12 types of malicious web page Registry Modification
Recently, when users browse webpages, the Registry is modified. By default, ie connects the homepage, title bar, and IE shortcut menu to the address when Browsing webpages (mostly advertising information ), what's more, when the browser's computer is started, a prompt window is displayed to display its own advertisement, which is becoming increasingly popular. What should we do in this situation?
1. Reasons for Registry Modification and Solutions
In fact, this malicious webpage is harmful. Code ActiveX web page file. The advertisement information is displayed because the browser's registry is maliciously changed.
1. The default Internet Explorer homepage is modified.
The title bar at the top of IE browser is changed to "welcome to visit ...... Website "style, which is the most common means of tampering, with a large number of victims.
The modified registry project is:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ Start page
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ Start page
Modify the key value of "start page" to modify the default homepage connection of Browser IE, for example, browsing "Wan Hua Gu" will change your IE default connection home page to "http://on888.home.chinaren.com", even out of their own home page for advertising purposes, it seems too domineering, this is also the reason for this kind of webpage dislike.
Solution:
① After windows is started, click the "Start"> "run" menu item, type Regedit in the "open" column, and press the "OK" key;
② Expand the Registry
Under HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main, double-click the string value "start page" in the right pane and change the key value of start page to "about: blank;
③ Similarly, expand the Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main
In the right half window, find the string value "start page" and process it as described in section ②.
④ Exit the Registry Editor and restart the computer. Everything is OK!
Special Example: When the start page of IE is changed to some Web sites, even if you have modified it through the option settings, it will become their Web site again after restart, which is very difficult. They actually added a self-run to your machine. Program It will set your IE start page as their website when the system starts.
Solution: run the registration table editor regedit.exe and expand
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ current version \ Run
The primary key, then delete the registry.exe sub-key, then delete the self-running program c: \ Program Files \ registry.exe, and then reset the start page from the IE option.
2. tampered with IE's ghost page
After some IE is changed to the start page, even if the "use history page" is set, it is still invalid because the history page of the IE start page is also tampered. Specifically, the following registry key is modified:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \
Main \ default_page_url
The key value of the subkey "default_page_url" is the homepage page of the start page.
Solution:
Run the Registry Editor, expand the sub-keys, and change the modified URLs in the default_page_ur sub-keys, or set them to the default values of IE.
3. Modify the default homepage of IE browser, and lock the settings to prevent the user from returning the settings.
The following key values set by IE in the Registry are modified (optional when the DWORD value is 1 ):
[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Settings" = DWORD: 1
[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Links" = DWORD: 1
[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel]
"Secaddsites" = DWORD: 1
Solution:
Change the preceding DWORD Value to "0" to restore the function.
4. The default homepage gray button of IE is not optional.
This is because the Registry HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ Control Panel
The key value of the DWORD Value "Homepage" under is modified. The original key value is "0" and is changed to "1" (that is, gray is not optional ).
Solution:
Change the "Homepage" key to "0.
5. the IE title bar is modified.
By default, the application itself provides information about the title bar. However, you can add information to the registry project, some malicious websites use this to succeed: they change the key value under the string value window title to their website name or more advertisement information, to change the title bar of the Browser IE.
Specifically, the modified registry project is:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ window title
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ window title
Solution:
① After windows is started, click the "Start"> "run" menu item, type Regedit in the "open" column, and press the "OK" key;
② Expand the Registry
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main
Next, find the string value "window title" in the right half of the window, delete the string value, or change the key value of window title to "IE browser" and your favorite name;
③ Similarly, expand the Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main
Then, follow the method described in section ②.
④ Exit the Registry Editor, restart the computer, and run ie. You will find the problem solved!
6. the IE shortcut menu is modified.
The registry project to be modified is:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext
The advertisement information of the newly created webpage is displayed in the IE right-click menu!
Solution:
Open the registration editor and find
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext
Just delete the relevant ad provisions. Be sure not to delete the Download Software flashget and NetAnts. These two are "normal, unless you do not want to see them in the right-click menu of IE.
7. ie default search engine modified
There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website. The reason for this is that the following registry is modified:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ customizesearch
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ searchassistant
Solution:
Run the Registry Editor, expand the sub-keys, and change the key values of "customizesearch" and "searchassistant" to the URL of a search engine.
8. A dialog box is displayed when the system is started.
The modified registry project is:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Winlogon
The strings "legalnoticecaption" and "legalnoticetext" are created. "legalnoticecaption" is the title of the prompt box, and "legalnoticetext" is the text content of the prompt box. Because of their existence, every time we log on to the windwos desktop, a prompt window appears to display the advertisement information of those webpages! You see, how annoying!
Solution:
Open Registry Editor and find
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Winlogon
This primary key, and then find the "legalnoticecaption" and "legalnoticetext" strings in the right window. Deleting these two strings can solve the problem of prompt boxes during login.
9. browsing the Web page registry is disabled
This is because the Registry
The DWORD Value "disableregistrytools" in HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System is changed to "1, the Registry can be restored after the key value is restored to "0.
Solution
Use the Notepad program to create a file suffixed with Reg, and copy the following content to it:
Regedit4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"Disableregistrytools" = DWORD: 00000000
10. the Start menu of the browser page is modified.
This is one of the most "cruel", making viewers feel inferior to dead. After browsing, not only do you have symptoms similar to those mentioned above, but you also have the following miserable experiences:
1) Disable "Shut down the system"
2) Disable "running"
3) "deregister" is prohibited"
4) Hide drive C-your drive C cannot be found!
5) forbidden to use Registry Editor regedit
6) prohibit the use of DOS Programs
7) Make the system unable to enter the "real mode"
8) prohibit any program from running.
