Recently, many users have reported that the IE8 homepage has been maliciously tampered with and cannot be fixed using the registry or third-party security tools.
To solve this problem, the author traces and analyzes one of the email request recipients. According to the analysis results, many users may be unable to modify the IE homepage after a downloaded game or software is installed, the specific cause is that the Start Page under HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main cannot be changed. Therefore, security auxiliary tools such as 360 security guard can only detect that the IE homepage has been tampered with but cannot be repaired. In this case, the IE homepage is tampered with as www. Qq5. Com ).
The author found that an error is reported if you try to modify the Start Page key value, which indicates that the Registry Key Permission may be maliciously changed. We use the Registry Editor to view the permissions of the Main key. As a result, there is only one Everyone group and only the read permission. The permission to view other front and back keys inherits the normal permission of the Internet Explorer key. As shown in:
This clearly states that the permission of the mainkey is limited to download the game software installation package and the system regini.exe's no. 8 command-World Read Access is executed during the installation process. Therefore, the Main key value is Read-only and no user has the right to modify it. In this example, regini.exe is a utility that comes with the system to specify registry project permissions. It only provides the command line version. In this case, it is completely exploited by malware or advertising software. By specifying the permission of the Main item as "World Read Access", you only want to achieve the purpose of not allowing users to change the Start Page key value.