The final solution to the rising navigation Hao.rising.cn/?tn=6192548188_hao

Recently this page is particularly rampant, a lot of people have been recruited, my broken computer on the WIN8 is no exception. At first thought is rising dry, so the rising of all things are unloaded, while deleting all the registry with rising words, unloading all with rising drive, boot start all have seen, Chrome first uninstall and then download from the official website, clean up all the plugins ... But the strange thing is, this ghost webpage still pops up on my chrome every now and then, using FINDSTR computer to search the string without fruit (only in chrome.sync), when using Wireshark or fiddler to grab the bag, it is special "good" does not come out, The software will pop up immediately after you turn off the clutch. At that time, the system of the heart has been re-installed.

But there's always a solution: in C:/Program Files (my 64-bit computer is C:/Program files (x86)) There are Gamexbox, Gmbox, MHN, Yunpy, Anote, ZBX, Zmrili ... Anyway, a lot of I have never heard of and have not installed their software, the most abominable is the software is also deleted, a look backstage there is a call "Superapps" service is still in operation, this found the main, quickly put this service with 360 service aborted, and then never popped this page.

So I summed up the solution as follows:

0.regedit Enter the registration form and change the homepage of IE to HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

1. Enter the program Files of the C drive, see the strange lowercase letter named folder to see what is, do not know the online check, if found not their own active installation of some wonderful things, hurry to uninstall or direct shift Delete (of course, pay more attention to screening, Don't delete the wrong person.

2. If a program says it has a service in operation can not be deleted, it must be careful, this is behind the murderer!

On my computer is a service called Superapps services, is a copy of Google's Project services, in fact, some people have previously disclosed, but it seems that we do not pay much attention to: see here

In fact, there is a service, but because the name of the non-concealment has been I turned off, is called Sulang IE Protect Service

They are displayed as "maintain status" in the "360-optimize acceleration-Startup Item-Application startup item", so scanning for viruses is not valid.

But just to turn these services off, the C-disk some of the wonderful software deleted, will never pop up the navigation.

Something I didn't understand.

0. At the beginning of the registration form, IE home page is the ghost site, but I opened IE view settings when it is not, this does not know what the principle

1. Superapps This service originally did not "6", with 360 it stopped after a "6" out, also do not know what the principle

2. Still can't figure out why the network capture software does not eject when it is running

3. Do not understand when to install the garbage, because the operation of the C drive requires administrator privileges (but I seriously suspect that the download of what software was bundled when installed, but I do not know which software is specific)

4. I do not know why, these services can only be turned off by 360, with the task Manager Win8 comes off

Finally, a record of the Rogue Company is attached:

Superapps.dll:Malware

File detailsfile size:124.9 KB (127,856 bytes) Product version:0, 0, 0, 1copyright:copyright (C) legendsoft China ( BEIJING) Technology limitedoriginal file Name:nasvc.dllFile type:dynamic link library (Win32 DLL) Common Path:c:\program Files\superapps\superapps.dll Digital Signature signed by: Lian Soft Shenzhou (Beijing) Technology Co., Ltd. authority:wosign CA limitedvalid from:4/8/201 4 2:02:42 pmvalid to:4/9/2015 2:02:42 pmsubject:cn= United Soft Shenzhou (Beijing) Technology Co., Ltd., [email protected], o= Lian Soft Shenzhou (Beijing) Technology Co., Ltd., l= Beijing, s= Beijing, c= Cnissuer:cn=wosign Class 3 Code Signing CA, o=wosign ca Limited, c=cnserial NUMBER:53F2CA73E6F6B01A69A25848A1B39CA2

The final solution to the rising navigation Hao.rising.cn/?tn=6192548188_hao