12 symptoms and Correction Methods for modifying the registry on a malicious webpage

Source: Internet
Author: User
Recently, when users browse webpages, the Registry is modified. By default, ie connects the homepage, title bar, and IE shortcut menu to the address when Browsing webpages (mostly advertising information ), what's more, when the browser's computer is started, a prompt window is displayed to display its own advertisement, which is becoming increasingly popular. What should we do in this situation?

1. Reasons for Registry Modification and Solutions

In fact, this malicious webpage is an ActiveX webpage file containing harmful code. The advertisement information is generated because the browser's registry is maliciously changed.

1. The default Internet Explorer homepage is modified.

The title bar at the top of IE browser is changed to "welcome to visit ...... Website "style, which is the most common means of tampering, with a large number of victims.

The modified registry project is:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ Start page

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ Start page

Modify the key value of "start page" to modify the default homepage connection of Browser IE, for example, browsing "Wan Hua Gu" will change your IE default connection home page to "http://on888.home.chinaren.com", even out of their own home page for advertising purposes, it seems too domineering, this is also the reason for this kind of webpage dislike.

Solution:

① After windows is started, click the "Start"> "run" menu item, type Regedit in the "open" column, and press the "OK" key;

② Expand the Registry

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main

Under, double-click the string value "start page" in the right pane and change the key value of start page to "about: blank;

③ Similarly, expand the Registry

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main

In the right half window, find the string value "start page" and process it as described in section ②.

④ Exit the Registry Editor and restart the computer. Everything is OK!

Special Example: When the start page of IE is changed to some Web sites, even if you have modified it through the option settings, it will become their Web site again after restart, which is very difficult. In fact, they added a self-running program to your machine, which will set your IE start page as their website at system startup.

Solution: run the registration table editor regedit.exe and expand

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ current version \ Run

The primary key, then delete the registry.exe sub-key, then delete the self-running program c: \ Program Files \ registry.exe, and then reset the start page from the IE option.
2. tampered with IE's ghost page

After some IE is changed to the start page, even if the "use history page" is set, it is still invalid because the history page of the IE start page is also tampered. Specifically, the following registry key is modified:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \
Main \ default_page_url

The key value of the subkey "default_page_url" is the homepage page of the start page.

Solution:

Run the Registry Editor, expand the sub-keys, and change the modified URLs in the default_page_ur sub-keys, or set them to the default values of IE.

3. Modify the default homepage of IE browser, and lock the settings to prevent the user from returning the settings.

The following key values set by IE in the Registry are modified (optional when the DWORD value is 1 ):

[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Settings" = DWORD: 1

[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Links" = DWORD: 1

[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Secaddsites" = DWORD: 1

Solution:

Change the preceding DWORD Value to "0" to restore the function.

4. The default homepage gray button of IE is not optional.

This is because the Registry HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel

The key value of the DWORD Value "Homepage" under is modified. The original key value is "0" and is changed to "1" (that is, gray is not optional ).

Solution:

Change the "Homepage" key to "0.

5. the IE title bar is modified.

By default, the application itself provides information about the title bar. However, you can add information to the registry project, some malicious websites use this to succeed: they change the key value under the string value window title to their website name or more advertisement information, to change the title bar of the Browser IE.

Specifically, the modified registry project is:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ window title

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ window title

Solution:

① After windows is started, click the "Start"> "run" menu item, type Regedit in the "open" column, and press the "OK" key;

② Expand the Registry

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main

Next, find the string value "window title" in the right half of the window, delete the string value, or change the key value of window title to "IE browser" and your favorite name;

③ Similarly, expand the Registry

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main

Then, follow the method described in section ②.

④ Exit the Registry Editor, restart the computer, and run ie. You will find the problem solved!
6. the IE shortcut menu is modified.

The registry project to be modified is:

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext

The advertisement information of the newly created webpage is displayed in the IE right-click menu!

Solution:

Open the registration editor and find

HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext

Just delete the relevant ad provisions. Be sure not to delete the Download Software flashget and NetAnts. These two are "normal, unless you do not want to see them in the right-click menu of IE.

