12 symptoms and solutions for modifying the registry on a malicious webpage (1)

When we browse the Web page, it is easy to cause the registry to be modified, so that IE connects to the home page, title bar, and IE right-click menu by default, and the address when browsing the Web page is mostly advertisement information ), what's more, when the browser's computer is started, a prompt window is displayed to display its own advertisement, which is becoming increasingly popular. What should we do in this situation?
1. Reasons for Registry Modification and Solutions
In fact, this malicious webpage is an ActiveX webpage file containing harmful code. The advertisement information is generated because the browser's registry is maliciously changed.
1. The default Internet Explorer homepage is modified.
The title bar at the top of IE browser is changed to "welcome to visit ...... Website "style, which is the most common means of tampering, with a large number of victims.
The modified registry project is:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main \ Start Page
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Start Page
Modify the key value of "Start Page" to modify the default homepage connection of Browser IE, for example, browsing "Wan Hua Gu" will change your IE default connection home page to "http://on888.home.chinaren.com", even out of their own home page for advertising purposes, it seems too domineering, this is also the reason for this kind of webpage dislike.
Solution:
① After Windows is started, click the "Start"> "run" menu item, type regedit in the "open" column, and press the "OK" key;
② Expand the Registry
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main
Under, double-click the string value "Start Page" in the right pane and change the key value of Start Page to "about: blank;
③ Similarly, expand the Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main
In the right half window, find the string value "Start Page" and process it as described in section ②.
④ Exit the Registry Editor and restart the computer. Everything is OK!
Special Example:After the start page of IE is changed to some Web sites, even if you have modified the settings through the options, it will become their Web site after the restart, which is very difficult. In fact, they added a self-running program to your machine, which will set your IE start page as their website at system startup.
Solution:Run the Registration Table editor regedit.exe and expand
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Current Version \ Run
The primary key, then delete the registry.exe sub-key, then delete the self-running Program c: \ Program Files \ registry.exe, and then reset the start page from the IE option.
2. tampered with IE's ghost page
After some IE is changed to the start page, even if the "use history page" is set, it is still invalid because the history page of the IE start page is also tampered. Specifically, the following registry key is modified:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Main \ Default_Page_URL
The key value of the subkey "Default_Page_URL" is the homepage page of the start page.
Solution:
Run the Registry Editor, expand the sub-keys, and change the modified URLs in the Default_Page_UR sub-keys, or set them to the default values of IE.
3. Modify the default homepage of IE browser, and lock the settings to prevent the user from returning the settings.
The following key values set by IE in the Registry are modified (optional when the DWORD value is 1 ):
[HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] "Settings" = dword: 1
[HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] "Links" = dword: 1
[HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel] "SecAddSites" = dword: 1
Solution:
Change the preceding DWORD Value to "0" to restore the function.
4. The default homepage gray button of IE is not optional.
This is because the Registry HKEY_USERS \. DEFAULT \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel
The key value of the DWORD Value "homepage" under is modified. The original key value is "0" and is changed to "1", that is, gray is not optional ).
Solution:
Change the "homepage" key to "0.
5. the IE title bar is modified.
By default, the application itself provides information about the title bar. However, you can add information to the registry project, some malicious websites use this to succeed: they change the key value under the string value Window Title to their website name or more advertisement information, to change the title bar of the Browser IE.
Specifically, the modified registry project is:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main \ Window Title
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \ Window Title
Solution:
① After Windows is started, click the "Start"> "run" menu item, type regedit in the "open" column, and press the "OK" key;
② Expand the Registry
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Main
Next, find the string value "Window Title" in the right half of the Window, delete the string value, or change the key value of Window Title to "IE browser" and your favorite name;
③ Similarly, expand the Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main
Then, follow the method described in section ②.
④ Exit the Registry Editor, restart the computer, and run IE. You will find the problem solved!
6. the IE shortcut menu is modified.
The registry project to be modified is:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ MenuExt
The advertisement information of the newly created webpage is displayed in the IE right-click menu!
Solution:
Open the registration editor and find
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ MenuExt
Just delete the relevant ad provisions. Be sure not to delete the Download Software FlashGet and Netants. These two are "normal, unless you do not want to see them in the right-click menu of IE.
7. IE default search engine modified
There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website. The reason for this is that the following registry is modified:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Search \ CustomizeSearch
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Internet Explorer \ Search \ SearchAssistant
Solution:
Run the Registry Editor, expand the sub-keys, and change the key values of "CustomizeSearch" and "SearchAssistant" to the URL of a search engine.
8. A dialog box is displayed when the system is started.
The modified registry project is:
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon
The strings "LegalNoticeCaption" and "LegalNoticeText" are created. "LegalNoticeCaption" is the title of the prompt box, and "LegalNoticeText" is the text content of the prompt box. Because of their existence, every time we log on to the Windwos desktop, a prompt window appears to display the advertisement information of those webpages! You see, how annoying!
Solution:
Open Registry Editor and find
HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ CurrentVersion \ Winlogon
This primary key, and then find the "LegalNoticeCaption" and "LegalNoticeText" strings in the right window. Deleting these two strings can solve the problem of prompt boxes during login.