1. Home > Virus prevention >

Stop the virus to the end-chase down a series of malicious web attacks

After a walk on the Internet, I found that the homepage of the IE browser was changed to a malicious website, and the browser's default search engine was also changed to the search engine of the malicious website. The "Navigator" was attacked by a malicious webpage virus.

   downloaded a lot of virus-killing tools from the Internet, and the check results all prompted "your registration form has been modified". Press the "Repair" button to restore the IE settings as before. I don’t want to start the computer again and find that the IE homepage and search engine have changed back to the malicious website. Is it infected with a vicious virus?

  Since a malicious webpage virus appears every time the computer is restarted, the problem must be related to the startup. Run the "Msconfig" program to view the startup items, which are basically all the system files needed when the system is started, it seems nothing. Suddenly there was an item that caught my attention. The project name was "System" and the project value was "regedit /sc:\system.reg". I quickly returned to the root directory of the C drive to find "System.reg" and opened it with Notepad. The content is as follows:

  REGEDIT4

  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

  "Start Page"="

"Search ****.com ""Search Page"="

  "Search ****.com "

  "Search Bar"="http://** **.com/"

  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

  "system"="regedit /sc:\system.reg"

   is it! Disguised as a system file, remove the "√" in front of "System.reg" in the startup item of "Msconfig" (a more thorough approach is to enter the registry and set "HKEY_LOCAL_MACHINE\Software\Microsoft\ Delete the "System" item under Windows\CurrentVersion\Run"), and delete the "System.reg" in the root directory of the C drive.

   So far you are done. After restarting the computer, the "Navigator" settings will no longer be tampered with.

  Summary of chasing serial malicious webpage viruses:

  1. Keep anti-virus software and tools for removing malicious webpage viruses;

  2. Use the "Msconfig" tool (Windows 2000 users can copy the "Msconfig.exe" file in the System directory of Windows 98 to the System32 directory of Windows 2000 to use it). No abnormal items.

  3. Look for files whose creation time is misplaced by these malicious websites on the hard disk, especially under the root directory of C drive, Program Files directory and operating system directory.

This article is published by www.internetweblist.com and does not represent the position of www.internetweblist.com/:http://www.internetweblist.com/Virus prevention/21837.html

Contact Us

Online consultation:click here to give a message