7. ie default search engine modified

There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website. The reason for this is that the following registry is modified:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ customizesearch

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ searchassistant

Solution:

Run the Registry Editor, expand the sub-keys, and change the key values of "customizesearch" and "searchassistant" to the URL of a search engine.

8. A dialog box is displayed when the system is started.

The modified registry project is:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Winlogon

The strings "legalnoticecaption" and "legalnoticetext" are created. "legalnoticecaption" is the title of the prompt box, and "legalnoticetext" is the text content of the prompt box. Because of their existence, every time we log on to the windwos desktop, a prompt window appears to display the advertisement information of those webpages! You see, how annoying!

Solution:

Open Registry Editor and find

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Winlogon

This primary key, and then find the "legalnoticecaption" and "legalnoticetext" strings in the right window. Deleting these two strings can solve the problem of prompt boxes during login.

9. browsing the Web page registry is disabled

This is because the Registry

HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System

The DWORD Value "disableregistrytools" under is changed to "1" and its key value is restored to "0.

Solution

Use the Notepad program to create a file suffixed with Reg, and copy the following content to it:

Regedit4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"Disableregistrytools" = DWORD: 00000000
10. the Start menu of the browser page is modified.

This is one of the most "cruel", making viewers feel inferior to dead. After browsing, not only do you have symptoms similar to those mentioned above, but you also have the following miserable experiences:

1) Disable "Shut down the system"
2) Disable "running"
3) "deregister" is prohibited"
4) Hide drive C-your drive C cannot be found!
5) forbidden to use Registry Editor regedit
6) prohibit the use of DOS Programs
7) Make the system unable to enter the "real mode"
8) prohibit any program from running.

For specific causes and solutions, please refer to this article in the topic "Browsing Web Registry Modification fans and Solutions" in the security path of enterprise e of Skynet.

The above is a common phenomenon of modifying the viewer's registry. When I browsed the webpage today, I accidentally came to a personal website and encountered a problem that I had never encountered before:

11. The shortcut menu in IE is invalid.

After browsing the Web page, the right-click in IE becomes invalid. Right-click does not respond!

12. Viewing the "source file" menu is disabled

In the IE window, click "View"> "Source File". The "source file" menu is disabled.

I didn't notice these two problems when I browsed the web page, because my friend told me something at the time, so I quit my computer and started connecting my computer to the Internet after dinner, in ie, the right-click is invalid, and the "source file" in the "View" menu is disabled. You cannot view the source file, but it is inconvenient to right-click the source file. You have to find a solution!

Find the latest Super Rabbit magic settings! It cannot be solved! It seems to be a new problem, but I am also an old revolution. This problem should be difficult for me. So I searched the registry and finally found out the problem.

In the past, my registry was modified on a malicious webpage. The specific location is:

In the Registry

HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer

Create the subkey "restrictions", and then create two DWORD values under "restrictions": "noviewsource" and "nobrowsercontextmenu", and assign the two DWORD values to "1 ".

In the Registry

HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions

Change the key values of "noviewsource" and "nobrowsercontextmenu" to "1 ".

By modifying these key values, you can right-click IE and disable the "source file" in the "View" menu. It should be noted that the registry mentioned at is actually equivalent to the branch of the registry mentioned at. Modify the registry key value mentioned at, and the registry key value in changes accordingly.

Solution:

After understanding the truth, it is much easier to solve the problem. The specific solution is to save the following content as a registry file with the suffix Reg, for example, unlock. reg, double-click unlock. reg imports the registry, and you do not need to restart the computer. re-run IE and you will find that the IE function is back to normal.

Regedit4

[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions]
"Noviewsource" = DWORD: 00000000
"Nobrowsercontextmenu" = DWORD: 00000000

[HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions]
"Noviewsource" = DWORD: 00000000
"Nobrowsercontextmenu" = DWORD: 00000000

Note that you have compiled the Registry File unlock. in Reg, "regedit4" must be capitalized, and it must be followed by a blank line. There must be no space between "4" and "T" in "regedit4, otherwise, the success will be abandoned! Many of my friends failed to write the Registry file because they did not notice the above content. This time, please pay attention to it. Note that if you are a Win2000 or WINXP user, change "regedit4" to Windows Registry Editor Version 5.00.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.