In the Internet, surfing is happy, winning the bid is painful, especially malicious web code, which modifies our system settings, such as IE browser window title, IE start page, modify, or disable the right-click menu, modify the system's HOSTS file , Give us a lot of inconvenience.
What is even disabled System Registry Editor and Task Manager so that we are difficult to restore system settings.
But we still have to go on, so "I know the mountains and tigers,"
#####################
Anticipate
#####################
1. Prohibit the modification of the registry. The method is:
Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / System
Next, create a DWORD value called DisableRegistryTryTools and change its value to "1" to disable usage of registry editor regedit.exe.
What should I do if we have to modify the registration table? Please see the "hard sheep to make up" below.
Windows 2000 / XP / 2003 users, you can also disable the remote registry operation service "Remote Registry Service" inside the service to avoid malicious code.
The specific method is:
Start - "Setting -" Control Panel - "Administrative Tools -"
Can be dismote registry service items.
4. Timely hit the system patch, especially in time to upgrade IE to the latest version, which can greatly avoid the security hazards brought by IE vulnerabilities.
The method of hitting system patch is:
Start -> Windows Update ...
or
Start IE, with menu: Tool - "Windows Update ..
The upgrade program will automatically detect what patch you need to play
3, browse the web with GreenBrowser or Maxthon (myie2).
They have many excellent additional features, especially for changing the home page feature, allowing netizens to surf the greatest convenience.
GreenBrowser download:
http://www.morequick.com/indexgb.htm
Myie2 [Maxthon "predecessor] Download:
http://www.myie2.com/html_chs/home.htm
Maxthon (Maxthon) Download:
http://www.maxthon.com/chs/index.htm
As for GreenBrowser or Maxthon (myie2), you can refer to:
King's dispute - GreenBrowser vs Maxthon
Http://Media.ccidnet.com/media/cce/575/04201.htm
4. Download Match Microsoft's latest Microsoft Windows Script, can largely prevent malicious modifications.
5, a considerable malicious page is an ActiveX web page file containing harmful code, so it is prohibited from ActiveX plugins and controls, Java scripts, or deletes WSH (Windows Scripting Host) to a large extent avoiding the bid.
1) Prohibition of script operation
Open the Explorer, click on "Tools -> Folder Items -> File Type", which is removed from the "BS, BE, JS, JSE, WSH, WSF" item in the file type, so that these files will not Be executed (double click on your search * .js, *.).
In the IE window, click Menu: Tools → Internet Options, select the Security tab in the pop-up dialog box, then click the [Custom Level] button, will pop up the Security Settings dialog box, put all ActiveX plugins and controls And Java related to "Disable". 2) Delete WSH
WINDOWS 98:
Start - "Set -" Control Panel - "Add / Delete
Select "Windows Settings / Accessories" and click Details "to cancel the" Windows Scripting Host "option, then click the [OK] button.
Windows 2000 / XP:
Double-click the "My Computer" icon, then execute the Tools / Folder option command, select the File Type tab, find the "BS BScript Script File" option, and click the [Delete] button, and finally click [OK] I.e.
However, this will not be displayed normally if this will not be displayed if the ActiveX plug-in, JavaScript (JS), or VBScript (VBS) script is used in the web page. If you have any disadvantages, you still look at it.
6, install anti-virus software and open web monitoring, file monitoring and memory monitoring.
It is available for us to choose a lot of anti-virus software, domestic such as Rising, Jiangmin KV, Jinshan drug tyrants, foreign countries such as Symantec Norton, Panda Guards, McAfee, Trend Technology, Kaspersky, etc. Kill, etc. CA cooperation.
I use Rising 2003, and I have not passed the standard.
7, rename the dangerous command files such as fdisk.exe, deltree.exe, format.com to avoid unnecessary losses.
8, don't easily access some sites you don't understand, especially those who look beautiful and attractive URLs, otherwise it is often us.
9. Set read-only properties for the HOSTS file in the Windows system folder.
WIN 98:% SystemRoot% / Hosts
Win 2000 / XP:% SystemRoot% / System32 / Drivers / etc / hosts
The HOSTS file is saved with the IP address of the Windows system record with the domain name.
Some web malicious code will modify this file forced us to access the malicious webpage / website.
10. Access known malicious webpage / site. Method is: Open IE, click on Menu Tool - "Internet Option -" Content - "Hierarchical Review"
Click the [Enable] button, will pop up the "Hierarchical Review" dialog box, then click the "Licensed Site" tab, enter the website URL that you don't want to go, press [Never] button, then click [OK].
