web Start menu has been modified
This is the most "ruthless" one, so that visitors have the feeling of living as dead. After browsing, not only the symptoms described above, but also the following more tragic experience:
1) Prohibit "shutdown system"
2) prohibit "Run"
3) prohibit "cancellation"
4 Hide C disk-You can't find the C disk!
5) prohibit the use of Registry Editor regedit
6) prohibit the use of DOS programs
7 The system can not enter the "real mode"
11, view the "source file" menu is disabled
Click "View" → "source file" in IE window and find the "source file" menu has been disabled.
8) prohibit running any program
12, ie in the right mouse button failure
After browsing the Web page in IE, the right mouse button failure, click the right button without any response!
Note : More attention to the computer Tutorials section, triple Computer office group: 189034526 welcome you to join