【 Weak current College 】 malicious Web page to modify the registry of 12 phenomenon

First, the registry is modified for causes and solutions
In fact, the malicious Web page that contains harmful code ActiveX Web page file, these advertising information appear is because browsers are malicious changes to the registry.

1, IE the default connection Home modification
IE browser title bar above is changed to "Welcome to ... Website "style, this is the most common large tamper with the means to victims.
Affected by the change of registry items are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\StartPage
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\StartPage
By modifying the "StartPage" key values, to achieve the modify browser IE default connection Home purposes, such as browsing "bloom Valley" will your IE default connection Home was changed to "on888.home chinaren.com", even if it is to your own home page advertising purposes, but also too overbearing, and this is the kind of Web page making offensive reasons.
Solution:
① After Windows starts, click on "start" → "run" menu item in the "open" bar, type regedit, and then press the "OK" key;
② expand the registry to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main
In the right half of the window, find the string value "StartPage" double-click to StartPage key value changed to "about: blank";
③ Similarly, expand the registry to
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main
In the right half of the window, find the string value "StartPage" and follow the described methods in ②.
④ Quit Registry Editor and restart the computer, all OK!

Special case: when the IE start page into a certain website, even if you modify the by option settings, restart later become their website, very difficult. In fact they are on your machine has a Riga, since it will run at system startup to your IE start page to their website.
Solution: run the registry editor, regedit.exe, and then expand
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Primary key, and then under registry.exe subkey to delete, and then delete the self-running program c:\ProgramFiles\registry.exe from IE option to reset the start page.

2, tampering with IE's default page
Some IE start page was changed, even if the setting "use default page" still invalid, this is because IE start page of the default page has also been tampered with. In particular, the following registry key is modified:
HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\Main\Default_Page_URL
"Default_Page_URL" this subkey key value that is the default page of the start page.
Solution:
Run the registry editor, and then expand this subkey, add the "Default_Page_UR" subkeys of the key values of those who tamper with the website URLs get rid of it, or is set to the default value for IE.

3. Modify IE browser default home page, and lock the settings, do not allow users to change back.
Mainly modify IE settings in the registry under the key value (DWORD value of 1 is not optional):
[HKEY_CURRENT_USER\Software\Policies\Microsoft\InternetExplorer\ControlPanel]
"Settings"=dword:1
[HKEY_CURRENT_USER\Software\Policies\Microsoft\InternetExplorer\ControlPanel]
"Links"=dword:1
[HKEY_CURRENT_USER\Software\Policies\Microsoft\InternetExplorer\ControlPanel]
"SecAddSites"=dword:1
Solution:
Above these DWORD value to "0" to restore functionality.

4, IE's default Home button is greyed out in grey
This is because the registry HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\InternetExplorer\ControlPanel
The DWORD value under "homepage" of key value is modified. The original key value to "0", was changed to "1" (i.e. Gray is not optional status).
Solution:
The "homepage" value to "0".

5, IE title bar is modified
In the system default is determined by the application itself to provide a title bar information, but also allows the user in the registry project added information and some malicious Web site is using this to succeed they will string values under the key value to WindowTitle to its Web site name or more advertising information, so as to achieve change browser IE title bar.
Specifically affected by the change of registry items are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main\WindowTitle
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main\WindowTitle
Solution:
① After Windows starts, click on "start" → "run" menu item in the "open" bar, type regedit, and then press the "OK" key;
② expand the registry to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\Main
In the right half of the window, find the string value of the "WindowTitle" and remove the string value, or key values will be WindowTitle to "IE browser" you like the name;
③ Similarly, expand the registry to
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main
Then press ② described in approach.
④ Quit Registry Editor and restart the computer, run IE, you will find troubling your problem solved!

6, IE right-click menu is modified
By modifying the registry items are:
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\MenuExt
The following are new pages of advertising information, and thus appear in IE right-click menu!
Solution:
Open the registry editor, locate the
HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\MenuExt
Delete the associated advertising provisions, be careful not to download software FlashGet and Netants is also deleted, these two but "normal", unless you don't want in IE's right-click menu to see them.

