Why the registry was modified and how to fix it

Reasons for the registry being modified and how to fix it:

In fact, the malicious Web page is an ActiveX Web file containing harmful code that appears because the browser's registry was maliciously altered.

1, ie default connection home was modified

IE browser above the title bar is changed to "Welcome to visit the website" style, which is the most common tampering means, the number of victims.

The registry entries that were changed are:

Hkey_local_machinesoftwaremicrosoftinternet Explorermainstart Page

Hkey_current_usersoftwaremicrosoftinternet Explorermainstart Page

By modifying the "Start Page" key value, to modify the browser IE default connection to the home page, such as browsing "* * *" will be your IE default connection to change the homepage of the http://ppw.****.com ", even for the purpose of advertising their home page, Also appear to be too overbearing some, this is also this kind of webpage is disgusting reason.

Solution:

A. Registration Form Law:

① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field, and then press "OK" button;

② Expand the registry to

Hkey_local_machinesoftwaremicrosoftinternet Explorermain, in the right half of the window find the String value "Start Page" double click to change the key value of the start page to "About:blank To

③ Similarly, expand the registry to Hkey_current_usersoftwaremicrosoftinternet Explorermain

The string value "Start Page" is found in the right half window, and then processed by the method described in ②.

④ quit Registry Editor, restart the computer, everything OK!

Special example: When IE's starting page becomes a certain URL, even if you modify the settings through the options, restart will become their web site, very difficult. In fact, they are in your machine to add a self running program, it will start the system will be your IE start page to their site.

Solution:

Run Registry Editor Regedit.exe, and then expand

Hkey_local_machinesoftwaremicrosoftwindowscurrent Versionrun The primary key, then deletes the Registry.exe subkey under it, and then deletes the running program C:Program Files Egistry.exe, finally reset the start page from the IE option.

2, tampering with IE's default page

Some IE have been changed to the start page, even if the "Use default page" is set still invalid, because the IE start Page's default page has also been tampered with. Specifically, the following registry key is modified:

Hkey_local_machinesoftwaremicrosoftinternet Explorer

The key value of the Maindefault_page_url "Default_Page_URL" is the default page for the start page.

Solution:

A. Run the Registry Editor, and then expand the subkey above, the "Default_page_ur" subkeys in the key values of those tampering with the Web site is good, or set to the default value of IE.

B.msconfig some or the program written to the hard disk, restart the computer after the home page settings have been changed back, you can use the System Configuration Utility to solve. Start-run, type msconfig Click OK, switch to the Startup tab in the pop-up window, and disable the suspect program startup entry.

3, modify IE Browser default home page, and lock settings, prohibit users to change back.

The main is modified in the registry of IE settings in the following key values (DWORD value is 1 is not optional):

[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan

El] "Settings" =dword:1

[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan

El] "Links" =dword:1

[Hkey_current_usersoftwarepoliciesmicrosoftinternet Explorercontrol Pan

El] "Secaddsites" =dword:1

Solution:

Change the above DWORD value to "0" to restore functionality.

4, IE's default home page Gray button is not optional

This is due to registry HKEY_USERS. Defaultsoftwarepoliciesmicrosoftinternet Explorercontrol Panel under the DWORD Value "Homepage" The key value was modified for the sake of. The original key value is "0" and is modified to "1" (that is, the gray-not-selectable state).

Solution:

Change the key value of "homepage" to "0".

5, IE title bar was modified

In the default state of the system, the application itself provides information about the title bar, but it also allows users to add information to the registry entries themselves, and some malicious websites take advantage of this: they change the key values under String window title to their website name or more advertising information, So as to change the viewer IE title bar.

The registry entries that are specifically changed are:

Hkey_local_machinesoftwaremicrosoftinternet Explorermainwindow Title

Hkey_current_usersoftwaremicrosoftinternet Explorermainwindow Title

Solution:

① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field, and then press "OK" button;

② Expand the registry to

Hkey_local_machinesoftwaremicrosoftinternet Explorermain, locate the String value "window title" in the right half window, delete the string value, or change the key value of window title to "IE browser" and so you like the name;

③ Similarly, expand the registry to

Hkey_current_usersoftwaremicrosoftinternet Explorermain is then processed by the method described in ②.

④ quit Registry Editor, restart your computer, run IE, and you'll find that the problem that bothers you is solved!

6, IE right button menu was modified

The registry entries that were modified are:

Hkey_current_usersoftwaremicrosoftinternet Explorermenuext is created under the new Web page advertising information, and thus in the IE right-click menu appears!

Solution:

Open the registration Mark Editor to find

Hkey_current_usersoftwaremicrosoftinternet Explorermenuext

Delete the relevant advertising provisions can be, pay attention not to download software flashget and netants also deleted Ah, these two are "normal" ah, unless you do not want to see them in IE's right-click menu.

7, ie default search engine was modified

In IE browser's toolbar has a search engine's tool button, can realize the network search, is tampered with only then clicks that Search Tool button to link to that tampering website. This behavior occurs because the following registry is modified:

Hkey_local_machinesoftwaremicrosoftinternet Explorersearchcustomizesearch

Hkey_local_machinesoftwaremicrosoftinternet explorersearchsearchassistant

Solution:

Run Registry Editor, expand the above subkeys in turn, and then "Customizesearch" and "Searchassis"

Tant "of the key value to a search engine URL can be.

8. Pop-up dialog box when system starts

The registry entries that were changed are:

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogon

The string "LegalNoticeCaption" and "LegalNoticeText" are built under it, where "legalnoticecaption" is the caption of the balloon, and "LegalNoticeText" is the text content of the prompt box. Because of their existence, so that every time we log on to the Windwos desktop, there is a prompt window, display those Web page advertising information! Look, how annoying!

Solution:

Open Registry Editor to find

Hkey_local_machinesoftwaremicrosoftwindowscurrentversionwinlogon

This primary key, and then find the "LegalNoticeCaption" and "Legalnoticetex" in the right window.

T "These two strings, the deletion of these two strings can be resolved when landing a prompt box phenomenon.

9. Browsing the Web page registry is disabled

This is due to the registration form

Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciessystem under the DWORD value "DisableRegistryTools" was modified to "1" for the sake of Restore the use of the registry by restoring its key value to "0".

Solutions

Use the Notepad program to create a file with Reg as the suffix name, and copy the following content to it:

REGEDIT4

[Hkey_current_usersoftwaremicrosoftwindowscurrentversionpoliciessystem

] "DisableRegistryTools" =dword:00000000

10, browsing the Web Start menu has been modified

This is the most "ruthless" one, so that visitors have the feeling of living as dead. After browsing, not only the symptoms described above, but also the following more tragic experience:

1) Prohibit "shutdown system"

2) prohibit "Run"

3) prohibit "cancellation"

4 Hide C disk-You can't find the C disk!

5) prohibit the use of Registry Editor regedit

6) prohibit the use of DOS programs

7 The system can not enter the "real mode"

11, view the "source file" menu is disabled

Click "View" → "source file" in IE window and find the "source file" menu has been disabled.

8) prohibit running any program

12, ie in the right mouse button failure

After browsing the Web page in IE, the right mouse button failure, click the right button without any response!

Note : More attention to the computer Tutorials section, triple Computer office group: 189034526 welcome you to join