【轉貼】解決首頁被綁架之方法大全

顯示結果從第 1 筆 到 3 筆,共計 3 筆
  1. #1
    校長兼撞鐘 阿 土 的大頭照
    註冊日期
    2000-10-09
    所在地區
    SEEDNET 8M
    討論區文章
    11,817

    【轉貼】解決首頁被綁架之方法大全

    很多人常問 IE 首頁被綁架怎麼解決

    問之前可以先看看這位網友整理的資料 , 相當詳細

    http://myweb.hinet.net/home2/nomo/te...web-kidnap.htm



  2. #2
    會員 jerry11 的大頭照
    註冊日期
    2001-08-02
    討論區文章
    555
    個人推薦一套軟體:Hijackthis

    軟體資料:
    ----------------------------------------------------------------------------------------
    軟件大小: 152 KB
    軟件語言: 英文
    軟件類別: 國外軟件 / 免費版 / 瀏覽安全
    應用平台: Win9x/NT/2000/XP
    下載:http://www2.skycn.com/soft/13334.html

    首頁綁架剋星 - HijackThis,它能夠將綁架您瀏覽器的程序揪出來!並且移除之!或許您只是瀏覽某個網站、安裝了某個軟件,就發現瀏覽器設定已經被綁架了,一般常見的綁架方式莫過於強制竄改您的瀏覽器首頁設定、搜尋頁設定,現在有了這個工具,可以將所有可疑的程序全抓出來,再讓您判斷哪個程序是肇禍者!把它給殺了!

    * HijackThis v1.97 *
    Written by Merijn - [email protected]
    http://www.spywareinfo.com/~merijn/files/hijackthis.zip
    http://www.spywareinfo.com/~merijn/index.html

    See below version history for short info on hijack sections.

    * Version history *
    [v1.96]
    * Lots of bugfixes and small enhancements! Among others:
    * Fix for Japanese IE toolbars
    * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
    * O19 (user stylesheet) now only checks for known bad filenames
    * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
    * Added several files to the LSP whitelist
    * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
    * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
    [v1.95]
    * Added a new regval to check for from Whazit hijack (Start Page_bak).
    * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
    * New in logfile: Running processes at time of scan.
    * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
    * New O19 method to check for Datanotary hijack of user stylesheet.
    * Google.com IP added to whitelist for Hosts file check.
    [v1.94]
    * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
    * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
    * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
    * Fixed a bug where DPF could not be deleted.
    * Fixed a stupid bug in enumeration of autostarting shortcuts.
    * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
    * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
    * Added support for backing up F0 and F1 items (d'oh!).
    [v1.93]
    * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
    * Fixed a bug in LSP routine for Win95.
    * Made taborder nicer.
    * Fixed a bug in backup/restore of IE plugins.
    * Added UltimateSearch hijack in O17 method (I think).
    * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
    * Also fixed a bug in StartupList (now version 1.52.1).
    [v1.92]
    * Fixed two stupid bugs in backup restore function.
    * Added DiamondCS file to LSP files safelist.
    * Added a few more items to the protocol safelist.
    * Log is now opened immediately after saving.
    * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
    * Updated integrated StartupList to v1.52.
    * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
    * Rudimentary proxy support for the Check for Updates function.
    [v1.91]
    * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
    * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
    * Added listing of programs/links in Startup folders (O4).
    * Fixed 'Check for Update' not detecting new versions.
    [v1.9]
    * Added check for Lop.com 'Domain' hijack (O17).
    * Bugfix in URLSearchHook (R3) fix.
    * Improved O1 (Hosts file) check.
    * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
    * Added AutoConfigURL and proxyserver checks (R1).
    * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
    * Added check for extra protocols (O18).
    [v1.81]
    * Added 'ignore non-standard but safe domains' option.
    * Improved Winsock LSP hijackers detection.
    * Integrated StartupList updated to v1.4.
    [v1.8]
    * Fixed a few bugs.
    * Adds detecting of free.aol.com in Trusted Zone.
    * Adds checking of URLSearchHooks key, which should have only one value.
    * Adds listing/deleting of Download Program Files.
    * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71]
    * Improves detecting of O6.
    * Some internal changes/improvements.
    [v1.7]
    * Adds backup function! Yay!
    * Added check for default URL prefix
    * Added check for changing of IERESET.INF
    * Added check for changing of Netscape/Mozilla homepage and default search engine.
    [v1.61]
    * Fixes Runtime Error when Hosts file is empty.
    [v1.6]
    * Added enumerating of MSIE plugins
    * Added check for extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5]
    * Adds 'Uninstall & Exit' and 'Check for update online' functions.
    * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4]
    * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
    * A few bugfixes/enhancements
    [v1.3]
    * Adds detecting of extra MSIE context menu items
    * Added detecting of extra 'Tools' menu items and extra buttons
    * Added 'Confirm deleting/ignoring items' checkbox
    [v1.2]
    * Adds 'Ignorelist' and 'Info' functions
    [v1.1]
    * Supports BHO's, some default URL changes
    [v1.0]
    * Original release

    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.

