Malicious web page registry BackDoor-19 full guide to registry use

Malicious web page registry BackDoor-19 full guide to registry use

The browser is stubborn, and the registry is successfully modified. After restarting, It is restored to the modified state.

It is mainly to leave a backdoor after the registry is modified, so that you can successfully modify the Registry. After the registry is restarted, It is restored to the modified status. This is mainly because a backdoor is left in the startup Item. You can open the Registry

Hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
Hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ runonce
Hkcu \ Software \ Microsoft \ Windows \ CurrentVersion \ runservices
Hkcu \ Software \ Microsoft \ Windows \ currentversionrun-

Delete the registry.exe sub-key, and then delete the self-runningProgramC: \ Program Files \ registry.exe

2. The following is an important reminder: Check if there are other suspicious startup projects, which of the following are ignored at most?

The key value in the startup item has the suffix ".hml" and" .htm ". It is best to remove them, and the suffix". vbs "is also available.

There is also a very important one. If there is such a startup Item, there will be something similar to the key value, such:

The system key value is Regedit-s c: \ WINDOWS ...... Please note that this Regedit-S is a backdoor parameter of the Registry.

Number, which is used to import to the Registry. This option must be removed.

Another type of modification will generate a. vbs suffix file or a. dll file in c: \ windows \.

C: \ windows \ win. ini file. Check load =, run =. The two options should be empty. If there are other

Sequentially modify the load =, run =, And will delete the program after =. before deleting the program, check the path and file name. After deleting the program, go

Delete the corresponding file under System

Another method is to search all. vbs files in drive C if you modify the file repeatedly and restart the file and restore the file.

There is a hidden one. Use the notebook to open it. You can see that all the information on the registry is deleted or the suffix is changed for the sake of insurance.

You can search for files based on the virus time of a malicious webpage,

The following vulnerability deserves your attention. When you start IE, the advertisement in the tool menu on the main interface of IE must be

This will start when you start IE, so do not try to open the IE window after you finish modifying the other items.

Otherwise, it will be a waste of effort. Method: Open the Registry

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ extensions delete an advertisement.

An important issue is that you must first clear all temporary ie files after the trap of malicious web pages. Remember

(Source: Hotspot Network)