At the moment of the majority of netizens now, I am afraid it is to browse the web page, IE browser is frequently modified by malicious scripts! Sometimes the browser title bar also wrote "welcome to a website" in the morning. In the afternoon, it has been changed to "B website welcome to visit again", it is really a bitter laugh. What's more, after a website, even the registry of Windows is locked, which is a bit annoyed! This article is to combine my actual experience, with the current more than ten kinds of attack methods as an example, teaching some friends who don't know much about registration form and anti-revision. I. General prevention 1. Uninstall or upgrade WSH WSH is the referusion of Windows Scripting Host Object Reference, and Windows 9x system sets it to the default installation item. Many ordinary users don't know much about WSH, of course, will not uninstall it. We can learn from Microsoft's Chinese official website: "WSH provides simple, powerful and flexible scripts to 32-bit Windows platforms." The ActiveX script architecture it supports "allows users to use powerful Script languages such as Visual Basic Script and Java Script also support MS-DOS command scripts. ", And" can enable scripts directly on the Windows desktop or command console ". It can be seen that a virus that uses the WSH binding script can write a virus that is extremely killed. Therefore, it is recommended that ordinary computer users with frequent Internet access can consider uninstalling WSH. Uninstalling method: Go to "Control Panel", select Add / Remove Programs, switch to "Windows Installer", select "Attachment", select Windows Scripting Host in Details, and finally click "OK" to uninstall . In addition, you have a better choice, upgrade to WSH 5.6. IE can be changed by malicious script, the reason is that IE 5.5 and WSH in previous versions allow attackers to use the getObject function in JavaScript and the HTMLFilr ActiveX object to read the viewer's registry. Microsoft's latest Microsoft Windows Script 5.6 has been amended. After installing WSH 5.6, you can completely eliminate potentially unsafe factors in your browser so that you will free from the browser to maliciously modified nightmare! Attachment: WSH 5.6 for Win9X / NT and Win2000 Download http://download.pchome.net/system/patch/11065.html# 2. Shielding a web page with malicious script If you use an external browsing such as Netcaptor, Myie If you can shield the web page (of course, premise you have confirmed) to avoid it again in the future. Take the NetCaptor browser as an example, click the right mouse button on the web tab you want to mask, select "Add to" → "add to popupcaptor" in the pop-up menu, and then click "OK" in the OK box pop-up. If you usually use the IE browser, select "Tools" → "Internet Options" → "Content" → "Hierarchical Review" in the menu bar, click the "Enable" button to switch to the pop-up "rating" dialog box to "Licensed Site" tab, enter the website URL you want to mask, then click "Never" button, then "OK".
3. Setting the security level of the IE browser because IE is modified because of the webpage containing malicious scripts, so IE set the corresponding security level to avoid IE again and malicious modifications. Setting method: Select "Tools" → "Internet Options" in the IE's menu bar, switch to the Security tab in the pop-up dialog box, select "Internet" button, click the Custom Level button, in "Security Settings" In the dialog, all the relevant options in "ActiveX Plugins and Controls", "Scripts" can be "disabled" or "prompt". If "Disabled" is selected, some websites that are properly used by ActiveX and scripts may not be fully displayed. It is recommended that you don't want to waste, or choose "Tips". 4. Using the updated version of the operating system If you are friends using Windows 2000 / XP, you can block some malicious scripts by disabling the Remote Registry Services. The specific method is: Right-click "Remote Registry Service" in "Control Panel" → "Administrative Tool" → "Services", select "Properties" in the pop-up menu, open the Properties dialog, in "General" "Startup TYPE "is set to" disabled ". This can also intercept part of the malicious script program. 5. Use firewalls and anti-virus software, this may be thought of it first after encounter such problems. But according to my actual experience, this is not very useful. I never used the firewall. Anti-virus software only uses Norton. Every time I encounter a web page containing such malicious scripts, Norton can pop up a warning box, IE is still incorrect. Perhaps it is a current anti-virus software that is not too cold for such scripting pranks. If you are using the anti-virus software or firewall to effectively curb this type of script, write let me talk to me, share it with other friends :) Second, tool modification 1. Old system modification tool Megic Set Megic Set - "Super Rabbit The Magic Settings series software can be said to be one of the best shared software in China, and there is a ratio of the classic Tweak series software. Now the latest version of the super rabbit has added a gadget "Super Rabbit Registry Protector", its role is to protect your registry is not maliciously modified, and the modified timely recovery. The protector is easy to use: first select the item you want to reflect in the check box on the left, then click the "Clear" button, it will pop up a confirmation box, prompting the self-contained and IE when installing Windows The registry item will be cleared and restored to the initial state, click OK. Of course, if you want to keep some custom projects, you can modify the "Super Rabbit Magic Settings", the specific method is simple, I believe you will understand. In addition, you can also click the "Protection" button, and the protector minimizes the system tray, and always protects your registry not to be modified. Finally, you can also select the selection box before "Automatic Run .........", the protector will run when you turn it on, so you can prevent it, you can get close contact with you. 2. The anti-modification tool of Kingsoft Internet Security DUBA_REGSOLVE This is the anti-modification small software developed by Jinshan drug tyrants for the current online horizontal malicious web page. You can use it to restore the default settings for the registry. Open its interface, you can see its anti-modification options more comprehensive, and software operation is also intuitive, I believe that you don't need to introduce you more you can easily get started.
