Internet Explorer anti-Black Policy

Recently, surfing the Internet often encounters an unpleasant thing, that is, browsing some websites ?? Mostly personal homepage ?? Then, the title bar of IE browser is tampered with, for example, "welcome to visit ...... Website, the start page of IE, and the home page are also set as the URLs of those websites. In addition, the names of those websites are added to the visitor's ie right-click menu. These websites are all about modifying the corresponding key values in the browser's registry by embedding the Javascript script language in the webpage to promote their own websites, which makes these "web worms" annoying. So how can we restore IE's "true? Let's "break them all ".

Tampered ie title bar

Symptom: The title bar above the IE browser is changed to "welcome to visit ...... Website "style, which is the most common means of tampering, with a large number of victims.

Subkeys involved:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ window title
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ window title

Note: The key values of the two "window title" subkeys are the titles in the IE title bar.

Solution: run the registration table editor regedit.exe, expand the two subkeys, and change the key values of these two subkeys to Microsoft Internet Explorer (default IE ), alternatively, you can change the key value to a title that reflects your personality like "My dedicated Browser" and re-run IE to see the effect. How is it? Do you feel very cordial?

Tampered with IE start page

Symptom: the IE start page is the page that will be automatically opened when IE is run. That is to say, the start page is changed to the URL of the tampered website.

Subkeys involved:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ Start page

Note: The key value of this subkey is the URL of the IE start page.

Solution: run the Registry Editor, expand the sub-key, and change the key value of the "start page" sub-key to a URL. If you do not want IE to automatically open a webpage, you can set the IE start page to a blank page to change the key value of the "start page" subkey to "about ?? Then run ie again to see the effect. In fact, you can also change the start page of IE by setting the options of IE. set it to "tools/Internet Options" and enter the start page on the "Homepage.

Special Example: When the start page of IE is changed to some Web sites, even if you have modified it through the option settings, it will become their Web site again after restart, which is very difficult. They actually added a self-run to your machine.ProgramIt will set your IE start page as their website when the system starts.

Solution: run the registration table editor regedit.exe, expand the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ current version \ runmaster key, delete the registry.exe sub-key, and then delete the self-running program c: \ Program Files \ registry.exe, finally, you can reset the start page from the IE option.

Tamper with the begin page of the IE start page

Symptom: Some IE has been changed to the start page, and even if "use history page" is set, it still does not work because the history page on the IE start page is also tampered.

Subkeys involved:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ main \ default_page_url

Note: The key value of this subkey is the homepage page of the start page.

Solution: run the Registry Editor, expand the sub-keys, and change the modified URLs in the default_page_ur sub-keys, or set them to the default values of IE.

Tampered with IE's default search engine

Symptom: There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website.

Subkeys involved:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ customizesearch
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ searchassistant

Solution: Run registry editor, expand the sub-keys, and change the key values of customizesearch and searchassistant to the URL of a search engine.

 

Modify ie context menu

Symptom: When you right-click a webpage and choose "welcome to visit..." in the pop-up menu ...... What will happen to you? Is there a feeling of evil?

Subkeys involved:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext \ welcome to visit ...... Website
Note: The "menuext" primary key is the control primary key of the IE extension menu item. If you have installed the Internet Express or network ant, under this sub-key, you can see the sub-key "use the Internet Express download.

Solution: Run registry editor and open the above primary key. Under the "menuext" primary key, there will be "welcome to visit ...... Delete the primary key of similar content on the website. before deleting the content, you can expand the primary key and see that there is a link to open the subkey of an HTML file, check the file path and delete the file according to the path. (Note that this HTML file is set to a hidden attribute, select "View/Folder Options/view page/display all files" from the menu to view it !). In this way, it is completely clear, is there a feeling of relief? Haha!

Tampered with IE's default search engine

Symptom: There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website.

Subkeys involved:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ customizesearch
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ Search \ searchassistant

Solution: Run registry editor, expand the sub-keys, and change the key values of customizesearch and searchassistant to the URL of a search engine.

Modify ie context menu

Symptom: When you right-click a webpage and choose "welcome to visit..." in the pop-up menu ...... What will happen to you? Is there a feeling of evil?

Subkeys involved:
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ menuext \ welcome to visit ...... Website

Note: The "menuext" primary key is the control primary key of the IE extension menu item. If you have installed the Internet Express or network ant, under this sub-key, you can see the sub-key "use the Internet Express download.

Solution: Run registry editor and open the above primary key. Under the "menuext" primary key, there will be "welcome to visit ...... Delete the primary key of similar content on the website. before deleting the content, you can expand the primary key and see that there is a link to open the subkey of an HTML file, check the file path and delete the file according to the path. (Note that this HTML file is set to a hidden attribute, select "View/Folder Options/view page/display all files" from the menu to view it !). In this way, it is completely clear, is there a feeling of relief? Haha!

A dialog box is displayed when the system is started.

Symptom: when the system is turned on, the recommended Website "Welcome to http: // www…" will pop up ......" Style window. After entering the system, the IE browser is automatically opened, and the default homepage is automatically accessed ...... And cannot be changed.

Subkeys involved:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Winlogon \ legalnoticecaption
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \
Winlogon \ legalnoticetext

Note: In fact, this primary key is not related to IE, but is a control item in the Windows logon prompt dialog box.

Solution: run the Registry Editor, expand the preceding primary key, and delete the "legalnoticecaption" and "legalnoticetext" primary keys.

Summary The Sub-keys and recovery methods involved in several tampering methods are described above, however, some of the sub-keys involved in website tampering and the paths for placing self-starting programs may be different, or there may be new tampering techniques. What should I do? It doesn't matter. We have another offer, which can be retained. When you do not know which sub-keys they have modified the registry, you can "see the essence of phenomena", enter the Registry Editor, and press the "F3" key to open "Search ", the search content is the website name or website address that tampered with the website. After finding it, You can delete or modify the corresponding key value, and then press "F3" to "find the next ", do not stop until they are cleared. If you have set a self-running program or a file link, you need to follow the path of the file to make it faster!

Of course, the most fundamental approach to governance is that those "Prawn" friends who make web pages can find their conscience as soon as possible and make these little "cainiao" feel more secure when surfing the Internet, otherwise it will become a shocking bird! These are the secrets of the recent "popular" Tampering methods. I hope they will be helpful to you. Please send me a letter to us for further communication.