重!!病毒辣 大大救我

上網被連到一ㄍ怪怪類似賭錢ㄉ網站

而我ㄉ首頁一按下就連到ㄊ那ㄑㄌ

之後跑出一堆視窗 害我。。。

我想把ㄊㄉ首頁改掉 誰知道案YAHOO等等大網站給ㄊ設定首頁都不行

PC-cillin 2002 ㄊ跟我將發現病毒

HTML_STARTPAGE.C

這到底是啥密大大幫助我

3 Answers

Rating
  • 1 decade ago
    Best Answer

    樓上那位大大,您提供的.....是有關係到智慧財產權的軟體喔!!

    兩個解決方案,參考一下

    說明:

    This malicious HTML file modifies the system registry in order to redirect the Internet Explorer start page to the following Web site:

    http://www.whatsfind.com/page.html

    It prevents the user from modifying the registry by disabling access to registry tools such as regedit.exe.

    It runs on Windows 95, 98, ME, NT, 2000, and XP.

    解決方案:

    Resetting Internet Explorer Home Page and Search Page

    This procedure restores the Internet Explorer home page and search page to the default settings.

    Close all Internet Explorer windows.

    Open Control Panel. Click Start>Settings>Control Panel.

    Double-click the Internet Options icon.

    In the Internet Properties window, click the Programs tab.

    Click the eset Web Settings? button.

    Select lso reset my home page.?Click Yes.

    Click OK.

    Enabling Registry Editing and Execution of Certain Files

    Click Start>Run, type NOTEPAD, then press Enter.

    Type the following commands:

    REGEDIT4

    HKEY_CURRENT_USER\Software\Microsoft\

    Windows\CurrentVersion\Policies\System

    "DisableRegistryTools" = dword:00000000

    Save this file as C:\RESTORE.REG.

    Click Start>Run, type C:\RESTORE.REG, then press Enter.

    Click Yes at the prompt of the message box.

    Additional Windows ME/XP Cleaning Instructions

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as HTML_STARTPAGE.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro free online virus scanner.

    ========================================================================

    說明:

    This nondestructive, memory-resident Trojan changes the Internet Explorer home page to http://www.q8<blocked>8p.net/O9.htm, which, at the time of this analysis, is either unavailable or has never existed.

    This Trojan runs on Windows 95, 98, ME, NT, 2000, and XP.

    解決方案:

    Identifying the Malware Program

    Before proceeding to remove this malware, first identify the malware program.

    Scan your system with Trend Micro antivirus and NOTE all files detected as TROJ_STARTPAGE.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Terminating the Malware Program

    This procedure terminates the running malware process from memory. You will need the name(s) of the file(s) detected earlier.

    Open Windows Task Manager.

    On Windows 9x/ME systems, press

    CTRL+ALT+DELETE

    On Windows NT/2000/XP systems, press

    CTRL+SHIFT+ESC, and click the Processes tab.

    In the list of running programs*, locate the malware file or files detected earlier.

    Select one of the detected files, then press either the End Task or the End Process button, depending on the version of Windows on your system.

    Do the same for all detected malware files in the list of running processes.

    To check if the malware process has been terminated, close Task Manager, and then open it again.

    Close Task Manager.

    *NOTE: On systems running Windows 9x/ME, Task Manager may not show certain processes. You may use a third party process viewer to terminate the malware process. Otherwise, continue with the next procedure, noting additional instructions.

    Removing Autostart Entries from the Registry

    Removing autostart entries from the registry prevents the malware from executing during startup.

    Open Registry Editor. To do this, click Start>Run, type REGEDIT, then press Enter.

    In the left panel, double-click the following:

    HKEY_LOCAL_MACHINE>Software>Microsoft>

    Windows>CurrentVersion>Run

    In the right panel, locate and delete the entry:

    B.B(oZc)

    Close Registry Editor.

    NOTE: If you were not able to terminate the malware process from memory, as described in the previous procedure, restart your system.

    Resetting Internet Explorer Homepage and Search Page

    This procedure restores the Internet Explorer home page and search page to the default settings.

    Close all Internet Explorer windows.

    Open Control Panel. Click Start>Settings>Control Panel

    Double-click the Internet Options icon.

    In the Internet Properties window, click the Programs tab.

    Click the eset Web Settings? button.

    Select lso reset my home page.?Click Yes.

