Six major hazards of malicious web code and Solutions

Nowadays, network security is attracting more and more attention. Today, when I visited the Software Park in xiaobian, I found a post about malicious code on webpages-six major hazards of malicious code on webpages and their solutions. it will certainly be helpful to everyone. Before viewing the post, let's take a look at what malicious code is.

Webpage malicious code (also known as webpage virus) is a virus that destroys web pages. Some malicious code written in some SCRIPT languages uses the vulnerability of IE to implant viruses. WSH is the technical basis for malicious web code, and its common Chinese name is "Windows Script Host ". When a user logs on to a website containing webpage viruses, the webpage viruses are quietly activated. Once these viruses are activated, some resources of the system can be destroyed.

1. tamper with IE's ghost page

After some IE is changed to the start page, even if the "use history page" is set, it still becomes invalid because the history page of the IE start page is also tampered.

Specifically, the following registry key is modified: HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumermaindefault_page_url Default_Page_URL.

Solution:

Run the Registry Editor, expand the sub-keys, and change the tampered website URLs in the Default_Page_UR sub-keys, or set them to the default values of IE.

Original post link: http://softbbs.it168.com/thread-495683-1-1.html

2. Modify the default homepage of IE browser and lock the settings to prohibit user changes

The following key values set by IE in the Registry are modified (optional when the DWORD value is 1 ):

HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Panel "Settings" = dword: 1

HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Panel "Links" = dword: 1

HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet assumercontrol Panel "SecAddSites" = dword: 1

Solution:

Change the preceding DWORD Value to "0" to restore the function.
3. The default IE homepage is gray and cannot be selected.

This is because the key value of the DWORD Value "homepage" under the Registry hkey_users.defasoftsoftwarepoliciesmicrosoftinternet assumercontrol Panel is modified.

The original key value is "0" and is changed to "1" (that is, gray is not available ).

Solution:

Change the "homepage" key to "0.

Original post link: http://softbbs.it168.com/thread-495683-1-1.html

4. the IE right-click menu is modified.

The modified registry project is: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt. The advertisement information of the newly created webpage is displayed in the IE right-click menu!

Solution:

Open the registration Editor, find HKEY_CURRENT_USERSoftwareMicrosoftInternet assumermenuext, and delete the relevant ad provisions. Be sure not to delete the Download Software FlashGet and Netants, which are "normal, unless you do not want to see them in the right-click menu of IE.
5. IE default search engine modified

There is a search engine tool button in the toolbar of IE browser to implement network search. After being tampered with, you only need to click the search tool button to link to the tampered website. The reason for this is that the following registry is modified:

HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumersearchcustomizesearch

HKEY_LOCAL_MACHINESoftwareMicrosoftInternet assumersearchsearchassistant

Solution:

Run the Registry Editor, expand the sub-keys, and change the key values of "CustomizeSearch" and "SearchAssistant" to the URL of a search engine.

Original post link: html "> http://softbbs.it168.com/thread-495683-1-1.html

6. dialog box popped up during system startup

The modified registry project is:

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon

The strings "LegalNoticeCaption" and "LegalNoticeText" are created. "LegalNoticeCaption" is the title of the prompt box, and "LegalNoticeText" is the text content of the prompt box. Because of their existence, every time we log on to the Windwos desktop, a prompt window appears to display the advertisement information of those webpages!

Solution:

Open Registry Editor and find

HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon

This primary key, and then find the "LegalNoticeCaption" and "LegalNoticeText" strings in the right window. Deleting these two strings can solve the problem of prompt boxes during login.

Original post link: http://softbbs.it168.com/thread-495683-1-1.html