In addition, there are many small software on the Internet to modify certain items of the registry. Only the fish dragon is mixed, nor the two software mentioned above is comprehensive and safe. So there is no need to introduce more here. Third, manual clearance 1. The registry is disabled to the editor of the registry is the key to solving the problems involved in this article, and many friends have found that the actual contingent registration is "administrator disabled" when opening the registration editor. ! In fact, this is also a ghost that contains a malicious code. If your registry is also disabled, you can unlock it below: 1.) Create a text file, enter the following content (pay attention to keep your text format): regedit4 [HKE_CURRENT_USER \Software\ Microsoft \Windows \currentversion \Policies \ System] "DisableregISTRYTOLS" = dword: 00000000 Click the "File" menu to select the "Save" command to save the file name to any location with "Recover.Reg". 2.) Double-click the "Recover.Reg" file, the system pops up "Whether to confirm the addition of the information in Recover.Reg to add the registry", click "Yes", then the system prompt "information in Recover.Reg Has been successfully entered into the registry, then click "OK" to unlock the registry and subsequent modifications. 2. The "Run" of the Start menu disappears in the Run bar. Enter regedit is the way we are commonly used open the registry editor. However, some web pages containing malicious code are even here, do they think of this can stop our anti-modifications to the registry? No problem, use two simple ways to recover "run". First, enter C: \winnt (Win9X user C: \windows), find "regedit.exe", double-click it to open the Registry Editor, then position to: hkey_current_user \Software ∎Microsoft \Windows \currentVersion \Policies \Explorer finds the "Norun" value, right-click, select "Modify" (or directly delete better), change its value to 0, restart your computer; Second, create a text file, Enter the following (Note Keep text format): regedit4 [HKEY_CURRENT_USER \SoftWare ing\ Microsoft \Windows incer] "norun" = dword: 00000000 Save the file as run.reg file, double-click the file, restart the computer Open the "Start" menu to see, is the "Run" option has been recovered? 3. The title bar of the IE browser is modified This is the most common way to modify the IE browser.
Its anti-modification is also very easy, first open the "Start" menu, select the run ... "command Enter" regedit ", click" OK "to open the Registry Editor. Then place to: hkey_local_machine\software \Microsoft \Internet Explorer \Main, HKEY_CURRENT_USER \Software \Microsoft \Internet Explorer \Main and HKEY_USERS \ IFAULT \Control Panel three children, you will find that there is a value item called "Window Title" under them (it is also possible Only one place, the key is to modify the hkcu value item), right-click this value item, select "Modify" to the Pop-up menu, modify it to the default "Microsoft Internet Explorer" or any you want to see The statement, finally closes the registry editor and open a new IE browser window, you can see the effect you set. 4. Outlook title bar is modified, this is relatively small, at least I have never encountered, just there Netizen wrote to ask, I know that some people actually boring this level. But it doesn't matter, it's the same, it is equally simple, open the registry editor, locate: hkey_current_user \Software \ Microsoft\outlook Express subkey, Find value item "Window Title", and modify the "Window Title" value as the method of modifying the IE browser. Finally close the registry editor and restart Outlook to see the effect. 5. The home page of the IE browser is modified It may be a problem that the current netizen reflects the most. Solve this problem when the start is very simple, select: "Tool" - "General" in the IE menu, in the "Main page" column Changes. However, with the development of the situation, the situation is increasing: Some webmasters combine multiple scripts, resulting in the consequences of the home page to be modified, IE "home page" option is also disabled (button) State in gray! However, no problem, now we will solve this problem. Please open the registry editor. Position to: hkey_local_user \internet Explorer \Control Panel and HKEY_CURRENT_USER \Software \Policies \Microsoft \Internet Explorer \Control Panel Two children, you will find a DWORD value named HomePage, the value is: 1, do not hesitate, delete it directly, or change the value to 0. Then close the registry editor, open an IE browser, click "Tool" - "Internet Options" - "General", you will find the button that is gray-gray modified IE homepage has been restored to editable status.