More about IE Hierarchical Review Functions You can refer to the following article:
Hierarchical review function in IE [Figure] http://it.rising.com.cn/newsite/channels/anti_virus/virus_lert/topicDatabasepackage/06-131000162.htm
Another implementation method is to modify the HOSTS file, the operation method can be referred to:
Use Hosts file to prevent "QQ virus"
Http://it.rising.com.cn/newsite/channels/anti_virus/antivirus_base/antivirus_tech/200311/26-094112886.htm
#####################
Desperate
#####################
Ming gun is easy to hide, dark arrows are difficult to prevent. If you accidentally marked, you can refer to the solution below for some common problems.
I suggest you read the main version of the wind:
Anti-browser hijacking forum post must read
Http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4317538&page=1
And take the middle method to try to fix.
*********************************************************** *******************
You can try the following tools first, avoid the trouble of direct operation of the registry may cause:
Rising Registry Repair Tool
Http://it.rising.com.cn/service/technology/regclean_download.htm
Drug Security Registry Repair Tool
Http://db.kingsoft.com/download/3/8.shtml
Tom moderator: anti-browser hijacking special group - IE security software introduction
Http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4334001
IE modifier 2004A V1.8
Features and download addresses, please read the stickers sent by the super anti-virus expert:
Http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4335211
Huangshan IE repair expert V7.50
Features and download addresses, please read the stickers sent by the super anti-virus expert:
http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4335170
Ssearch.biz and its variant http://ssearch.biz/?wmid=1010 blank page special killing tool
Features and download addresses, please read the computer football post: http://community.rising.com.cn/forum/msg_read.asp? Fmid = 67 & SubjectId = 4353561
*********************************************************** ********************
Open the registry editor:
Start -> Run ...
enter:
regedit
Click the "OK" button.
After modifying the registry, you will usually press the F5 key to refill the new entry into force. If not, restart the system to see.
1. Unsearrable registry editing tools
Use Notepad to establish a file with REG, the file name can be customized, the content is as follows:
Regedit4
(Note that it is empty here)
[HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / System] "DisablereGistryTryTools" = DWord: 00000000
It should be noted that in "regedit4" must be capitalized (if you are a Windows 2000 or Windows XP user, write "regedit4" as "Windows Registry Editor Version 5.00), and then take a row, and" regedit4 " "T" and "4" must not have spaces, otherwise ...
Double-click to open the REG file, when you ask you "Do you want to add the information within * .reg to the registry?", Select "Yes", you can successfully enter the registry.
The registration form is solved. Here we want to modify the registry and the registry.
2, IE Home / Home problem
1) The default home page is modified
Performance form: The default home page is changed to the website of a website
Restoration method: Expand the registry to HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / Main
Next, modify the key value of "default-page-url" in the right window to our favorite URL.
2) IE homepage cannot be modified
. Form: Home settings are blocked, and set options invalidable
Restoration method: Expand the registry to
HKEY_USERS / .DEFAULT / SOFTWARE / Policies / Microsoft / Internet Explorer / Control Panel
Next, the key value of "homepage" in the right window is modified by the original "1" to "0", or simply delete "Control Panel"!
3) IE default start page is modified
Performance: The default start page is changed to a website URL
Restoration method: Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / Main
Modify the "Start Page" value on the right to our favorite URL.
3, modify the title bar of IE
Performance: More advertising information for publicity websites on the blue title bar of IE.
Restoration method: Expand the registry separately
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / Main
with
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / Main
The "Window Title" primary key value in the right window is changed to "Microsoft Internet Explorer" or you like it.
4. Delete the running program
Performance: Automatically open the browser when booting to display illegal web pages.
Restoration method:
1)
Start - "Program -" Start
In direct deletion;
2) Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / Currentves / "and" / HKEY_LOCALMA chine / Software / Microsoft / Windows / CurrentVersion / Run
Branch, in the window, there are many programs that start running when Windows starts, but can't find it in the menu "start / program / start". It is possible to delete the running program.
5, right-click menu
1) Add illegal website links and ads:
Performance: The link information such as the "URL home" is added to the right mouse button pop-up menu.
Restoration method: Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Menuext
Branch, the additional right-click menu displayed in IE is listed in the window, and the common "Internet Ants" and "Internet Express" click the right click to download the information is also stored here, just find the primary key entry that displays the advertisement can be deleted. .