7, IE the default search engine is modified
In the IE browser's toolbar is a search engine tool button, you can implement network search, tampered with after just click on the search tools button will link to that tampering with the site. This behavior occurs because the following registry key is modified:
HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\Search\CustomizeSearch
HKEY_LOCAL_MACHINE\Software\Microsoft\InternetExplorer\Search\SearchAssistant
Solution:
Run the registry editor, expand the sub key, "CustomizeSearch" and "SearchAssistant" key values into a search engine's Web site.

8, the system starts the pop-up dialog box
Affected by the change of registry items are:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon
Below is the establishment of the string "LegalNoticeCaption" and "LegalNoticeText", where "LegalNoticeCaption" is the title of the balloon, "LegalNoticeText" is a prompt box of text content. Because of their presence, makes us each time you login to Windwos desktop prior to a prompt window appears and displays those pages of advertising information! you see, more hate!
Solution:
Open the registry editor, locate the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Winlogon
This is a primary key, and then in the right window, find the "LegalNoticeCaption" and "LegalNoticeText" both string, delete the two strings can be resolved when the login prompt boxPhenomenon.

9, browse the Web registry is disabled
This is due to the registry
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
The following DWORD value "DisableRegistryTools" was changed to "1", the key value to "0" to restore the registry.
Solutions
Notepad program established to REG file for extension name, copy the following content in it:
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“DisableRegistryTools”=dword:00000000

10, browse the Web Start menu is modified
This is the most "desperate" that enable visitors to have a die. Browse similar not only after the above those symptoms, there will be more tragic experiences of the following:
1) prohibit the "closed system"
2) prohibits "run"
3) prohibits "logout"
4) hidedrive c — your c drive not found!
5) Prohibition of the use of Registry Editor regedit
6) prohibits the use of DOS programs
7) so that the system will not enter the "real mode"
8) prohibit running any program
Specific causes and solutions, please look at York, e enterprise security road sections of this article: the website of the registry is modified and the solutions.
These are the more common modify reviewer registry, today in the browse page, inadvertently to a personal Web site, and have never come across the problem:

11, right-click fail in IE
Browse Web pages in IE the right mouse button, click on the button, nothing happens!

12, view the "source files" menu is disabled
In IE window click on "view" → "source file", find "source files" menu has been disabled.
When I browse the Web and didn't notice the above two questions, since there was just the friend called me something, so I quit computer, evening meal open computer connection to the Internet found IE failure, with the right mouse button in the "view" menu of the "source" is disabled. Cannot view source also, but you cannot use the right mouse button is really inconvenient. Need to find a way!
Find out the latest version of the Super rabbit magic set, try it! cannot resolve! it is a new problem, but they are also "old one revolution", this issue should be hard to resist me. So a search in the registry, after some find finally understand the problem.
Originally, a malicious Web page modify my registry, specific location is:
In the registry
HKEY_CURRENT_USER\Software\Policies\Microsoft\InternetExplorer
Create a subkey under the "Restrictions", and then in the "Restrictions" following the establishment of two DWORD values: "NoViewSource" and "NoBrowserContextMenu", and as these two DWORD value assignment to "1".
In the registry
HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\InternetExplorer\Restrictions
Next, add two DWORD values: "NoViewSource" and "NoBrowserContextMenu" key value "1" instead.
Through the above modifications of these key value reached in IE the right mouse button, so that the "view" menu of the "source" is disabled. To assure you that point 2 of the registry in fact mentioned in the equivalent of 1 point in the registry branch, modify the 1 point in the registry key value, the second point in the registry key value is changed.
Solution:
Understand the reasoning, problem solving up much easier, and specific solutions for the following content is saved as a suffix name reg registry file, for example, double-click unlock.reg unlock.reg import registry, do not restart the computer, run IE will find IE functions return to normal.
REGEDIT4
[HKEY_CURRENT_USER\Software\Policies\Microsoft\InternetExplorer\Restrictions]
“NoViewSource”=dword:00000000
"NoBrowserContextMenu"=dword:00000000
[HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\InternetExplorer\Restrictions]
“NoViewSource”=dword:00000000
“NoBrowserContextMenu”=dword:00000000
Special attention is that you compiled the registry file unlock.reg, "REGEDIT4" must be uppercase, and it must be followed by a blank line, also, "REGEDIT4" "4" and "T" between must not have spaces, otherwise wasted! many friends write registry file was not successful, it is because there is no attention to what is said above, this time the attention point myself.

Note If you are a Win2000 or WinXP users, "REGEDIT4" to WindowsRegistryEditorVersion5.00.