Disable Scripting Host to prevent black web page users

There are more and more attacks from the network. Some malicious webpages may exploit security vulnerabilities such as software or system operating platforms, supports automatically executed code programs by executing Java Applet applications, javaScript scripting language programs, and ActiveX software components embedded in the HTML hypertext markup language of a webpage,
Attackers can forcibly modify the registry and system configuration programs of the operating system to illegally control system resources, corrupt data, Format hard disks, and infect Trojans.
At present, there are two types of attacks from web page black hands: one is to modify the IE browser through the edited script program, and the other is to directly damage the Windows system. The former usually modifies the title bar and default homepage of IE browser. There are many articles about this. The following describes how to prevent malicious web pages that damage Windows systems.

Format hard disk with one Black Hand

This is a very dangerous web page. The hacker will execute activexparts through ieand use format.comor deltree.exe to format or delete folders on the hard disk. After this type of destruction program is infected, a prompt box appears, prompting: "the current page contains incomplete ActiveX, which may cause harm to you. Are you sure you want to execute it? Yes, no. If you click yes, the hard disk will be quickly formatted, and it will all run in the background, which is hard to detect.

The precaution is to change the name of the local format.comor deltree.exe command. In addition, do not easily answer "yes" for inexplicable prompts ". You can press the [Ctrl + Alt + Del] key combination to stop unconfirmed processes in the "close program" window.

Black Hand 2 depletion of system resources

This kind of Web Page hacker will execute a piece of Java Script code and generate an endless loop, so as to continuously consume local system resources, and finally cause the system to crash. They will appear in attachments to some malicious websites or emails. As long as you open the Attachment Program, there will be countless IE Windows on the screen, and only restart the computer.

Prevent: do not easily access websites you do not know, or open attachments in E-mail from strangers, for example, the extension is VBS, HTML, HTM, DOC, and EXE files.

The third operator illegally reads the file.

This type of hacker reads local files by calling ActiveX, JavaScript, and WebBrowser control. It can also use browser vulnerabilities to read local files. To avoid such attacks, it can disable the JavaScript function of the browser.

Black Hand 4 get control permissions

This type of hacker will occur when executing Actives using IE. Although IE provides the prompt function for "Download Signed ActiveX control", malicious attack code will bypass IE, download and execute ActiveX control programs without prompting, and then a malicious attacker will gain control of the system. To shield these black hands, open the Registry Editor and expand the following branch:

The solution is to create a CLSID-based key value {rjb6015c} for Active Setup controls under the HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet assumeractivex Compatibility of the Registry branch, and then create a regi_dword-type key Compatibility under, set the key value to 0x00000400.

All kinds of attacks from the Internet must be prevented while raising awareness of the attack.

1. Set the security level

In view of the fact that many attacks are carried out by malicious scripts, the level of IE can be improved. Run the "tools/Internet Options" command in IE, select the "Security" tab, select "Internet", and click the [Custom Level] button. In the "Security Settings" dialog box, select "Disable" for all options in "ActiveX Control and plug-in" and "script", and set the security level to "high ". Note that if you select "Disable", some websites that require ActiveX and script may not be displayed normally.

2. filter the specified webpage

For some webpages that contain malicious code, you can block them, execute the "tools/Internet Options" command, select the content tab, and click the [Enable] button in "hierarchical review, open the "grading Review" dialog box, select the "site license" tab, enter the URL to be blocked, click [never], and then click [OK. 3. Uninstall or upgrade WSH

Some viruses and worms compiled using VBScript, such as "I LOVE YOU" and "Newlove", contain an attachment suffixed with VBS. After opening the attachment, the user will be infected. These viruses use Windows built-in Windows Scripting Host (WSH) to start and run. That is to say, if WSH is disabled, the virus hidden in the VB script cannot be activated.

Disable WSH in Windows 98, open the "Add/Delete" program, select "Windows Settings/attachments", and click "details" to cancel the "Windows Scripting Host" option, click [OK.

To disable WSH in Windows 2000, double-click the "my computer" icon, run the "tools/Folder Options" command, and select the "file type" tab, find the "VBS VBScript Script File" option, click the [delete] button, and then click [OK.

In addition, WSH 5.6 can be upgraded, and IE browsers can be modified by malicious scripts, because WSH in earlier versions of IE 5.5 allows attackers to use the Getobject function in JavaScript and htmlfilr ActiveX object to read the viewer's registry, you can download the latest wshshsdk at http://www.microsoft.com.

4. Disable Remote Registry Service

In Windows 2000/XP, you can click "Control Panel/management tools/services" and Right-click "Remote Registry ", then, select the "properties" command in the pop-up shortcut and click the [Stop] button on the "General" tab to block some malicious script code.

5. Install firewall and anti-virus software

Installing firewall and anti-virus software can intercept some malicious code programs, such as installing the anti-virus software.