2) Right-click pop-up menu function is disabled (abnormal):
Performance form: Right click in IE, but do not display shortcut menu.
Restoration method: Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Restrictions
Branch, find the "NobrowserContextMenu" key name in the window, set its key value to "00000000", press F5 to brush the new entry into force.
6, IE collection is forcibly adding an illegal address link
Performance: Link information of illegal websites in the IE collection. Repair method: Please use manual direct clearance, move with the mouse button to the illegal website information, click the right-click pop-up menu, select Delete.
7, illegal add button in IE toolbar
Form: The illegal button is added at the toolbar.
Restoration method: IE toolbar icon information in the registry
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / EXTENSIONS
In this primary key, you will see some common software, such as the ID value corresponding to Netants: "{57E91B47-F40A-11D1-B792-444553540000}". Double-click this ID value, you can see some string values on the right, such as "Button", "CLSID", "Default Visible", "Exec", "Hoticon", "Icon", "MenuText", "Menustatusbar" Wait, the meaning of string values is as follows:
CLSID is the identification code of the IE toolbar, Heng is "{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
ButtonText: Customize the text displayed on the button.
Default Visible: Controls whether the custom button is visible, generally "Yes".
Exec: The target of the custom button executes can be linked for execution programs or hypertext links.
Hoticon: The icon displayed when the mouse moves on the button.
Icon: Defines the icon in general.
Menutext: Defines the contents of the mouse pointing to Netants in the browser tool menu bar, in the browser status bar.
Menustatusbar: Defines the description of the relevant instructions displayed in the status bar when the mouse pointing to the relevant text in the IE IE "Tool" menu. If the mouse is placed on the Netants button in the "Tool" menu, "Launch Netants" will be displayed.
We can delete it according to Menutext and Menustatusbar to find the item corresponding to the Illegal Add button.
Recommendation: Press Right-click on the IE toolbar to select "Lock Toolbar" from the pop-up menu to prevent the malicious button from adding.
8, lock the drop-down menu of the address bar and its add text information
Performance: Transfer the drop-down menu of the address bar into gray, and override illegal text information, or an illegal website / web address in the address bar
Restoration method:
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Toolbar
Branch, find the "LinksFoldername" key name on the right window, set its key value to "Link", and excess characters will be removed.
Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / TypeURLS
Branch, delete the useless key value in the right window
You can also delete the index.dat file under the cookies directory under DOS.
9. The "Source File" item under the IE menu "View" is disabled
. Form: Unavailable "Source File" items under the IE menu "View".
Restoration method: Expand the registry separately
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Restrictions
with
HKEY_LOCAL_MACHINE / SOFTWARE / Policies / Microsoft / Internet Explorer / Restrictions
Branch, find the "NOVIEWSource" key name on the right window, set its key value to "00000000". 10.netNet Options ... Menu / Button Failure
. Form: Select "Internet Options ..." item from the IE menu, does not display the Internet Options dialog.
Restoration method:
Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Control Panel
Change the DWORD value "settings" = DWORD: 1, "LINKS" = DWORD: 1, "SECADDSITES" = DWORD: 1, "0".
Expand the registry to
HKEY_USERS.DEFAULT / SOFTWARE / Policies / Microsoft / Internet Explorer / Control Panel
Change the key value of the DWORD value "homepage" in the right window to "0".
11. Tips window at startup
Performance: A prompt window appears every time you log in to the Windows desktop, show the advertisement information of those web pages.
Restoration method: Expand the registry to
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Winlogon
Branch, find and delete the "LegalNotice-Caption" and "LegalnoticeTiceText" keys in the right window. "LegalNoticeCaption" is the title of the prompt box, "LegalNoticetext" is the text content of the prompt box.
12, restore "run" option
Performance form: There is no "run .." in the start menu.
Restoration method: Expand the registry to
HKEY_USERS / .DEFAULT / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / Explorer
Branch, the key value of "Norun" is modified to "0" in the right window, or "Norun" can also be deleted.
13. OE title bar is added illegal information failure characteristics:
Form: Add illegal information to the Outlook Express blue title bar at the top.
Restoration method: Expand the registry to
HKEY_LOCAL_USER / SOFTWARE / Microsoft / Outlook Express
Branches, set the key values of "WindowTitle" in the right window and "Store root" keys to empty. Press F5 to brush new entry into force.
14, the default IE search engine is modified
Performance: The default search engine of IE is tampered with.
