Comments: The IE browser is hijacked. It is often encountered when surfing the Internet. The following method is very useful.
This article aims to solve the problem of IE hijacking. There are many reasons for IE hijacking. The simple reason is that the Registry is changed. The complicated one is virus, Trojan Infection, or driver protection, in the end, you still need to reset the relevant registry. All the operations mentioned in this article have the premise that the virus should be cleared first. On this premise, we can follow the related operations shown in this article to handle the problem.
I. Registry Positioning
Start-run
The Code is as follows:
Cmd/c reg add "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Applets \ Regedit"/v "LastKey"/d "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ desktop \ NameSpace "/f & start regedit.exe
Ii. Standard Display of WINXP System
{1f4de370-d627-11d1-ba4f-00a0c91eedba}
{2017d8fba-ad25-11d0-98a8-0800361b1103}
{645FF040-5081-101B-9F08-00AA002F954E}
{E17d4fc0-5564-11d1-83f2-00a0c90dc849}
Iii. iefix
Start-run
The Code is as follows:
Cmd/k reg delete HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace/f
Cmd/k reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {tags}/ve/t REG_SZ/d "Computer Search Results Folder"/f
Cmd/k reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {d8fba-ad25-11d0-98a8-0800361b1103}/ve/t REG_SZ/f
Cmd/k reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {region}/v "Removal Messagee"/t REG_SZ/d "@ mydocs. dll,-900 "/f
Cmd/k reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {645FF040-5081-101B-9F08-00AA002F954E}/ve/t REG_SZ/d "Recycle Bin"/f
Cmd/k reg add HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {e17d4fc0-5564-11d1-83f2-00a0c90dc849}/ve/t REG_SZ/d "Search Results Folder"/f
Note: in step 2, if redundant CLSID = {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX} is generated, run cmd/k reg delete HKEY_CLASSES_ROOT \ CLSID \ {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXX}/f
4. If the Internet neighbor, my document, or the IE icon changed from the recycle bin, you can run the following command first.
My documents:
The Code is as follows:
Cmd/k reg delete HKEY_CLASSES_ROOT \ CLSID \ {2017d8fba-ad25-11d0-98a8-0800361b1103}/f
My computer:
The Code is as follows:
Cmd/k reg delete HKEY_CLASSES_ROOT \ CLSID \ {20D04FE0-3AEA-1069-A2D8-08002B30309D}/f
Network neighbors:
The Code is as follows:
Cmd/k reg delete HKEY_CLASSES_ROOT \ CLSID \ {208D2C60-3AEA-1069-A2D7-08002B30309D}/f
Recycle Bin:
The Code is as follows:
Cmd/k reg delete HKEY_CLASSES_ROOT \ CLSID \ {645FF040-5081-101B-9F08-00AA002F954E}/f
After completing the preceding operations, double-click the file in the attachment and import it to the Registry.
5. Right-click the standard Internet Explorer icon on the desktop. If the entry is incorrect, perform the following operations:
A) if IE is 6.0, execute the following commands in the "Start-Run" step.
Article 1: CMD/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d}/ve/t reg_sz/f
Article 2: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d}/v InfoTip/t reg_expand_sz/d "@ shdoclc. dll,-881 "/
Article 3: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {region}/v LocalizedString/t reg_expand_sz/d "@ shdoclc. dll,-880"/f
Article 4: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ DefaultIcon/ve/t REG_SZ/d "shdoclc. dll,-190"/f
Article 5: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell/ve/t reg_sz/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ OpenHomePage/ve/t reg_sz/d "Open the Home Page
Article 7: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ OpenHomePage \ Command/ve/t reg_expand_sz/d "C: \ Program Files \ Internet Explorer \ ipolice.exe "/f
Article 8: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ ShellFolder/ve/t reg_sz/f
Article 9: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ ShellFolder/v Attributes/t reg_dword/d 36/f
B) If IE is 7.0 or 8.0, execute the following commands in sequence.
