病毒安全知识,电脑网络技术,手工杀毒方法,答疑解决笔记

导航

« 重新启用验证码手机决定3G »

打开控制面板显示网页的处理方法

  在电脑报论坛看到有人的IE主页被www.71528.com劫持,在桌面生成假冒的IE图标,这些倒容易处理,用金山急救箱就可以清除修复IE主页,不过还有一个症状,打开系统中的控制面板也会打开www.71528.com,虽然用急救箱可以使恢复正常,但控制面板窗口的标题与地址栏上却显示“Internet Explorer”。这个问题的修复方法是:将注册表中的HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}下,在右边的窗口中删除“(默认)”的值(即保留空值)。

  为了把自己的网址留在被入侵电脑的系统中,可谓无所不用其极,从刷新桌面弹出网页按ALT+T弹出网页,到打开控制面板也被绑架,方法真多。特地收集注册表中有关控制面板的项目罗列如下(以下以XP为例,可复制到文本文件中,另存为.reg文件,双击导入注册表修复有关问题),由于本例中没有见到控制面板是怎么显示劫持网页的(被金山急救箱直接修复了),不过我想应该也藏在其中吧:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}]
@=""
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,33,00,31,00,33,00,36,00,31,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,\
00,37,00,00,00

[HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\ShellFolder]
"Attributes"=dword:00000000
"HideAsDeletePerUser"=""
"WantsFORDISPLAY"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}]
@=""
"InfoTip"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\
6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,\
00,53,00,48,00,45,00,4c,00,4c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,\
2d,00,33,00,31,00,33,00,36,00,31,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\DefaultIcon]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\
65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,33,\
00,37,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\InProcServer32]
@="shell32.dll"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}\ShellFolder]
"Attributes"=dword:00000000
"HideAsDeletePerUser"=""
"WantsFORDISPLAY"=""

另附金山急救箱的下载地址:http://labs.duba.net/jjx.shtml


>> 除非说明均为原创,如转载请注明来源于http://www.stormcn.cn/post/654.html

  • 收藏文章:
  • 新浪微博:
  • 微信订阅号
    微信订阅

最新发表

本站出现的所有广告均不代表本人及本站观点立场 | 关于我 | 网站地图 | 联系邮箱 | 返回顶部
Copyright 2008-2016 www.stormcn.cn. All Rights Reserved. Powered By Z-Blog. 闽ICP备09000343号

闽公网安备 35010202000133号