Wednesday, September 29, 2010

Teach you a maliciously modify the registry woes



One day a friend called for help, the computer starts automatically open a series of Web pages, and constraints on the Home Properties window changes, so that he is distressed. I quickly rushed to repair the machine. If you ask how his excellent, please listen to my thin to have been.

Remedial

1, solve the registry is disabled

Implementation of the floppy disk in the "unlockreg.reg" file, this file is to use Notepad to create a REG file for the extension name, file name can be customized as follows:

REGEDIT4 blank line [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem] "DisableRegistryTools" = dword: 00000000

Note that, in the "REGEDIT4" must be upper case (if you are a Windows 2000 or Windows XP users, please "REGEDIT4" written as "Windows Registry Editor Version 5.00)", and later to an empty line, and "REGEDIT4" in the "T" and "4" must not have spaces between, or else ... ...

Registry solved, the following should remedy, modify the registry.

2, solve the IE properties page can not be modified

Open the Registry, expand the registry to HKEY_USERS.DEFAULTSoftwarePoliciesMicrosoftInternet ExplorerControl Panel under the "homepage" of the keys from "1" to "0" to, or simply to "Control Panel" can be deleted!

3, modify the title bar of IE

HKEY_LOCAL_MACHINESoftwareMicrosoftInternet ExplorerMain HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain

Found in the registry for more than two primary key, be under the "Window Title" primary key change "Microsoft Internet Explorer" can.

4, IE default connection page is modified

The registry entries are changed to: HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMainStart Page to key changes to your favorite URL.

5, remove the program from running

Open the "HKEY_CURRENT_USER Software Microsoft Windows CurrentVesion" and "HKEY_LOCALMA CHINESoftwareMicrosoft WindowsCurrentVersion", under which the RUN folder, there are many began to run when Windows starts the procedure, but in the menu "Start / Programs / Startup" is not found in . The self-running programs can be deleted.

Six, right-click menu in web advertising

Expand the registry to HKEY_CURRENT_ USERSoftwareMicrosoftInternet ExplorerMenuExt, in the IE context menu to display additional settings are here, the common "network ant" and "FlashGet" right-click the downloaded information is also stored here, only to find the primary key of display ads entries can be deleted.

7, when the prompt start

In fact, this setting has nothing to do with IE, but the Windows login prompt, but some pages of its recent action on the brain, in the window advertising.

Subject to change registry project: HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon been established in his next string "LegalNotice-Caption" and "LegalNoticeText", which "LegalNoticeCaption" is the title of boxes, "LegalNoticeText" is the text boxes. This makes every time we log on to the Windows desktop, a prompt window before they appear to show ads on those pages of information.

8, to restore the "Run" option

Expand the registry to HKEY_USERS / .DEFAULT / Software / Microsoft / Windows / CurrentVersion / Policies / Explorer, on the right side column "NoRun" the key from "1" to "0" button, or " NoRun "can also be deleted.

After some hard changes, completely removed some malicious code on the site constraints on the system, but do not care if they visited the site, would not they repeat the same mistakes, in fact, you can do some settings in IE, so never access to the site: Open IE, click on "Tools 鈫?Internet Options 鈫?Content 鈫?Content Advisor", click [Enable] button will bring up "classification review" dialog box, then click on the "Approved Sites" tab, enter the do not want to Web site URL, press [never] button, then click [OK] that is done!

Precautionary measures

The above solution is the worst, to a similar situation does not occur, the best policy is to strengthen prevention, the preventive measures I mentioned are some suggestions:

1, to avoid the trick, the key is not easy to go to his site do not know, especially those who look beautiful and attractive web site not to rush to, or are you often suffer.

2, since such pages are pages containing harmful code, ActiveX documents, it will set the IE plug-ins and ActiveX controls, Java scripts, and all could be avoided in the prohibition of bills. The specific method is: in IE window, click on "Tools 鈫?Internet Options" dialog box that pops up, select "Security" tab, then click the [Custom Level] button, will pop up "Security Settings" dialog box, to which All ActiveX controls and Java-related plug-ins and all the options "Disable" button. However, this website in the future course of normal use may cause some ActiveX can not browse the website. Then there's disadvantages, you still can figure it out.

3, it is recommended to install Norton AntiVirus 2002 V8.0 antivirus software, this software has to modify the registry through the IE code is defined as Trojan.Offensive, increased the Script Blocking feature that will monitor such mischief, and to intercept.

4, since these pages are by modifying the registry to destroy our system, we can advance to the registry lock: No modify the registry, so that you can achieve the objective of prevention. However, they have to use the Registry Editor Regedit.exe how to do? So we still had prepared a "key" to open this "lock"!

Lock as follows:

Expand the registry to HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem, create a DWORD value called DisableRegistryTools, and its value to "1", can prohibit the use of Registry Editor Regedit.exe.

5, on Windows 2000 users, can also be put in service under Windows 2000 inside the Remote Registry service operation "Remote Registry Service" disabled, to deal with such pages. The specific method is: click on "Administrative Tools 鈫?Services 鈫?Remote Registry Service (allow remote registry operations)", this one can be disabled.

6, upgrade your version of IE 6.0, you can effectively prevent the above symptoms.

7, download Microsoft's latest Microsoft Windows Script 5.6, can prevent the phenomenon mentioned above, can prevent the current epidemic, hateful mixed passenger and unfeeling bomb.






相关链接:



QT to WMV



Stan Shih: I would like to share my Experience



Dawn set sail: Shenzhen Deng Yihui (3)



FLV to SWF



How to become a DBA from a Beginner



UT Starcom orders by the Indian IPTV operator



What rod dealer Outlets



The Reliability Of SAS



ASP test two simple functions external to submit



Flash MX OVERVIEW 1



Flv to zen mozaic converting guide



Compare Games And Entertainment



Expert Audio VIDEO Tools



Compilers And Interpreters Report



WMV to QT



"Grey Dove" into a small penguin confuse users into a "chicken"



No comments:

Post a Comment