    The different sections of hijacking possibilities have been separated into these groups:

    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols
    O19 - User stylesheet hijack

    You can get more detailed information about an item by selecting it from the list of found items or highlighting the relevant line above, and clicking 'Info on selected item'.

  3. #3
    會員 jerry11 的大頭照
    註冊日期
    2001-08-02
    討論區文章
    555
    [Z]HijackThis 日誌分析——如何識別有害信息

    在SpywareInfo的 論壇 上,許多不熟悉瀏覽器綁架的人發表文章,詢問如何通過分析HijackThis的日誌來獲得幫助,因為他們不理解哪些內容是無害的,而哪些內容是有害的。

    本文是一個關於日誌含義的基本指南,並包含一些有助於獨立閱讀本文的提示。本文決不能代替在SWI論壇上請求幫助的解答,而只是在某種程度上幫助您自己理解日誌的含義。

    概述
    HijcakThis日誌中的每一行以一個分類名稱開始。(要查看這一主題的技術信息,單擊主窗口中的“Info”按鈕,並向下滾動窗口,突出顯示某一行並單擊“More info on this item”按鈕即可。)

    要查看實用信息,單擊需要獲得幫助的分類名稱:

    ? R0, R1, R2, R3 – IE起始頁/搜索頁 URL
    ? F0, F1 – 自動加載程序
    ? N1, N2, N3, N4 – Netscape/Mozilla 起始頁/搜索頁 URL
    ? O1 – 主機文件重定向
    ? O2 – 瀏覽器輔助對象
    ? O3 – IE工具欄
    ? O4 – 從註冊表自動加載程序
    ? O5 – 使IE選項的圖標在控制面板中不可見
    ? O6 –由管理員限制的對IE選項的訪問
    ? O7 –由管理員限制的對註冊表編輯器的訪問
    ? O8 – IE右鍵菜單中的額外項
    ? O9 – 主IE按鈕工具欄上的額外按鈕,或IE“工具”菜單中的額外項
    ? O10 – Winsock綁架程序
    ? O11 – IE“高級選項”窗口中的額外組
    ? O12 – IE插件
    ? O13 – IE DefaultPrefix綁架
    ? O14 – “重置Web設置”綁架
    ? O15 – 受信任區域中的有害站點
    ? O16 – ActiveX對象(aka 下載的程序文件)
    ? O17 – Lop.com域綁架程序
    ? O18 – 額外協議和協議綁架程序
    ? O19 – 用戶樣式表綁架
    ________________________________________
    R0、R1、R2、R3-IE起始頁和搜索頁
    癥狀:
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.google.com/
    R3 –Default URLSearchHook is missing

    治療方案:
    如果結尾的URL是您的主頁或搜索引擎,那就不用管它。如果您不認可,請檢查一下並用HijcakThis修復。
    對於R3項,始終修復它們,直到它提及一個您認可的程序為止,比如Copernic。
    ________________________________________
    F0、F1-自動加載程序
    癥狀:
    F0 - system.ini: Shell=Explorer.exe Openme.exe
    F1 - win.ini: run=hpfsched

    治療方案:
    F0項始終是有害的,因此要修復它們。
    F1項通常是存在很長時間的安全程序,因此您應該根據其文件名查找與該文件有關的更多信息,以確定它是無害的還是有害的。
    ________________________________________
    N1、N2、N3、N4-Netscape/Mozilla起始頁和搜索頁
    癥狀:
    N1 - Netscape 4: user_pref("browser.startup.homepage", "www.google.com"); (C:\Program Files\Netscape\Users\default\prefs.js)
    N2 - Netscape 6: user_pref("browser.startup.homepage", "http://www.google.com"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)
    N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%206%5Csearchplugins%5CSBWeb_02.src"); (C:\Documents and Settings\User\Application Data\Mozilla\Profiles\defaulto9t1tfl.slt\prefs.js)

