How to remove webpage viruses from malicious websites

Yesterday, some people in the company said that their computer had a webpage virus. She wanted to install a netassistant to fix the browser, but found that none of the netassistants could be installed. I went to the site and detected that the computer operating system was Win2000 and the browser homepage was set to www.17777.com.
The computer is installed with the Norton 8.1 Enterprise Edition, which does not respond to viruses. Then Uninstall Norton, Install McAfee 8.0i Enterprise Edition (the company has a McAfee server), and upgrade it to the latest virus database. After restart, there is a virus alarm message, prompting C: \ winnt \ ass_hook.dll is a BackDoor-AWQ. B .dll.gen virus, but cannot be purged or moved. Search for the c: \ WINNT directory, but the ass_hook.dll file cannot be found. Search the Internet for information about the virus and find that there is very little information. It is estimated that it may be a new virus or a new variant virus.
No virus was detected when McAfee was used to completely eliminate viruses. Then, use the rising registry Repair Tool to fix the browser, restart the computer, and find and delete the c: \ winnt \ ass_hook.dll file in DOS mode. After the restart, McAfee still reports the virus information of the ass_hook.dll file, and the browser is modified. Use the rising registry Repair Tool to repair the browser. After a while, we found that within one minute, the browser will be modified again, indicating that there is still a virus background. Program Running.
Open the task manager, no suspicious programs are found, start the startup Item (msconfig), and there is no suspicious startup Item. After the restart, I found that there was an iexplore.exe process in the Task Manager process. This is the process of IE browser. However, I did not open ie after the restart. I suspect it was a virus control. IE browser secretly downloaded the virus program from the Internet. The computer is connected to the Internet when it is started, so I disabled the NIC used for accessing the Internet. Restart the browser and delete the c: \ winnt \ ass_hook.dll file under DOS, and then enter Win2000. As a result, McAfee no longer reports the virus information of the ass_hook.dll file. The strange thing is that the homepage of IE browser is changed to www.17777.com, and it is still changed back after the fix, which indicates that there may be another background virus program.
McAfee has no response to the virus background program, so I have to let Kaspersky out. I installed Kaspersky v3.5 Swiss green version on my computer, and did not enable real-time monitoring (otherwise it would conflict with McAfee's real-time monitoring). Then I upgraded Kaspersky's virus database. Then I used Kaspersky to perform a full scan, first scanning c: \ winnt \ system32 \ usign. DLL file, prompting it to be a virus of the win32.startpage type, but it is locked by other processes and cannot be cleared. So I installed the unlocker handler process to use it. I installed the assumer.exe process in the task manager and used Kaspersky to kill viruses. DLL file (in fact, Kaspersky will change the name of a virus file that cannot be cleared after the computer restarts, so that the virus will not attack ). Kaspersky then killed multiple virus programs named uninstall.exe in the C: \ winnt \ Downloaded Program Files directory and c: \ Documents and Settings \ USERNAME \ Local Settings \ Temporary Internet filesdirectory. They are also viruses of the win32.startpage type, it is estimated that it is used to generate usign. DLL and ass_hook.dll. I also opened the Registry Editor to search for key values containing "usign. dll" and delete or modify them.
After the virus is killed, use the rising registry Repair Tool again to repair the browser and restart the computer.
Based on the above anti-virus experience, it is summarized as follows:
1. McAfee's anti-virus and anti-virus capabilities are limited. You must trust Kaspersky at a critical moment.
2. Because you have learned about the location of the virus file, you can manually clear it. First, clear the Temporary Internet license file in windows, then enter the system (disconnect the network), use the rising registry Repair Tool to repair IE browser, and then open the Registry Editor, there will be "usign. delete or modify the key value of the DLL content. Then restart the computer, and the system will return to normal.
3. If you do not manually clear the file, you can use Kaspersky Anti-Virus, then use the rising registry Repair Tool to repair IE browser, and then manually clear the key value containing usign. dll in the registry.
4、analyze the registration process. The individual determines that the virus is a modified registration table, and the assumer.exe process calls usign. DLL file to automatically modify IE browser settings, so that anti-virus software is killing usign. when a DLL file is called by a normal system process, anti-virus software cannot end the system process, so anti-virus software cannot kill it. If the virus is a separate program file, the antivirus software can attack the virus. The virus is more tricky.