At this point you can set the home page of your browser with your own preference. 6. The default page and blank page of the IE browser is modified to open the registry editor, locate: hkey_local_machine\software ∎Main child, modify the value of default_page_url (the original IE's default page is http: //www.microsoft.com/isapi/redi...&ar=msnhome). Positioned to: hkey_current_user \Software \Microsoft \Internet Explorer \Main child, modify the value of Local Page. 7. Each page will pop up a web page If you pop up, you will pop up an IE browser, then please remember the URL in the address bar, then open the registry editor, locate: hkey_current_user \Software\Microsoft \ Windows \current_user \Run HKEY_CURRENT_USER \SOFTWARE ∎Microsoft \Windows \currentVersion \RunOnce See if there is a value item with this URL under this subkey, if there is, delete it. No more browser pops up when booting. However, the road is one foot, the magic is one foot, sometimes it is not possible to solve the problem. In this case, you can choose this situation in the menu of the registry editor; edit "->" Find .... ", enter the URL that is automatically opened when you enter the boot during the Find dialog box, then click" Find Next ", delete the value item. In addition, if you are a user using Win98, enter" Msconfig "in the" Run "dialog in the Start menu, click OK, open" system configuration Program "and click the" Start "tab to check if there is a suspicious startup item, please disable it (remove the procedure before the program), then restart the system to view the effect. If you are Win2000 users, you can copywin98 or "System Configuration Utility" under WinXP 8. Popping a certaint box after each boot This is a prompt box after Windows login, and Win98's users can freely define the contents of the prompt box in the group policy. You can also edit it in the registry. Open the registry editor, locate: hkey_local_machine\software ing\microsoft \Windows \CurrentVersion \WinLogon This primary key is "LegalNoticeCaption" and "LegalNoticeText" two value items. They define the title and body content of the prompt box. Delete these two values items. 9. The mouse button of the IE browser is disabled to open any of the web pages, and the mouse button cannot pop up the menu option. This has caused a lot of inconvenience to many friends who often internet.
As above, open the registry editor, locate: hkey_current_user \Software ∎Policies \ Microsoft \Internet Explorer \RESTRICTIONS, there is a "NobrowserContextMenu" value item that is 1 DWORD value under this subkey, deleting it. 10. Right-click menu is added to the website link, many friends will suddenly discover in unintentional, I don't know when I have a "welcome to the xxxxxx website" option. After clicking, I will open the browser to enter this website. . In fact, this is often through the script program to do a hands and feet in the registry. I first encountered this situation in 5 or 6 years ago, at that time, the 3721 website used this technology, and at the right-click menu of the visitor plus the shortcuts of their website. The method of solving is also very simple, positioned to: hkey_current_user \Software\Microsoft \Internet Explorer \MENUEXT, take a closer look at the child below, delete you don't want it. Of course, you can also add your own shortcuts in this format, such as the usual website, and more. However, if you are not familiar with the registration table, it is recommended that you first make a backup and modify. 11. The icon on the desktop disappears if you turn on the computer, find that it is empty on your desktop, and an icon is gone, what do you think? Needless to say, this ten eight nine is "Internet access to the disaster". If you want to recover, localize the registration table to: hkey_current_user \currentvers \Policies \ ',, find the "nodesktop" value, right-click, select "Modify" (or simply delete), Turn it to 0, restart your computer. Look, is it to return to your familiar desktop ^ _ ^? 12. IE toolbar (menu) is added to the website link, everyone knows, we often use software such as flashget, ICQ, etc., add their shortcut to the IE toolbar (menu). Some websites now modify the registry through malicious scripts to achieve the same effect. Let us solve this problem, please position the registration table to: hkey_local_machine\@software\microsoft @Ternet Explorer \Extensions, you will see that there is some similar "{xxxxxxx-xxxxxxxxxxxxxx under this primary key" {xxxxxx-xxxxxxxxxxxx } "The child, carefully check it out, you will understand that these sub-keys are the key to solving the problem, now you only need to delete the sub-key that contains the malicious website link. Also, if you have a value item that is the same key value with the same key value of the same {x ... x} with the same key value, please delete it.