Restoration method: Expand the registry to
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / Search
Branch, find the "Searchassistant" key name, modified to: http://ie.search.msn.com/ {{b_rfc1766 }/srchasst/srchasst.htm, then then
Find the "CustomizeSearch" key name, modify its key value to: http://ie.search.msn.com/ {{{__ rar 1as .}. 为
15, you can't customize the security level
Performance: The security custom button in the IE browser is disabled.
Restoration method: Expand the registry to
HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Control Panel Find the "SecchangeSettings" item on the right window, double-click it, change the value to 0
16 Enter the normal URL, but it is illegal web page.
There are two situations here:
1)
Performance: Enter the normal URL in the IE address bar, but it is illegal web page.
Restoration method: Restore HOSTS files
Specific operation can be referenced
General repair method for website malicious code
http://community.rising.com.cn/forum/msg_read.asp?fmid=2832&page=1
2)
Performance: Enter the normal URL, such as www.abc.com, but the actual open URL turns http://ettp.cc/? Www.abc.com, etc.
Restoration method:
Expand the registry to
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / URL / DEFAULTPREFIX
Change the value of the "default" button in the right window to: http: //
Expand the registry to
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / URL / Prefixes /
Change the value of the "WWW" button in the right window to: http: //
in
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / Main / URLTemplate
In the right window, we can see a few strings, IE automatically search in the order of 1, 2, 3, 4 ..., adjust the key value of the 1, 2, 3, 4 ... string Exchange, you can adjust the order of automatic search, you can also create a string to increase the contents of automatic search.
17. It is grouped or forgotten the grading review password.
Cancel the two methods of the IE grade review password
1. Modify registration method
Click "Start / Run", enter "regedit" in the Run dialog Open the Registry Editor, locate the "HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / Ratings" branch, you can find a name For "key" key value, this is the hierarchical review password that has been encrypted, we only need to delete it. After restarting your computer, you can reset the hierarchical review password. Open the IE browser, click the "Tool / Internet Options" menu, open the Internet Options dialog box, click on "Content / Hierarchical Review", you will find that the hierarchical review password has been reset, now you just enter a new grading review The password can be. Of course, delete the "Ratings" button directly, or the restrictions on the hierarchical review.
2. Remove the file method
Here you first assume that your operating system is installed under the C: / Windows folder, then enter the C: / Windows / System folder, find the file named "Ratings.Pol", and delete it. To remind everyone that the Ratings.Pol file is a hidden file, if your system is set to "Do not display the hidden file", you will not find it. Therefore, before starting operation, first click on "View / Folder Item" in the Explorer, click "View / Display All Files" in the Folder Options dialog box, then click the "OK" button to exit can. This method is valid under Windows 9X / ME.
Others in other registrations About IE settings: [HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Control Panel]
〖Internet Explorer option class〗
"Homepage" = dword: 00000001; Prohibition of change the home page setting 0 = can be modified
"Cache" = dword: 00000001; Prohibition of the internet temporary file settings 〖0 = can be modified
"History" = dword: 00000001; Prohibition of change history settings 〖0 = can be modified
"Colors" = dword: 00000001; Prohibition of modification [text] and [background] color 〖0 = can be modified
"Links" = dword: 00000001; Prohibition of modification [link] color setting 〖0 = modified〗
"Languages" = dword: 00000001; Prohibition of modification [language] setting 〖0 = can be modified
"Accessibility" = dword: 00000001; Prohibition of modification [Auxiliary function] color settings 〖0 = can be modified
"Rating" = dword: 00000001; Prohibition of modification rating set 〖0 = can be modified
"Certificate" = dword: 00000001; Prohibition of Change Certificate Settings 〖0 = Changed〗
"Forsuggestpasswords" = dword: 00000001; Prohibition of saving password 〖0 = can be modified