Article 1: CMD/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d}/ve/t reg_sz/f
Article 2: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ DefaultIcon/ve/t reg_sz/d "C: \ WINDOWS \ system32 \ ieframe. dll,-190 "/f
Article 3: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {region} \ InProcServer32/ve/t reg_sz/d "C: \ WINDOWS \ system32 \ ieframe. dll"/f
Article 4: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ InProcServer32/v ThreadingModel/t reg_sz/d "Apartment"/f
Article 5: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ NoAddOns/ve/t reg_sz/d "Start Without Add-ons"/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ NoAddOns/v LegacyDisable/t reg_sz/f
Article 7: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ NoAddOns \ Command/ve/t reg_sz/d "\" C: \ Program Files \ Internet Explorer \ iexplore.exe \ "-extoff"/f
Article 8: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ OpenHomePage/ve/t reg_sz/d "Open & Home Page"/f
Article 9: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ OpenHomePage/v LegacyDisable/t reg_sz/f
Article 10: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {region} \ shell \ OpenHomePage/v MUIVerb/t reg_sz/d "@ shdoclc. dll,-10241"/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ shell \ OpenHomePage \ Command/ve/t reg_sz/d "\" C: \ Program Files \ Internet Explorer \ ipolice.exe \ ""/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ Shellex/ve/t reg_sz/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ Shellex \ ContextMenuHandlers/ve/t reg_sz/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {secret} \ Shellex \ ContextMenuHandlers \ ieframe/ve/t reg_sz/d "{secret}"/f
Article 6: cmd/k reg add HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ Shellex \ maychangedefamenu menu/ve/t reg_sz/f
6. No Internet Explorer icon on the desktop
Execute the following commands in sequence:
The first command
The Code is as follows:
Cmd/k reg delete "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/v NoInternetIcon/f
Second command
The Code is as follows:
Cmd/k reg delete "HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer"/v NoInternetIcon/f
Article 3
The Code is as follows:
Cmd/k reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ hidemo-topicons \ NewStartPanel"/v {871c5316-42a0-1069-a2ea-08002b30309d}/d 00000000/t REG_DWORD/f
Article 4 commands
The Code is as follows:
Cmd/k reg add "HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ hidemo-topicons \ ClassicStartMenu"/v {871c5316-42a0-1069-a2ea-08002b30309d}/d 00000000/t REG_DWORD/f
Fifth Command
The Code is as follows:
Cmd/k reg add "HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ CLSID \ {region} \ ShellFolder"/v Attributes/d 00000000/t REG_DWORD/f
Article 6
The Code is as follows:
Cmd/k reg add "HKEY_CLASSES_ROOT \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ ShellFolder"/v Attributes/d 36/t REG_DWORD/f
Reload explorer.exe
The Code is as follows:
Cmd/c taskkill/f/im assumer.exe & start explorer
7. After the preceding operations are performed, the IE icon on the desktop is changed to another icon (the function is normal), and the subordinate commands are executed.
Article 1: cmd/k reg delete HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Explorer Bars/f
Article 2: cmd/k reg delete HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Explorer \ CLSID \ {871c5316-42a0-1069-a2ea-08002b30309d} \ DefaultIcon/f
8. desktop display (such as my documents, recycle bin, or network neighbors)
After performing the preceding operations, right-click the blank area on the desktop and select my documents, my computer, and my network neighbors from the custom desktop, you can run the following command:
The Code is as follows:
Cmd/k reg delete HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {1f4de370-d627-11d1-ba4f-00a0c91eedba}/ve/t reg_sz/d "Computer Search Results Folder"/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {d8fba-ad25-11d0-98a8-0800361b1103}/ve/t reg_sz/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {d8fba-ad25-11d0-98a8-0800361b1103}/v "Removal Message"/t reg_sz/d "@ mydocs. dll,-900 "/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {645FF040-5081-101B-9F08-00AA002F954E}/ve/t reg_sz/d "Recycle Bin"/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {e17d4fc0-5564-11d1-83f2-00a0c90dc849}/ve/t reg_sz/d "Search Results Folder"/f
Cmd/k reg delete HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {1f4de370-d627-11d1-ba4f-00a0c91eedba}/ve/t reg_sz/d "Computer Search Results Folder"/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {d8fba-ad25-11d0-98a8-0800361b1103}/ve/t reg_sz/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {d8fba-ad25-11d0-98a8-0800361b1103}/v "Removal Message"/t reg_sz/d "@ mydocs. dll,-900 "/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {645FF040-5081-101B-9F08-00AA002F954E}/ve/t reg_sz/d "Recycle Bin"/f
Cmd/k reg add HKLM \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ Desktop \ NameSpace \ {e17d4fc0-5564-11d1-83f2-00a0c90dc849}/ve/t reg_sz/d "Search Results Folder"/f
Note the following when executing the preceding command:
For the reg delete command, if the system cannot find the specified registry key or value after execution, it is counted. You can execute the following command. If the returned prompt is: if the operation fails, the registry key has permissions. You can enter the registry, modify the permissions, and then execute the command. If reg add returns an operation failure, you can open the registry, modify the permissions of the registry key, and then execute the command.
Flowers on the other side of the author
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