    治療方案:
    通常情況下,Netacape和Mozilla的主頁及搜索頁是安全的。它們極少被綁架。主頁和搜索頁的URL不是您認可的,請用HilackThis修復它。
    ________________________________________
    O1-主機文件重定向
    癥狀:
    O1 - Hosts: 216.177.73.139 auto.search.msn.com
    O1 - Hosts: 216.177.73.139 search.netscape.com
    O1 - Hosts: 216.177.73.139 ieautosearch

    治療方案:
    這種綁架將通向正確IP地址的地址重定向到錯誤的IP地址。如果IP不屬於該地址,那麼在您每次鍵入該地址時,您將被重定向到一個錯誤的站點。始終用HilackThis修復它們,除非您故意將這些行放到主機文件中。
    ________________________________________
    O2-瀏覽器輔助對象
    癥狀:
    O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O2 - BHO: (no name) - {1A214F62-47A7-4CA3-9D00-95A3965A8B4A} - C:\PROGRAM FILES\POPUP ELIMINATOR\AUTODISPLAY401.DLL (file missing)
    O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} - C:\PROGRAM FILES\MEDIALOADS ENHANCED\ME1.DLL

    治療方案:
    如果您無法直接識別某個瀏覽器輔助對象的名稱,可以使用TonyK的 BHO 列表 通過類ID(CLSID,位於大括號中的編號)進行查找,以確定它是無害的還是有害的。在BHO列表中,‘X’代表偵探軟件,‘L’代表安全。
    ________________________________________
    O3-IE工具欄
    癥狀:
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
    O3 - Toolbar: Popup Eliminator - {86BCA93E-457B-4054-AFB0-E428DA1563E1} - C:\PROGRAM FILES\POPUP ELIMINATOR\PETOOLBAR401.DLL (file missing)
    O3 - Toolbar: rzillcgthjx - {5996aaf3-5c08-44a9-ac12-1843fd03df0a} - C:\WINDOWS\APPLICATION DATA\CKSTPRLLNQUL.DLL

    治療方案:
    如果您不能直接識別工具欄的名稱,可以使用TonyK的 工具欄列表 通過類ID(CLSID,位於大括號中的編號)進行查找,以確定它是無害的還是有害的。在工具欄列表中,‘X’代表偵探軟件,‘L’代表安全。
    如果它不在列表中,而且其名稱似乎是一個隨機的字符串,並且該文件位於一個名為‘Application Data’的文件夾中的某處(比如上述例子中的最後一個),那麼它肯定是有害的,應該用HilackThis修復它。
    ________________________________________
    O4-從註冊表自動加載程序
    癥狀:
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    治療方案:
    使用PacMan的 啟動列表 來查找這些條目,以確定它們是無害的還是有害的。
    ________________________________________
    O5-使IE選項在控制面板中不可見
    癥狀:
    O5 - control.ini: inetcpl.cpl=no

    治療方案:
    除非故意隱藏控制面板中的圖標,否則用HijackThis修復它。
    ________________________________________
    O6-由管理員限制的對IE選項的訪問
    癥狀:
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

    治療方案:
    除非激活了 Spybot S&D 選項“Lock homepage from changes”,否則用HijackThis修復這一項。
    ________________________________________
    O7-由管理員限制的對註冊表編輯器的訪問
    癥狀:
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

    治療方案:
    始終用HijackThis修復這一項。
    ________________________________________
    O8-IE右鍵菜單中的額外項
    癥狀:
    O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLETOOLBAR_EN_1.1.68-DELEON.DLL/cmsearch.html
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
    O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm

    治療方案:
    如果不能識別IE右鍵菜單中的項目名稱,用HijackThis修復它。
    ________________________________________
    O9-主IE工具欄上的額外按鈕,或IE“工具”菜單中的額外項
    癥狀:
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Messenger (HKLM)
    O9 - Extra button: AIM (HKLM)

    治療方案:
    如果不能識別按鈕或菜單項的名稱,用hijackThis修復它。
    ________________________________________
    O10-Wincock綁架程序
    癥狀:
    O10 - Hijacked Internet access by New.Net
    O10 - Broken Internet access because of LSP provider 'c:\progra~1\common~2\toolbar\cnmib.dll' missing
    O10 - Unknown file in Winsock LSP: c:\program files\newton knows\vmain.dll

    治療方案:
    最好使用 Cexx.org的LSPFix或Kolla.de的Spybot S&D修復這些項。
    ________________________________________
    O11-IE“高級選項”窗口中的額外組
    癥狀:
    O11 - Options group: [CommonName] CommonName