For details about the causes and solutions, refer to the topic on the road to enterprise security of Skynet E. Article : Browsing the Web registry was modified and solutions.
The above is a common phenomenon of modifying the viewer's registry. When I browsed the webpage today, I accidentally came to a personal website and encountered a problem that I had never encountered before:
11. The shortcut menu in IE is invalid.
After browsing the Web page, the right-click in IE becomes invalid. Right-click does not respond!
12. Viewing the "source file" menu is disabled
In the IE window, click "View"> "Source File". The "source file" menu is disabled.
I didn't notice these two problems when I browsed the web page, because my friend told me something at the time, so I quit my computer and started connecting my computer to the Internet after dinner, in ie, the right-click is invalid, and the "source file" in the "View" menu is disabled. You cannot view the source file, but it is inconvenient to right-click the source file. You have to find a solution! In the past, my registry was modified on a malicious webpage. The specific location is:
In the Registry
HKEY_CURRENT_USER \ Software \ Policies \ Microsoft \ Internet Explorer
Create the subkey "restrictions", and then create two DWORD values under "restrictions": "noviewsource" and "nobrowsercontextmenu", and assign the two DWORD values to "1 ".
In the Registry
HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions
Change the key values of "noviewsource" and "nobrowsercontextmenu" to "1 ".
By modifying these key values, you can right-click IE and disable the "source file" in the "View" menu. It should be noted that the registry mentioned at is actually equivalent to the branch of the registry mentioned at. Modify the registry key value mentioned at, and the registry key value in changes accordingly.
Solution:
After understanding the truth, it is much easier to solve the problem. The specific solution is to save the following content as a registry file with the suffix Reg, for example, unlock. reg, double-click unlock. reg imports the registry, and you do not need to restart the computer. re-run IE and you will find that the IE function is back to normal.
Regedit4
[HKEY_CURRENT_USER \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions]
"Noviewsource" = DWORD: 00000000
"Nobrowsercontextmenu" = DWORD: 00000000
[HKEY_USERS \. Default \ SOFTWARE \ Policies \ Microsoft \ Internet Explorer \ restrictions]
"Noviewsource" = DWORD: 00000000
"Nobrowsercontextmenu" = DWORD: 00000000
Note that you have compiled the Registry File unlock. in Reg, "regedit4" must be capitalized, and it must be followed by a blank line. There must be no space between "4" and "T" in "regedit4, otherwise, the success will be abandoned! Many of my friends failed to write the Registry file because they did not notice the above content. This time, please pay attention to it. Note that if you are a Win2000 or WINXP user, change "regedit4" to Windows Registry Editor Version 5.00.
Ii. Preventive measures
1. To avoid making moves, do not easily go to websites you do not know. In particular, do not rush to websites that look beautiful and attractive. Otherwise, you will often suffer losses.
2. Because this type of web page contains ActiveX webpage files with harmful code, you can avoid any mistakes by disabling ActiveX plug-ins, controls, java scripts, and so on in iesettings.
Specifically, click "Tools> Internet Options" in the IE window, select the "Security" tab in the pop-up dialog box, and then click "Custom Level, the "Security Settings" dialog box is displayed. Select "Disable" for all ActiveX plug-ins, controls, and Java-related items. However, in the future, Web browsing may cause some websites that normally use ActiveX to be unable to browse. Alas, there are advantages and disadvantages. you can do it yourself.
3. For Windows 98 users, Open c: \ windows \ Java \ packages \ cvlv1nbb. Zip and delete "activexcomponent. Class". For Windows ME users, open
C: \ windows \ Java \ packages \ 5nzvfpf1. Zip, delete "activexcomponent. Class. Please rest assured that deleting this component will not affect your normal Webpage Browsing.
4. for all users, it is recommended to install the Norton Antivirus 2002 v8.0 antivirus software. The software has defined the code for modifying the Registry through ie as Trojan. offensive, added the script blocking function, which monitors and intercepts such pranks.
5. Since such webpages damage our system by modifying the registry, we can lock the Registry in advance to prohibit the modification of the Registry, so as to prevent it. What should I do if I want to use the registration table editor regedit.exe? Therefore, we need to prepare a "key" in advance to open this "Lock "!
The locking method is as follows:
(1.exe run the registration table editor regedit.exe;
(2) Expand the Registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
.
The unlock method is as follows:
Use NotePad to edit a. reg file with any name, such as unlock. Reg. The content is as follows:
Regedit4
[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System]
"Disableregistrytools" = DWORD: 00000000
Save the disk, and you have an unlocked key! To use the Registry Editor, double-click unlock. Reg. Note that if you are a Win2000 or WINXP user, write "regedit4" as Windows Registry Editor Version 5.00.
6. For Win2000 users, you can also disable the Remote Registry Service in the service under win2000 to deal with such web pages. To disable this option, click "Administrative Tools> services> Remote Registry Service (Allow Remote registry operation.
7. If you think it is too dangerous to manually modify the registry, you can download the following reg file and double-click it to restore the modified registry.
8. Although the title and default homepage have been modified after some hard work, it will be troublesome to enter the site accidentally. In fact, you can make some settings in IE to never enter the site:
Open IE, click "Tools"> "Internet Options"> "content"> "hierarchical Review", and click "enable" to bring up the "hierarchical Review" dialog box, click the "site license" tab and enter the website you do not want to visit, as shown in:
Http://on888.home.chinaren.com, press the "never" button, and then click "OK" is done!
9. Upgrade your IE to version 6.0 to effectively prevent the above symptoms.
10. download microsoft's latest Microsoft Windows Script 5.6 to prevent the above-mentioned phenomenon and prevent the popular and hateful pop-up bomb.