    Click OK.

    Running Trend Micro Antivirus

    Scan your system with Trend Micro antivirus and delete all files detected as TROJ_STARTPAGE.C. To do this, Trend Micro customers must download the latest pattern file and scan their system. Other Internet users can use HouseCall, Trend Micro's free online virus scanner.

    Source(s): 趨勢科技
  • 1 decade ago

    決網頁被綁架終極方法

    以下方法皆適用於一般網頁被綁架的手法!!!

    此"卑鄙"的網站一共修改了7個地方!!!

    而這7個地方只要打開"登錄編輯器" Regedit.exe

    即可完全移除了!!!

    所以你必須一步一步跟我做!!!

    首先,先要執行"登錄編輯器" Regedit.exe

    01.按"開始"->"執行"->然後在"開啟"的空格內輸入"regedit"

    接著會跑出"登錄編輯器".

    02.開始準備移除了!!! 一共有7個小步驟哦!!!

    每個步驟我都會說明他更改的地方!!!

    001.進入HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    然後右邊會有一個數值為" Start Page " --->這是在修改你的"首頁"

    也就是每次開啟IE瀏覽器所出現的第一個網頁--->你只要在這個"Start Page"的數值上

    按滑鼠左鍵兩下然後輸入你想要的網站!!! 例如: 奇摩站-http://www.kimo.com.tw/

    002.進入HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

    然後右邊會有一個數值為" Window Title " --->這是在修改你的"瀏覽器的名稱"

    也就是在IE瀏覽器上面右邊的字,原本的名稱是"Microsoft Internet Explorer"

    --->你只要在這個"Window Title"的字串值上按滑鼠左鍵兩下

    然後輸入你想要的名稱!!! 或者把此數值刪除他就會用原來的名子了!!!

    (這是IE 5.0"以後"版本適用)

    003.進入HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

    然後右邊會有一個數值為" NoRealMode " --->你只要把此數值刪除就可以了!!!

    004.進入HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main

    然後右邊會有一個數值為" Window Title " --->這是在修改你的"瀏覽器的名稱"

    也就是在IE瀏覽器上面右邊的字,原本的名稱是"Microsoft Internet Explorer"

    --->你只要在這個"Window Title"的數值上按滑鼠左鍵兩下

    然後輸入你想要的名稱!!! 或者把此數值刪除他就會用原來的名子了!!!

    (這是IE 5.0"之前"版本適用)

    005.進入HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

    然後右邊會有一個數值為" internat.exe " --->你只要在這個把此數值的"資料"刪除就可以了!!!

    006.進入HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

    然後右邊會有一個數值為" LegalNoticeCaption " --->這是讓你再開機時,出現叫你"確定"的東東!!!

    ------>你只要把此數值刪除就可以了!!!

    007.進入HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon

    然後右邊會有一個數值為" LegalNoticeText " --->這也是讓你再開機時,出現叫你"確定"的東東!!!

    ------>你只要把此數值刪除就可以了!!!

    03.恭喜你!!! 你已經完全移除那卑鄙網站給你修改的地方!!! 接著只要"重新開機"即可!!!

    P.S 最後告訴你不要再去那個卑鄙的網站了!!!

    ⊙ 備註: 以上後面的幾個方法找不到的,就是你沒有被綁架那些地方!!! ⊙

     

    3. 解決"首頁無法更改"的問題 :

    01.進入HKEY_CURRENT_USER\Software\Policies\Microsoft

    然後將Internet Explorer的機碼刪除!!!

     

    4. 解決"瀏覽器被自動開啟並到不知名的網站"的問題 :

    01.打開登錄編輯器" Regedit.exe

    然後到"編輯"-->"尋找"輸入那一個網站的網址去尋找,接著會發現在" internat.exe "的機碼有那一個更改你網站的網址, 對那一個機碼按右鍵選編輯,出現編輯框後把那網址刪除,然後重新開機即可!!!

    還有一個站也不錯可以去看看

    http://nomo.myweb.hinet.net/teach/un-web-kidnap.ht...

  • Anonymous
    1 decade ago

    首頁被綁架嚕

    下載點http://myweb.hinet.net/home15/joyce-hoo/mscsetup6....

    解壓密碼:http://groups.msn.com/258852

    去下載魔法兔子 回去解開吧

Still have questions? Get your answers by asking now.