Chasing the company's malicious web virus

xiaoxiao2021-03-06  75

Chasing the company's malicious web virus

After the online stroll, I found that the homepage of the IE browser was changed to a malicious website, and the browser default search engine was also changed to the malicious website search engine, "Navigator" was invaded by malicious web viruses.

Download a lot of viral killing tools from the Internet, the results are prompted "Your registry has been modified". Press "Repair Run" E-setting Repair. Do not want to start the computer again, discover the IE home page and search engines back to the malicious website. Is it infected with malignant virus?

Since the problem is definitely related to each time you restart your computer malicious web virus. Run the "msconfig" program to view the startup item, basically all the system files needed when the system starts, it seems to be nothing. Suddenly there is a note, the project is called "system", the project value is "regedit /sc :/system.reg", and quickly returns to the root directory to find "System.Reg", open it with Notepad, The content is as follows:

Regedit4

[HKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / Main]

"Start page" = "http://****.com/"

"Search Page" = "http://****.com/"

"Search bar" = "http://****.com/"

[HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / Run]

"system" = "regedit / s c: /system.reg"

that's it! Facade into system files, remove "system.reg" before "msconfig" startup item (more thorough practice is to enter the registry, put "hkey_local_machine / software / microsoft / windows / currentversion / run" "System" item delete), delete "System.Reg" under the root directory of the C drive.

At this time, the "Navigator" setting is no longer tampered again after the computer is restarted.

Chasing the serial malicious web virus summary:

1. To always prepare anti-virus software and clear malicious web virus tools;

2. Once the "Msconfig" malicious web-virus is infected, use the "MSconfig" tool (Windows 2000 users can copy "Msconfig.exe" file in Windows 98's system directory to the system32 directory of Windows 2000. Can be used to see if there is any abnormal project when the system is started.

3. Find the hard drive has no creation time for files that are mishering these malicious websites, especially the C-root directory, the Program Files directory, and the operating system directory.

转载请注明原文地址:https://www.9cbs.com/read-121596.html

New Post(0)