Author: Gu Jian
CopyRight 2004 ©
AloneESword
Come on this morning, ready to do things, just open IE, I will appear.
Http://7mao.com (This website is best not good to enter). I wonder, my machine is back to the home page, how refreshing is white! How can I do this! It feels not for the Rong, or the IE is hijacked!
All IE boot pages were poured into the site, although there is no big hindrance, but I still like IE refreshing interface, I don't like to be arranged (this may be related to personal character), so I've turned out HijackThis scan IE , Really found an unknown process
C: /Windows/hws.exe
What is this thing! It seems that I haven't seen it!
So Google, really found that it is a poor molecule.
(Announcement on the virus released by the drug tyrant:
http://db.kingsoft.com/c/2004/04/05/110530.shtml)
Hey! This is good, still worrying about working today, now there is a dry! In the whole machine wanted hws.exe, anti-virus!
Symptoms: 1. The Tiannun firewall process is killed by HWS.exe (this can be seen later); 2. The IE home page is modified, and it is not allowed to change it normally; 3. When you edit the homepage, the prompt: "The registry has been locked by the administrator" I have discovered these symptoms, there may be other, because there is a job in the hand does not care seriously, who can carefully study.
Didn't say:
1. With ProceXP (Recommended Tools, Role: View the current process of the current running program, although there is a system process viewer, but personal feeling is powerful, you can find any running process and see some of this process associated with this process Data, home essential weapons). Kill HWS Processing and Delete% SystemRoot% / System32 / HWS.exe
2. Unlock the registry. This method is more, you can write a registry file into the registry unlocked, you can also find a tool, because it is more special, so use the Duba_RegSolve tool unlock the registry (using this tool, you can make the IE property status Chemical;
(PS: Edit a registry file to pour into the registration table, the content is as follows:
Regedit4
[HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Policies / System]
"DisableregistryTools" = dword: 00000000
)
3. Start -> Run -> Regedit
Registration Table Wanted HWS.exe and Bundled IE Homepage (
Http://7mao.com), kill innocent!
4. Use HijackThis 1.98 to scan IE, hehe! Everything is normal!
Hey! It seems that I have added some self-confidence today!
Summary: 1. Cannot completely believe in anti-virus software. During this period, I used Norton AntiVirus 2004 to scan the HWS.exe under the system, but did not find viruses! gosh! It is clear that it has been modified my IE without inform me! So, you can't fully believe in anti-virus software, but this thing and firewall when you go online, this thing is not or two security; for anti-virus software, just like a book: No book, you can't do your best. 2. When there is an abnormal system, check the system at any time to prevent black hands; 3. In the attitude of learning, I copied hws.exe to see using udit32.exe, found that some common anti-virus software process will be killed by it, see if the picture will be known! 4. The registry is still the core of Windows, what is still in the inside! This time hws.exe is also something in it, you can look at things in the registry, learn to learn. 4. Recommend some common software: Software Name Program Name Role HijackThis 1.98 HijackThis.exe Check IE Equity Tools (Strong Recommended) Process Explorer Procexp.exe View Process and Related Information (GUI Interface) Duba_RegsoLveresolve.exe Repair IE Tool and View Startup Project
