12 symptoms and solutions for modifying the registry on a malicious webpage

Recently, when users browse webpages, the Registry is modified, by default, IE connects to the home page, title bar, and right-click IE menu to the address when browsing the Web page (mostly ad information and other annoying information ), in addition, when the browser's computer is started, a prompt window will display its own advertisement, and a lot of web pages will be automatically opened and become increasingly popular, especially in the office, you are caught off guard when you are not careful. What should we do in this situation?

1. Reasons for Registry Modification and Solutions
In fact, this malicious webpage is an ActiveX webpage file containing harmful code. The advertisement information is generated because the browser's registry is maliciously changed.

1. The default Internet Explorer homepage is modified.

The title bar at the top of IE browser is changed to the "welcome to the ****** Website" style, which is the most common means of tampering and has many victims.
The modified registry project is:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumermainstart Page
HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermainstart Page
Modify the key value of "Start Page" to modify the default homepage connection of Browser IE, for example, when you browse "*****", the default homepage of your IE connection will be changed to http: // ppw. ****. com ", even for the purpose of advertising their own home page, it seems too domineering, this is also the reason for this kind of Web Page dislike.

Solution:
A. Registry method:
① After Windows is started, click the "Start"> "run" menu item, type regedit in the "open" column, and press the "OK" key;
② Expand the Registry
Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumermain, double-click the string value "Start Page" in the right pane and change the key value of Start Page to "about: blank;
③ Expand the Registry to HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermain.
In the right half window, find the string value "Start Page" and process it as described in section ②.
④ Exit the Registry Editor and restart the computer. Everything is OK!

Special Example: When the start page of IE is changed to some Web sites, even if you have modified it through the option settings, it will become their Web site again after restart, which is very difficult. In fact, they added a self-running program to your machine, which will set your IE start page as their website at system startup.

Solution:

Run the Registration Table editor regedit.exe and expand
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrent versionrunkey, then delete the registry.exe sub-key, and then delete the self-running Program c: Program Filesegistry.exe. Finally, You can reset the start page from the IE option.


2. tampered with IE's ghost page
After some IE is changed to the start page, even if the "use history page" is set, it is still invalid because the history page of the IE start page is also tampered. Specifically, the following registry key is modified:
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet Explorer
The key value of the subkey MainDefault_Page_URL "Default_Page_URL" is the homepage page of the start page.

Solution:

A. Run the Registry Editor and expand the sub-key above to replace
Modify the website address of the website, or set it to the default value of IE.

B. Some msconfig programs are still written to the hard disk. After the computer is restarted, the homepage settings are changed back. In this case, you can use the system configuration utility. Start-run. Type msconfig and click "OK". In the displayed window, switch to the "Start" tab to disable suspicious program startup items.

3. Modify the default homepage of IE browser, and lock the settings to prevent the user from returning the settings.
The following key values set by IE in the Registry are modified (optional when the DWORD value is 1 ):
[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Pan
El] "Settings" = dword: 1
[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Pan
El] "Links" = dword: 1
[HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Pan
El] "SecAddSites" = dword: 1

Solution:
Change the preceding DWORD Value to "0" to restore the function.

4. The default homepage gray button of IE is not optional.
This is because the Registry hkey_users.defasoftwarepoliciesmicrosoftinternet E
The key value of the DWORD Value "homepage" in the xplorerControl Panel is modified. The original key value is "0" and is changed to"
1 "(Gray is not optional ).

Solution:

Change the "homepage" key to "0.

5. the IE title bar is modified.

By default, the application itself provides information about the title bar. However, you can add information to the registry project, some malicious websites use this to succeed: they change the key value under the string value Window Title to their website name or more advertisement information, to change the title bar of the Browser IE.

Specifically, the modified registry project is:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumermainwindow Title
HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermainwindow Title

Solution:

① After Windows is started, click the "Start"> "run" menu item, type regedit in the "open" column, and press the "OK" key;
② Expand the Registry
Under HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumermain, find the string value "Window Title" in the right half of the Window, delete the string value, or change the key value of Window Title to "IE browser" and your favorite name;
③ Similarly, expand the Registry
HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermain is then processed as described in ②.
④ Exit the Registry Editor, restart the computer, and run IE. You will find the problem solved!

6. the IE shortcut menu is modified.
The registry project to be modified is:
HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt is used to create advertisement information for a webpage, which is displayed in the IE right-click menu!

Solution:

Open the registration editor and find
HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermenuext
Just delete the relevant ad provisions. Be sure not to delete the Download Software FlashGet and Netants. These two are "normal, unless you do not want to see them in the right-click menu of IE.

7. IE default search engine modified

There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website. The reason for this is that the following registry is modified:
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumersearchcustomizesearch
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumersearchsearchassistant

Solution:

Run the Registry Editor, expand the sub-keys, and set "CustomizeSearch" and "SearchAssis
Change the tant key value to the URL of a search engine.

8. A dialog box is displayed when the system is started.
The modified registry project is:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon

The strings "LegalNoticeCaption" and "LegalNoticeText" are created under them, where "L
EgalNoticeCaption is the title of the prompt box, and "LegalNoticeText" is the text content of the prompt box. By
So that every time we log on to the Windwos desktop, a prompt window will appear, showing
Page advertisement information! You see, how annoying!

Solution:

Open Registry Editor and find
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon
This primary key, and then find "LegalNoticeCaption" and "LegalNoticeTex" in the right window.
T ". Deleting these two strings can solve the problem of prompt boxes during login.

9. browsing the Web page registry is disabled

This is because the Registry
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
The DWORD Value "DisableRegistryTools" under is changed to "1" and its key value is restored to"
0 "to restore the use of the registry.

Solution

Use the Notepad program to create a file suffixed with REG, and copy the following content to it:
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem
] "DisableRegistryTools" = dword: 00000000

10. the Start menu of the browser page is modified.
This is one of the most "cruel", making viewers feel inferior to dead. After browsing
The symptoms also have the following miserable experiences:

1) Disable "Shut down the system"

2) Disable "running"

3) "deregister" is prohibited"

4) Hide drive C-your drive C cannot be found!

5) forbidden to use Registry Editor regedit

6) prohibit the use of DOS Programs

7) Make the system unable to enter the "real mode"

8) prohibit any program from running.

For specific causes and solutions, please refer to this article in the topic "Browsing Web Registry Modification fans and Solutions" in the security path of enterprise e of Skynet.

The above is a common phenomenon of modifying the viewer's registry. When I browsed the webpage today, I accidentally came to
My website has encountered the following problems:

11. The shortcut menu in IE is invalid.
After browsing the Web page, the right-click in IE becomes invalid. Right-click does not respond!