To fight WMI.

In fact, with WMI do not know, initially because of a software station this evening accidentally downloaded a so-called Green software, Firefox was hijacked home to 360 online navigation, the problem itself is not terrible, it is important to solve the process,

So I followed the normal sequence of troubleshooting questions:

1. First open the About:config tab in Firefox, and then see Browser.startup.homepage==about:home, which shows that the internal configuration of Firefox software has not been changed.

2. Is it possible that he has installed a plugin for me? With a skeptical attitude I went into Firefox safe mode to view About:addons found and nothing suspicious plugin was installed.

3. Then the problem falls on the program startup parameters, and sure enough in the desktop and taskbar on the Firefox icon is added to the suffix, but in the task bar to modify the shortcut prompt without permission to modify, then immediately find C:\Users\username\ Appdata\roaming\microsoft\internet Explorer\Quick Launch\user Pinned\taskbar will be hidden in the Firefox shortcut deleted, re-create the shortcut pinned to the taskbar to get it done ~

4. If you see here that it is so easy, then you are wrong; Use the shortcut on the taskbar to open still jump to the first page 360 Internet navigation, right-click on the properties of the shortcut is added to the suffix parameter ...

5. Is there a Trojan horse process running using hooks to trigger an event that joins a suffix when I add a shortcut to the taskbar? I pull up the task manager, all the suspicious processes and services are closed, still do not solve the problem, I immediately felt like a break to touch the head to think of something.

6. If the background process is not running is there a DLL holding my explore.exe? If that's the case, I really can only re-install the system. Wow, immediately check these EXE and the dependent DLL modification time discovery has not changed, and the signature is Microsoft's should not be wrong, this is the most terrible situation is excluded.

7. Can not solve, turn to the almighty Internet bar, see some people on the internet to make it natural to use 360 online navigation, and some people say the installation of 360 first aid kit to repair the browser home page, I pooh * * (omitted 1000 words here)

Are programmers, why do so absolutely? No, I firmly do not admit defeat, must seize the culprit!

8. Find an article similar to my experience, although he was hijacked to a game site, may not be the same malicious organization, but he said that every half-hour shortcut is added to the suffix, and I am every time a new shortcut and pinned to the taskbar triggered, I can almost judge that I might have taken the same approach. The solution mentioned in the article is to install WMI Event viewer:http://www.microsoft.com/en-us/download/details.aspx?id= 24045 then remove or unregister the malicious event, read the relevant information to understand that WMI (Windows manufacturer Identifier) is a Windows system like a plug-in thing, Convenient for different languages or tools, scripts to call the unified specification of the win API. And the same WMI is a core Windows management technology, WMI as a specification and infrastructure through which you can access, configure, manage, and monitor almost any Windows resource, such as a user can start a process on a remote computer, set a process to run at a specific date and time , remotely start the computer, get a list of installed programs for a local or remote computer, query the Windows event log for a local or remote computer, and so on. are often used by some programmers to do bad things.

Article to this, a smooth and perfect solution to the browser home page hostage problem, I hope to help people who encounter the same problem. Also thanks for writing that article to help me solve the problem.

To fight WMI.