Spam removal of rogue software

Manual processing of webpage malicious code

1. Clear the page automatically popped up upon each boot

Remember the URL in the address bar and open the Registry Editor (by clicking the "Start" menu, clicking "run", and entering the Regedit command in the "run" box to enter the Registry Editor ), locate:

HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run and
HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/runonce

Next, check whether there is a value item with the URL value under this subitem. If so, delete it and restart the computer. In this way, no webpage pops up during the next boot.

However, the author of malicious code on the Web page is sometimes very tricky. He will have this value in multiple key values in the registry, so that the above method may not completely solve the problem. In this case, you can select "edit"> "Search" in the Options menu of the Registry Editor, and enter the URL that is automatically opened at startup in the "Search" dialog box, click "find next" to delete the value item. In addition, if you are a Windows 98 user, you can enter "msconfig" in the "run" dialog box in the "Start" menu and click "OK, open "System Configuration Utility" and open the "launch" tab to check whether there are any suspicious startup items. If yes, disable them (check the items before the program ), then restart the machine. If you are using Windows NT/2000, you can copy the "System Configuration Utility" under Windows 98 and run it to clear it.

2. the IE title bar is modified.

By default, the application itself provides information about the title bar. However, you can add information to the registry project, some malicious websites use this to succeed: they change the key value under the string value window title to their website name or more advertisement information, to change the title bar of the Browser IE.

Specifically, the modified registry project is:

HKEY_LOCAL_MACHINE/software/Microsoft/Internet Explorer/main/window title

HKEY_CURRENT_USER/software/Microsoft/Internet Explorer/main/window title

Solution:

1) After windows is started, click "start"> "run", type Regedit in the "open" column, and press "OK;

2). Expand the Registry

In HKEY_LOCAL_MACHINE/software/Microsoft/Internet Explorer/Main, find the string value "window title" in the right pane and delete the string value, or change the key value of window title to "IE browser" and your favorite name;

3). Similarly, expand the Registry

HKEY_CURRENT_USER/software/Microsoft/Internet Explorer/main

Then follow the method described in 2.

4). Exit the Registry Editor, restart the computer, and run ie. You will find that your problem has been solved.

[Continued]

3. The default IE connection homepage is modified.

The title bar at the top of IE browser is changed to "welcome to visit ...... Website "style, which is the most common means of tampering, with a large number of victims.

The modified registry project is:

HKEY_LOCAL_MACHINE/software/Microsoft/Internet Explorer/main/start page
HKEY_CURRENT_USER/software/Microsoft/Internet Explorer/main/start page

Modify the key value of "start page" to modify the default homepage connection of Browser IE, for example, browsing the "Wan Hua Gu" will change your IE default connection home page to "http://on888.home.chinaren.com/", even out of their own home page for the purpose of advertising, it seems too domineering, this is also the reason for this kind of webpage dislike.

Solution:

1) After windows is started, click "start"> "run", type Regedit in the "open" column, and press "OK;

2). Expand the Registry
In HKEY_LOCAL_MACHINE/software/Microsoft/Internet Explorer/Main, double-click the string value "start page" in the right pane and change the key value of start page to "about: blank;

3). Similarly, expand the Registry
HKEY_CURRENT_USER/software/Microsoft/Internet Explorer/main
Find the string value "start page" in the right half window, and then follow the method described in 2.

4). Exit Registry Editor and restart the computer. Everything is OK!

Special Example: When the start page of IE is changed to some Web sites, even if you have modified it through the option settings, it will become their Web site again after restart, which is very difficult. In fact, they added a self-running program to your machine, which will set your IE start page as their website at system startup.

Solution: run the registration table editor regedit.exe and expand
HKEY_LOCAL_MACHINE/software/Microsoft/Windows/current version/run

Then, delete the registry.exe sub-key, then delete the self-running program C:/program files/registry.exe, and reset the start page from the IE option.

4. A dialog box is displayed when the system is started.

The modified registry project is:

HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Winlogon

The strings "legalnoticecaption" and "legalnoticetext" are created. "legalnoticecaption" is the title of the prompt box, and "legalnoticetext" is the text content of the prompt box. Because of their existence, every time we log on to the windwos desktop, a prompt window appears to display the advertisement information of those webpages!

Solution:

Open Registry Editor and find

HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Winlogon

This primary key, and then find the "legalnoticecaption" and "legalnoticetext" strings in the right window. Deleting these two strings can solve the problem of prompt boxes during login.