Anti-virus: four tips: remove the Trojans on the IE blank page

Source: Internet
Author: User


Today, due to IE hijacking, it is common to modify the default browsing page. Therefore, it is no stranger to everyone. In addition, the restoration method can be reversed: you only need to reset the IE homepage, you can change the default browser page. However, when I set the IE homepage to a blank page after being hijacked, I open the IE browser. Although I browsed a blank page at first, I will automatically jump to the modified page after a moment. So after some painstaking research, I finally found the trojan in the blank web page.
I. One thief shouted to catch the thief, in order to pass through the temptation

When IE is maliciously modified, I believe that the first operation will be the same as the author, and the IE homepage will be restored to a trusted page or other security Homepage addresses. Although this method is usually useful, after I modify it today, it will still force a malicious website, in addition, an additional tool bar named "Security Tooolbar" will be added to the IE Toolbar. The tool bar below will occasionally prompt users with false information about vulnerabilities in the system so that they do not understand computers, after being threatened by a vulnerability, follow the prompts provided to go to the English detection interface of the disguised scan Trojan.

Next, it will prompt you how many malware and Trojans exist in your system. In fact, these malware are loaded by the program itself. However, if you want to use the software for cleanup, you still need to spend money to register as an authenticated Member of the software before you can use the features of the software. This is obviously a bit of a "click on the bar, it's really shameless.



By default, the "Basic status" label is used. At this time, it will automatically detect four malicious plug-ins in the system, to perform detailed checks and cleanup on the malicious plug-in. We also need to switch the label to the "clean up evaluation and system plug-ins" label, and then click the "Start scan" button in its editing area. Wait a moment and you will be able to see information about malicious plug-ins in the system (2 ).


Select the check box before the detected "rogue software" and click the "clean now" button to delete it.

After the operation is complete, in the "All plug-ins" column on the left, click the "Other plug-ins" tab. Then you will find several plug-ins named unknown, which is undoubtedly a rogue plug-in. After selecting all the check boxes in front of them in turn, I click the "clean now" button, but a rogue plug-in cannot be deleted. In exchange for tools such as rising Kaka and Super Rabbit, the plug-in still cannot be deleted, and some of them cannot even detect the existence of the plug-in.

3. Further remove the Vulnerability
I thought that the remaining part of the code would not work. However, when I changed the IE homepage to a blank page and opened the browser again, the address will still jump to other pages. In the absence of tools, I can only open the "Windows Task Manager" dialog box and switch to the "process" tab to discover several strange process names, it seems that I have never installed such a program, and it is very likely that these processes protect the rogue software from being cleared.



Click the end selected process button in the lower-right corner to end the selected process. However, if it is not complete, return to the "commonly used"> "Clean up the evaluation software and system plug-ins" option, and then scan the rogue plug-ins again and clear them.

Next, open ie again. At this time, the blank page does not jump to any other page as before. Here we will think that the Trojan has been completed. Otherwise, when you restart the computer and open ie again, the accessed page may not be a blank page. The reason is that the rogue process reloads and runs again, therefore, we also need to clear startup projects and files of rogue software to eliminate "malicious lurks" on the blank pages ".

Open the Registry Editor and expand the components on the left to the HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorerRun project. Then, you will find the names of the two keys user32.dll and rare, these two values are the key values used by the rogue plug-in, so we must delete them here. After the operation, go to the C: program Filesimage activex access folder on my computer and delete all the latent rogue files in the folder. Of course, it is not excluded that some files cannot be deleted because they are protected. Therefore, we can install the "UnlockerV1.85" tool, right-click the file that cannot be deleted, and select the "Unlocker" command, in the displayed dialog box, select "delete" to delete rogue files (4 ).


Tip: Unlocker is a free right-click extension tool. After installation, it can be integrated into the right-click operation. When a user finds that a file or directory cannot be deleted, as long as you press "Unlocker" in the right-click, the program will immediately show which programs occupy the directory or file, then, you only need to press "Unlock" in the pop-up window to unhide your file.

4. Fixed the blank page items in the registry.
As the title suggests, open the Registry Editor, expand the components on the left to the HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumerabouturls key value, double-click the project name on the right, and in the edit string dialog box that appears, query whether the value data in the data is the default res: // mshtml. dll/blank.htm (5 ),

If not, restore it to the default address. In addition, several key values also need to be modified:

Export topitemnavigationfailure = res: // shdoclc. dll/navcancl.htm
Navigationfailure = res: // shdoclc. dll/navcancl.htm
Offlineinformation = res: // shdoclc. dll/offcancl.htm
Navigationcanceled = res: // shdoclc. dll/navcancl.htm
Home = dword: 0000010e
Postnotcached = res: // mshtml. dll/repost.htm


After the preceding modification, restart the computer to make the settings take effect. Then, open ie again, and the blank pages you browse will not be as before, uncontrolled automatic jump to other malicious pages.

 


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.