A quick way to remove malicious web viruses

Today, the web is one of the essential channels for people to get information in their lives. With the development of the information age, the status of the network has become more and more important. However, there are also many flaws in the developed network. The web virus is a headache for many users. In fact, we all have had the experience of being attacked by web viruses. For example, after a certain online roaming, it was found that the home page of IE browser was changed to a malicious website, and the browser default search engine was also changed to the search engine of the malicious website. , "Navigator" was attacked by a malicious web virus …… What should I do at this time? The following will guide you to remove malicious web viruses.

A public computer of the unit is connected to the Internet. It is not long before it is infected by a malicious web virus. The following symptoms occur: Open IE browser and automatically enter a name called “Long” URL. Home & rdquo; URL Daquan class website, open "Internet Options", found that the home page is set to "a URL",

When using the "search" function, the search is also found Being redirected to “ other URLs is really annoying.

So I ran the registry editor and used the "Find & rdquo; function to find all the content modified by the malicious webpage with the keyword "all sites" and all changed back to the original value. Who knows that after restarting the system, open IE browser and found that the malicious website is automatically opened, and other places have been modified. It seems that things are not as simple as imagined. This malicious website must have been done at system startup. What kind of hands and feet!

Then enter “msconfig” in “run", open the system configuration utility, and find all the items in the System.ini, Win.ini, and "start" items Starting the project, I finally found two extremely suspicious key values ​​in the "Startup" item. Although one is the default key value, a key name is "ld"; win”, but the key value data of both is "regedit -s c:windowswin.dll". By looking up Regedit's related commands, the function of this command is to import a registry script file, and the parameter is to let it be automatically imported in the background, but this is followed by the file "Well.dll". Will it be a dynamic link library file? Is this just a superficial phenomenon, so use Notepad to open this "Win.dll" file, found that this is a text format file, but only modified the extension.

I analyzed this "Win.dll" file, the original system is always automatically modified by malicious means that it is working. Found the crux, of course, the solution is to delete this key, and delete the "Win.dll" file, but I suddenly thought that since malicious websites can use this file to add key-value data, why do I not use this file again, to answer the teeth , let it also automatically restore the maliciously modified key value? So I modified the file as follows:

REGED99v4

[empty one line]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]

@=""

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]

"win"=-

[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerMain] Previous12Next Total 2 page