    治療方案:
    現在,惟一將其自身的選項組添加到IE 高級選項窗口中的綁架程序是CommonName。因此您始終可以用HijackThis修復這一項。
    ________________________________________
    O12-IE插件
    癥狀:
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O12 - Plugin for .PDF: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

    治療方案:
    大部分時間內,這些項是安全的。只有OnFlow在這裡添加了一個您不想要的插件(.ofb)。
    ________________________________________
    O13-IE DefaultPrefix綁架
    癥狀:
    O13 - DefaultPrefix: http://www.pixpox.com/cgi-bin/click.pl?url=
    O13 - WWW Prefix: http://prolivation.com/cgi-bin/r.cgi?

    治療方案:
    這些項始終是有害的。用HijackThis修復它們。
    ________________________________________
    O14-‘重置Web設置’綁架
    癥狀:
    O14 - IERESET.INF: START_PAGE_URL=http://www.searchalot.com

    治療方案:
    如果該URL不是您計算機的廠商或您的ISP,用HijackThis修復它。
    ________________________________________
    O15-受信任區域中的有害站點
    癥狀:
    O15 - Trusted Zone: http://free.aol.com

    治療方案:
    迄今為止,只有AOL傾向於將自身添加到您的受信任區域,從而允許它運行任何它想要運行的ActiveX。始終用HijackThis修復這一項。
    ________________________________________
    O16-Active對象(aka 下載的程序文件)
    癥狀:
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

    治療方案:
    如果您你不能識別對象名稱,或它下載文件的URL,用HijackThis修復它。如果名稱或URL中包含下列單詞,比如‘dialer’、‘casino’、‘free-pludin’等等,那麼一定要修復它。
    ________________________________________
    O17-Lop.com域綁架
    癥狀:
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = W21944.find-quick.com
    O17 - HKLM\Software\..\Telephony: DomainName = W21944.find-quick.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D196AB38-4D1F-45C1-9108-46D367F19F7E}: Domain = W21944.find-quick.com

    治療方案:
    如果域不是來自您的ISP或公司的網絡,用HijackThis修復它。
    ________________________________________
    O18-額外協議和協議綁架程序
    癥狀:
    O18 - Protocol: relatedlinks - {5AB65DD4-01FB-44D5-9537-3767AB80F790} - C:\PROGRA~1\COMMON~1\MSIETS\msielink.dll
    O18 - Protocol: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82}
    O18 - Protocol hijack: http - {66993893-61B8-47DC-B10D-21E0C86DD9C8}

    治療方案:
    這裡只顯示了少數綁架程序。惡名昭著的還有‘cn’(CommonName),‘ayb’(Lop.com)和‘relatedlinks’(Huntbar),您應該用Hijackthis修復這些項。
    顯示的其他情況要麼是未被確認為安全的,要麼是被偵探軟件綁架的。如果是後一種情況,用HijackThis修復它。
    ________________________________________
    O19-用戶樣式表綁架
    癥狀:
    O19 - User style sheet: c:\WINDOWS\Java\my.css

    治療方案:
    在瀏覽器速度變慢並頻繁彈出各種消息的情況下,如果這一項顯示在日誌中,用HijackThis修復它。

類似的主題

  1. 【綁架】IE 首頁被綁架要解決者先看此文章
    作者:阿 土 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 29
    最後發表: 2007-01-29, 09:53 PM
  2. IE 首頁被綁架
    作者:jufylee 所在討論版:-- HELP ME 電 腦 軟 硬 體 急 救 版
    回覆: 6
    最後發表: 2004-02-09, 11:03 PM
  3. 【轉貼 首頁被綁架~很多方法~~感謝原創者~
    作者:s_dino 所在討論版:-- 網 路 軟 體 討 論 一 版 (Browser,Email
    回覆: 0
    最後發表: 2002-08-08, 08:14 PM
  4. 轉貼 IE 首頁被綁架如何解決(毒)
    作者:purk 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 0
    最後發表: 2002-02-05, 03:06 AM
  5. 首頁被綁架後
    作者:898pp 所在討論版:-- 防 駭 / 防 毒 版
    回覆: 0
    最後發表: 2001-09-17, 05:49 PM

 

pixpox

winsock fix runtime error 53

winsockfix error 53

cexx.org lspfix.htm

www.cexx.orglspfix.htm

winsockfix run time error 53

發表文章規則

  • 不可以發表新主題
  • 不可以回覆文章
  • 不可以上傳附加檔案
  • 不可以編輯自己的文章
  •