"Profiles" = dword: 00000001; Disable change configuration file 〖0 = can be modified
"ConnwizadminLock" = dword: 00000001; Disable Internet Connection Wizard 〖0 = Changed〗
"ConnectionSettings" = dword: 00000001; Prohibition of change connection settings 〖0 = can be modified
"Proxy" = dword: 00000001; Prohibition of the revision of the proxy server settings 〖0 = can be modified
"Messaging" = dword: 00000001; Prohibition of the revision of the associated program (mail, newsgroup, call) 〖0 = can be modified
"Calendarcontact" = dword: 00000001; Prohibition of modifying the association program (calendar, contact list) 〖0 = can be modified
"Check_if_default" = dword: 00000001; Prohibition of modifying the default browser 〖0 = can be modified
"Advanced" = dword: 00000001; Prohibition of modification advanced tab 〖0 = can be modified
"ResetWebSettings" = DWORD: 00000001; Limit Restore is the default value 〖0 = Changed〗
; 〖Shield Internet Explorer tab class〗
"Generaltab" = dword: 00000001; Shield [General] tab 〖0 = display〗
"Securitytab" = dword: 00000001; Shield [Security] tab 〖0 = display〗
"ContentTab" = dword: 00000001; Shield [Content] tab 〖0 = display〗
"ConnectionsTab" = dword: 00000001; Shield [Connection] tab 〖0 = display〗
"Progra mode = dword: 00000001; Shield [Program] tab 〖0 = display〗
"Advancedtab" = dword: 00000001; Shield [Advanced] tab 〖0 = display〗 [HKEY_CURRENT_USER / SOFTWARE / Policies / Microsoft / Internet Explorer / Restrictions]; 〖Internet Explorer menu class〗
"Nofavorites" = dword: 00000001; Shield [Favorites] menu 〖0 = display〗
"NobrowserContextMenu" = dword: 00000001; Shield [right mouse button] 〖0 = display〗
"NOFILENEW" = dword: 00000001; Disable [New] menu item 〖1 = forbidden〗
"NofileOpen" = dword: 00000001; Shield [Open] command 〖1 = forbidden〗
"NobrowSersaveas" = DWORD: 00000001; Shield [Save As] Command 〖1 = forbidden〗
"NobrowSersaveWebComplete" = dword: 00000001; Shield [Save As Web Page] Command 〖0 = Save All Types
"NobrowSercolse" = dword: 00000001; Limit [Close] IE window 〖1 = limit〗
"NOTHEATERMODE" = dword: 00000001; Limit [full screen] display 〖1 = limit〗
"NoviewSource" = dword: 00000001; limit view [source file] 〖1 = limit〗
"NobrowSerOptions" = dword: 00000001; Limit using the [Internet Options] command 〖1 = limit〗
"Nohelpitemtipoftheday" = dword: 00000001; Shield [Daily Tip] 〖1 = Shield〗
"Nohelpitemnetscapehelp" = dword: 00000001; Shield [netscape user] command 〖1 = shield〗
"Nohelpitemtutorial" = dword: 00000001; Shield [tutorial] command 〖1 = shield〗
"Nohelpitemsendfeedback" = dword: 00000001; Shield [send feedback] command 〖1 = shield〗
"Noopennewwwnd" = dword: 00000001; Shield [new window] command 〖1 = shield〗
"NoselectDownloadDir" = dword: 00000001; Limit [Save Save As] Command 〖1 = Limit〗
"NofindFiles" = dword: 00000001; Shield [F3] Search command 〖1 = shield〗
in:
Registry Modification Skills ---- Network Control
http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4314853&page=1
There are also some related introductions
For Windows 2000 / XP, Group Policy can also set IE, registry editing tool, and task manager, and refer to the operation:
WindowsXP Group Policy Editor Application Instance
Http://community.rising.com.cn/forum/msg_read.asp?fmid=3&subjectid=4117055&page=1
update record:
2004-11-01
Supplement: 17. Maliciously set or forgotten the grading review password and its solution 2004-10-29
Supplement and improve the disable and deletion of the scripting language (WSH).
2004-10-09
Add some registry items related to IE settings.
2004-09-19
Supplementary pictures of the IE grading review feature and more articles of the article
2004-09-01
Improved 16
2004-08-30
Improved 2, 8, added 10. The project is bold and easy to read.
2004-08-07
Supplement: Can't customize the IE security level (especially thank the deer dog netizen reminder)
2004-08-05
Supplement: Computer football recommended Ssearch.biz and its variant http://ssearch.biz/?wmid=1010 blank page special killing tool
2004-08-03
Supplement: Tom moderator's anti-browser hijacking special group - I safety software introduction
Supplement: IE modifier recommended by super anti-virus 2004A V1.8 and Huangshan IE repair expert V7.50
Improvement: 7, illegal add button in IE toolbar
Supplement: 13, the default IE search engine is modified
Modified some typographic words ...
2004-08-02
Reference: Wang Wang 999 netizen's post:
Macholds page virus simple repair method!
Http://community.rising.com.cn/forum/msg_read.asp?fmid=67&subjectid=4285952
