How to remove the pop-up webpage after the software is closed

Author: the devil of the world
 
Source: http://26836659.blogcn.com/
 
Master pass.
 
Today I got a software program called "Baidu-related keyword multi-layer crawling". After the software is closed, the author's webpage will pop up. Very annoying.
 
PEID is used to check it.
 



 
The program is written in Microsoft Visual C ++ 6.0.
 
Check that the string has no URL.
 
Next breakpoint
 
Enter "bp ShellExecuteA" and press Enter.
 
 
 
Press "F9" to run the program. Then close the program. (IE pops up only when the program exits .)
 
For example. I tracked down the "hateful" website.
 
 
 
Press alt + F9 to return.
 
 
 
This section is a nasty pop-up code.
 
00476AF0/$68 7C494D00 push 004D497C;/Title = "Microsoft Internet Explorer"
00476AF5 |. 6A 00 push 0; | Class = 0
00476AF7 |. 6A 00 push 0; | hAfterWnd = NULL
00476AF9 |. 6A 00 push 0; | hParent = NULL
00476AFB |. FF15 08D44A00 call dword ptr [<& user32.find1_wex>; \ find1_wexa
00476B01 |. 8B4C24 04 mov ecx, dword ptr [esp + 4]
00476B05 |. 6A 01 push 1;/IsShown = 1
00476B07 |. 6A 00 push 0; | DefDir = NULL
00476B09 |. 6A 00 push 0; | Parameters = NULL
00476B0B |. 51 push ecx; | FileName
00476B0C |. 68 74494D00 push 004D4974; | open
00476B11 |. 50 push eax; | hWnd
00476B12 |. FF15 DCD34A00 call dword ptr [<& SHELL32.ShellExecut>; \ ShellExecuteA
00476B18 \. C2 0400 retn 4
 
 
 
Retain this sentence
 
00476B18 \. C2 0400 retn 4
 
All other code is NOP.
 
Right-click Copy to executable file and save.
 
The pop-up window of the software exit disappears.