Home > Others

Malicious Web page Registry backdoor-use of the full introduction of the registration form 19 _ Registry

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Malicious Web page Registry backdoor-use of the full introduction of the Registry 19


Browser stubborn, modify the registry successfully, reboot and revert to the modified state



The main is to modify the registry after leaving the back door, so that you modify the registry appears to be successful, reboot and revert to the modified state. This is mainly in the boot to leave a backdoor, you can open the registry to

Hkcu\software\microsoft\windows\currentversion\run
Hkcu\software\microsoft\windows\currentversion\runonce
Hkcu\software\microsoft\windows\currentversion\runservices
hkcu\software\microsoft\windows\currentversionrun-

Delete the Registry.exe subkey below it, and then remove the C:\Program from the running program Files\registry.exe


2, the following is an important tip: to see if there are other suspicious startup items, this point most friends ignore, which start suspicious?

The key value appears in the Startup key. Hml and. htm suffixes, preferably removed, and with a. vbs suffix.

There is also a very important, if there is a startup item, there are similar key values, such as:

The System Key value is regedit-s c:\windows ... Please note that this regedit-s is a backdoor parameter to the registry

Number, is used to import the registry, so the option must be removed

There is also a type of modification that will generate a. vbs suffix in the c:\windows\ file, or a. dll file, you want to see

C:\Windows\Win.ini file, look at the load=,run=, these two options should be empty after that if there are other threads

Order to modify the load=,run=, will = after the program to delete, delete before looking at the path and file name, deleted after the

System to delete the corresponding file

There is another way, if you repeatedly modify the restart and return to, you can search the C disk all the. vbs files, May

There are hidden, open with Notepad, see inside there are about to modify the registry to delete it or insurance to change the suffix

Off, you can search for files by the time of the virus in the malicious Web page,

The following vulnerability is very noteworthy, in the start IE, ie the main interface of the tool menu ads, must be

Remove, because these will start when you start IE, so you modify the other first don't worry about opening IE window

mouth, otherwise wasted effort, method: Open Registry

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\extensions See the ad on the delete, don't be lenient

A very important problem, in the malicious Web site after the trap must first empty IE all temporary files, remember

(Source: Hotspot Network)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
full form of mime full form of var web registry lookup wordpress the field get the permalink full form of dom full form of spl

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More