Network security is now attracting increasing attention, today, Xiao Bian shopping software park and found a post malicious code on web pages - "page six against malicious code and solutions", surely we would havehelp.Before looking at stickers, let's look at what is malicious code page.
Malicious code page (also known as web virus) is a Web page to destroy the virus, with some SCRIPT malicious code written by some of IE's vulnerability to achieve viral implantation.Web technology is based on malicious code WSH, the common Chinese translation of the "Windows Script Host."When the user logs on pages containing the virus in some sites, the page will be quietly activated the virus, these viruses once activated, the system can be used to destroy some of the resources.
First, the tampering with IE's default page
Some IE start page is changed, even if set the "Use Default" is still valid, because the default page for IE start page has also been tampered with.
Specifically, the following registry key is modified: HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMainDefault_Page_URL "Default_Page_URL" The key sub-keys that start page's default page.
The solution:
Run the Registry Editor, and then expand the sub-key, "Default_Page_UR" key in the sub-keys that get rid of tampering with the site URL on the line, or set the default value for the IE.
Original post link: http://softbbs.it168.com/thread-495683-1-1.html
Second, modify the IE browser default home page, and set the key lock to prohibit users from changing
Modify the registry key is set in IE the following key (DWORD value of 1 is not optional):
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel "Settings" = dword: 1
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel "Links" = dword: 1
HKEY_CURRENT_USERSoftwarePoliciesMicrosoftInternet ExplorerControl Panel "SecAddSites" = dword: 1
The solution:
Will be above the DWORD value to "0" to recovery.
Third, IE default home page is not an optional gray button
This is because the registry HKEY_USERS.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel DWORD value under the "homepage" of the key reasons being modified.
The original key is "0", was revised to "1" (ie non-optional status of gray).
The solution:
The "homepage" the key to "0".
IV, IE context menu is modified
Modify the registry by the project: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt the page under the ads by the new information, and thus appears in IE context menu!
The solution:
Open up Standard Editor, locate HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMenuExt, you can delete the provisions of relevant ads, be careful not to download the software, FlashGet and Netants also removed the two, but "normal" unless you do not want to see the IE context menuthem.
V, IE default search engine is modified
In the IE browser's toolbar has a search engine tool button, can web search, has been tampered Just click on the search button will link to the altered site.This phenomenon is due to the following registry is modified:
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchCustomizeSearch
HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerSearchSearchAssistant
The solution:
Run the Registry Editor, expand the sub-key, "CustomizeSearch" and "SearchAssistant" the key to a search engine URL.
Sixth, the system pop-up dialog box at startup
Subject to change registry entries are:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon
Was established in its next string "LegalNoticeCaption" and "LegalNoticeText", which "LegalNoticeCaption" is the prompt box title, "LegalNoticeText" is the prompt text box.Because of their presence, to make the desktop every time we log on to Windwos a prompt window before they appear, showing that the advertising information page!
The solution:
Open the Registry Editor, locate the
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon
This is a primary key, and then find the right window, "LegalNoticeCaption" and "LegalNoticeText" these two strings, remove the two strings can be resolved when the login prompt box phenomenon.