Now the Internet is really unsafe. The most fierce in the front is "Wanhua". If you enter the web browser registry, a lot of system functions are limited. Recently I heard that some netizens have been shared by netizens when they browse the web, and the harm seems to be bigger. It seems that "the mountain rain is full of wind full house"!
In fact, the so-called browsing web hard drive is shared, like "Wanhua", the victims are browsing the ActiveX web file containing the harmful code. The following is a key section in the original code of the webpage:
Note: The role of this code starting with "shl.regwrite" is to write to the viewer's registry, add key value "RWC $" below HKEY_LOCAL_MACHINE / SOFTVERSION / NETWORK / LANMAN, in RWC $ "Establish key value" flags "," Type "" PATH ", which sets the C disk to share, shared name RWC $. And you can't see the hard drive in the network properties! If you change "Flags" = DWORD: 00000302 to "Flags" = dword: 00000402 can see the hard disk is shared. It seems that this harmful guy is very smart, thinking that the Flags value is changed to 302 can be secretly shared ...... ^ - ^
Since it is shared as long as you browse this type of web hard drive, it is harmful than Trojans (personal view). If you accidentally trick, then people give you a lower case can complete your hard drive as a logical hard drive, he can copy files in your computer, delete files, renamed the file ... If this is still can't make him Satisfied, he can give you another Trojan (oh, wrong! It is not a group of Trojans), so you are not as good as death, what secret is not: Internet account, QQ password, give MM letter ... ... If he is happy to format your hard drive, or the software that runs "Jiangmin Bomb" in your computer to destroy your hard drive. In short, everything you have is in his master, think about it is terrible? !
Solution: "RWC $" below HKEY_LOCAL_MACHINE / CURRENTVERSION / NETWORK / LANMAN is deleted. Little, you can also delete the Windows / System / below VServer.vxd (files on the Microsoft network with printer sharing, virtual device driver), and then the vServer_Machine / System / CurrentControlSet / Services / VXD / Under The value is deleted, and the back of such "Trojans" is never.
Defense prevention:
1. To avoid the tricks, the key is to easily go to some sites that you don't understand, especially those who look beautiful and attractive URLs, otherwise it is often you.
2, run the IE, click "Tools → Internet Options → Security → The security level of the Internet area," high "is changed to" high "
3. Because this page is an ActiveX web file containing a harmful code, you can avoid the tricks in the IE settings. The specific method is: Click "Tools → Internet Options in the IE window, select the" Security "tab in the pop-up dialog box, then click the" Custom Level "button, will pop up the Security Settings dialog box, put all of the ActiveX Plugins and controls and Java-related all select "Disable". However, doing this may result in some normal use of ActiveX in future web browsing. Hey, if you are good, you still look at it. Let's .4. For Windows98 users, open C: /Windows/java/packages/cvlv1nbb.zip, deleted the "activexComponent.class"; for WindowsMe users, open C: / Windows / Java / packages / 5nzvfpf1 .Zip, delen the "activeXcomponent.class". Please rest assured that deleting this component will not affect you normally browse.
5, since this type of page is to destroy our system by modifying the registry, then we can lock the registry in advance: to modify the registry, so that the purpose of preventing the prevention. However, what should I do with the registry editor regedit.exe? So we have to prepare a "key" in advance before you can open this "lock"!
The locking method is as follows:
(1) Run the registry editor regedit.exe;
(2) Expand the Registry to HKEY_CURRENT_USER / CURRENTVERSION / MICROFT / Windows / CurrentVersion / Policies / System, create a DWORD value called DisableRegistryTools, and change its value to "1" to disable usage of registry editor regedit .
The unlocking method is as follows:
Edited an arbitrary name .reg file, such as UNLOCK.REG, as follows:
Regedit4
[HKEY_CURRENT_USER / Software / Microsoft / Windows / CurrentVersion / Policies / System]
"DisableregistryTools" = dword: 00000000
Storage. You have a key to unlock! If you want to use a registry editor, double click unlock.reg. It should be noted that in "regedit4", it must be empty, and "4" and "t" in "regedit4" must not have spaces, otherwise it will give up!
6. Install the network firewall, especially after the Norton 2001 is installed, the alarm prompts if there is a script write registry, and the domestic anti-virus software KVW3000 also has such effects. It is recommended that you also install one such software.
7. Although a hard work modified back the title and the default connection home, but if you accidentally enter the station, you have to trouble. In fact, you can do some settings in IE to never enter the site:
Open IE, click "Tool" → "Internet Options" → "Content" → "Hierarchical Review", click the "Enable" button, will call the "Hierarchical Review" dialog box, then click "License Site" tab, enter you don't want to go Website URL, if you enter: http://www.sohu8.com, press "Never" button, then click "OK" to do it!
