Solution to Web page malicious code scheme

Source: Internet
Author: User

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

The great harm of Web page malicious code and its solution

(i) How to repair the registry if the registry is locked

Registry locked This is vicious, and it makes it harder to make it easier for universal users to restore the registry even if they simply modify it. The symptom is to click "Run" in the Start menu, the registry is not available when you enter the regedit command in the Run box, and the system prompts you not to run the program, and then let you contact your system administrator.

This is due to Registry Editor:

The DWORD value "DisableRegistryTools" under HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System is modified to " 1 "To restore the use of the registry by restoring its key value to" 0 ".

Solution:

(1) You can create a tool to unlock the registry by yourself, which is to edit a. reg file of any name with Notepad, such as Recover.reg, as follows:

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools" =dword:00000000

What you should pay special attention to is that if you use this method to create a tool that unlocks the registry, must be in strict accordance with the above writing format, can not be omitted more can not be modified (in fact, you only need to "copy", "Paste" to your machine Notepad can); Save As "item, the filename can be arbitrary, but the file name extension must be. Reg (remember), and then click Save. Such a registry unlock tool is done, after that you only have to double-click the generated tool icon, which prompts you to add this information to the registry, click "Yes", then the system prompts the information has been successfully entered the registry, and then click "OK" to unlock the registry.

(2) can also download the following unlock tool directly, the download completes the operation can be directly unlocked Registry Editor:

Http://it.rising.com.cn/antivirus/net_virus/spiteful/enable.reg

(ii) Tampering with IE's default page

Some IE has been changed from the start page, even if the "Use default page" is set still invalid, because the IE start Page's default page has also been tampered with. Specifically, the following registry key was modified:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\main\default_page_url

The key value of the subkey, "Default_Page_URL", is the default page for the start page.

Solution:

Run Registry Editor, then expand the subkey above, change the URL of the key value of the "Default_page_ur" subkey to get rid of the Web site, or set it to the default value of IE.

(iii) Modify the Internet Explorer default home page and lock the settings entry to prevent users from changing

The main is modified in the registry of IE settings in the following key values (DWORD value is 1 is not optional):

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

"Settings" =dword:1

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

Links =dword:1

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel

"Secaddsites" =dword:1

Solution:

Change the above DWORD value to "0" to restore functionality.

Four) IE default home page Gray button is not optional

This is due to registry hkey_users\. Default\software\policies\microsoft\internet Explorer\Control Panel

The key value of "homepage" under the DWORD value is modified. The original key value is "0" and is modified to "1" (that is, the gray-not-selectable state).

Solution:

Change the key value of "homepage" to "0".

Five) IE title bar modified

In the default state of the system, the application itself provides information about the title bar, but it also allows users to add information to the registry entries themselves, and some malicious websites take advantage of this: they change the key values under String window title to their website name or more advertising information, So as to change the viewer IE title bar.

The registry entries that are specifically changed are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\main\window Title

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main\window Title

Solution:

① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field and press "OK".

② Expand the registry to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, the String value "window Title" is found in the right half window, the string value is deleted, or the window Change the key value of title to "IE Browser" etc your favorite name;

③ Similarly, expand the registry to

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

The method is then processed as described in ②.

④ quit Registry Editor, restart your computer, run IE, and you'll find that the problem that bothers you is solved!

Six) IE right button menu is modified

The registry entries that were modified are:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext

Under the new Web page advertising information, and thus in the IE right-click menu appears!

Solution:

Open the registration Mark Editor to find

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext

Delete the relevant advertising provisions, be careful not to download the software flashget and netants also deleted, these two are "normal", unless you do not want to see them in IE's right-click menu.

Seven) IE default search engine is modified

In IE browser's toolbar has a search engine's tool button, can realize the network search, is tampered with only then clicks that Search Tool button to link to that tampering website. This behavior occurs because the following registry is modified:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\search\customizesearch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\search\searchassistant

Solution:

Run Registry Editor, expand the subkeys in turn, and change the key value of "Customizesearch" and "SearchAssistant" to a search engine's URL.

(eight) Pop-up dialog box when system starts

The registry entries that were changed are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

The string "LegalNoticeCaption" and "LegalNoticeText" are built under it, where "legalnoticecaption" is the caption of the balloon, and "LegalNoticeText" is the text content of the prompt box. Because of their existence, so that every time we log on to the reregistering desktop, there is a prompt window, display those pages of advertising information!

Solution:

Open Registry Editor to find

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

This primary key, and then in the right window to find the "legalnoticecaption" and "LegalNoticeText" these two strings, delete these two strings can be resolved when landing a prompt box phenomenon.

Nine) IE default connection home was modified

The title bar above IE browser is changed to "Welcome to visit ... Website "style, which is the most common tamper means, the victims are numerous.

The registry entries that were changed are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

By modifying the "Start Page" key value, to modify the browser IE default connection to the home page, such as browsing the "Million Flower Valley" will be your IE default connection homepage modified to "http://on888.home.chinaren.com", Even for the purpose of advertising their own home page, it seems too overbearing, which is why this kind of Web page is disgusting.

Solution:

① after Windows starts, click the "start" → "Run" menu item, type regedit in the "Open" field and press "OK".

② Expand the registry to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main, in the right half of the window find the String value "Start Page" double click to change the key value of the Start page to "about: Blank "can be;

③ Similarly, expand the registry to

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

The string value "Start Page" is found in the right half window, and then processed by the method described in ②.

④ quit Registry Editor, restart the computer, everything OK!

Special example: When IE's starting page becomes a certain URL, even if you modify the settings through the options, restart will become their web site, very difficult. In fact, they are in your machine to add a self running program, it will start the system will be your IE start page to their site.

Workaround: Run Registry Editor Regedit.exe, and then expand

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Current Version\Run

Primary key, then delete the Registry.exe subkey below it, then delete the C:\Program Files\registry.exe from the running program, and then reset the start page from the IE option.

(10) The right mouse button fails in IE

After browsing the Web page in IE, the right mouse button failure, click the right button no response!

Some network rogue in order to achieve its malicious propaganda purpose, will be your right button pop-up function menu has been modified, and added some messy things, even in order to prohibit you download, the IE window right-click function are shielded.

?? Solution:

1. The right key menu is modified. Open Registry Editor, find HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext, and delete the relevant advertising provisions.

?? 2. The right key function fails. Open Registry Editor, expand to HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions, and set its DWORD value The value of Nobrowsercontextmenu is changed to 0.

(11) View the source File menu is disabled

Click "View" → "source file" in IE window and find the "source file" menu has been disabled.

The malicious Web page modifies the registry in the following locations:

In the registry

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

Set up the subkey "restrictions" below and create two DWORD values under "Restrictions":

"Noviewsource" and "Nobrowsercontextmenu" and assign a value of "1" to these two DWORD values.

In the registry

Hkey_users\. Default\software\policies\microsoft\internet Explorer\Restrictions

, the key values for the two DWORD values: "Noviewsource" and "Nobrowsercontextmenu" are changed to "1".

By modifying these key values, the right mouse button is invalidated in IE so that the source file in the View menu is disabled.

Solution:

Save the following as a registry file with a suffix named. reg, such as Unlock.reg, double-click Unlock.reg to import the registry, do not reboot the computer, and then run IE again to see that IE functions are back to normal.

REGEDIT4

HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions

"Noviewsource" =dword:00000000

"Nobrowsercontextmenu" =dword:00000000

Hkey_users\. Default\software\policies\microsoft\internet Explorer\Restrictions

"Noviewsource" =dword:00000000

"Nobrowsercontextmenu" =dword:00000000

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.