The most obvious IE anti-hijacking strategy

Software name: HijackThis
Software version: 1.98.2
License: Free software
Software size: 178KB
Download address

"The network is terrible!"
"Hmm?"
"It's really scary, my IE has been hijacked by terrorists!"
Another friend came to complain about his tragic experience, responsible for the "hacker front" The little zaphay can no longer sit still, and must stand up for a fight against justice in anti-hijacking. So he recommended the following skills to his friends.

Since I have been on the broadband network, I often encounter different malicious code, which is a headache. But every time I repel these "terrorists", it is a small victory for me, and at the same time my experience is constantly accumulating. Now let these experiences come out and share with you. I hope that the little shrimps who are often “demonized” like me can no longer be harassed by “terrorists”.

IE title and homepage have been modified

This is the favorite thing for malicious code. In fact, it is very easy to deal with this situation. In the registry HKEY_LOCAL_
MACHINESOFTWAREMicrosoftInternet ExplorerMain and HKEY_CURRENT_USER
SoftwareMicrosoftInternet Explorer
Main, find "Window Title", this is the title of IE. What about the homepage? Of course, this is also underneath, the key name is "Start Page", just give the following values ​​to your favorite or default.

IE "Homepage" is invalid

Some malicious code not only modifies the browser homepage, but also changes the "Home" item to IE in the "Internet Options" of IE. status. Dealing with such disgusting things is actually no trouble. Run "gpedit.msc" in the run of the start menu and find "User Configuration" → "Administrative Templates" → "Windows Components" → "Internet Explorer" → "Disable Change Home Page Settings" in the opened Group Policy Editor. Double-click to open the settings dialog, select "Disable", then close all open IEs, and the home page can already be set up when you open it again (Figure 1).

original key here
been added since the launch of the program

This relatively trouble, because more things involved. First check the registry: HKEY_CURRENT_USERSoftware Microsoft WindowsCurrentVersion Run and Runonce, HKEY_LOCAL_MACHINE
SOFTWAREMicrosoftWindowsCurrentVersion Run, RunOnce and RunOnceEx, HKEY_LOCAL_MACHINESOFTWARE
Microsoft Windows NTCurrent Version
Winlogon Shell and Userinit, and HKEY_CLASSES_ROOTexefileshell
opencommand and HKEY_CLASSES_
ROOT xtfileshellopencommand open mode, the rest of the startup items should also pay special attention, because it is often overlooked by anti-virus software. These are not counted, some malicious code even modify the DLL, start with a DLL, this is hard to prevent. Be careful when analyzing, and don't let any suspicious stuff slip past, otherwise you may lose all your efforts. The specific method can be found in the 20th issue of "Net Theft".

Registry Editor is locked

Enter "edit /80 regedit.exe" in the run of the Start menu to open the Registry Editor and find "DisableRegistryTools" (maybe full-width) ), change any one of the letters to something different, then exit the save, so the registry editor can run. Finally, find the DisableRegistryTools item under HKEY_CURRENT_
USERSoftwareMicrosoftWindows
CurrentVersionPoliciesSystem in the registry and delete it directly. This trick is very effective for situations where even registry scripts are locked.

IE Control Hijacking

Eliminating Real IE Hijacking - Control hijacking is very difficult and the steps are cumbersome. The specific method is not much to say, now introduce a small program, it is HijackThis, can help you detect, analyze and restore the hijacked IE. The method of use is very simple. Click the “SCAN” button, after the scan, mark the relevant item to be restored and click “Fix checked”. If you don't know the usefulness of the specific item, you can select the one, click on "Info on selected item", and then the corresponding description will pop up, very detailed (Figure 2).

do not like to put it hook up

This program designed to be more user-friendly, in order to prevent wrong operation, HijackThis leaving backup files at the same time to repair, to cancel regret in future The original repair action. Click the "Config" button to enter the settings interface, select "Backups", select the corresponding item in the list and click the "Restore" button to restore (Figure 3).

here can be recovered
Host file hijacking

This is a very simple but very harmful hijacking means. We know that the host file in the system can resolve the domain name to an IP address locally. If the malicious code quietly modifies the Host file in the system, and modify the IP address corresponding to the website that the netizens often go to the bad website, it will let Netizens were dragged to bad websites during daily web browsing operations. It is conceivable that if there are bad people using this method for fraud, its social harm is quite amazing.

However, the way to deal with it is also very simple. First find the Host file in the system. In Windows 9X, the file is in the Windows directory of the system disk. In Windows 2000/XP, it is located in the Winnt System32DriversEtc directory of the system disk. After finding the file, open it with ordinary text editing software such as Notepad to see if there are strange domain name resolution items, and if so, delete it directly.