网站 › 『病毒救援区』 › 电脑主页被劫持，所有包括IE，360，谷歌全无一辛免！杀毒无用！

lxl310306 发表于 2019-11-21 23:21

电脑主页被劫持，所有包括IE，360，谷歌全无一辛免！杀毒无用！

电脑主页被劫持，所有包括IE，360，谷歌全无一辛免！
找到主文件，cb45d479b5.sys，驱动劫持。很多杀毒软件都没有查到病毒！

红框内的，是被劫持的浏览器，和跳转的主页，用软件修改删除后，保存，直接电脑死机，重启提示驱动文件破坏，郁闷！

Fan.s 发表于 2019-11-22 00:00

本帖最后由 Fan.s 于 2019-11-22 00:38 编辑

Windows Registry Editor Version 5.00
这个就是下面的网站改成要锁的试试，新建TXT文本，保存成.reg文件

"Default_Page_URL"="http://192.168.1.222"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Enable_Disk_Cache"="yes"
"Cache_Percent_of_Disk"=hex:0a,00,00,00
"Delete_Temp_Files_On_Exit"="yes"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Anchor_Visitation_Horizon"=hex:01,00,00,00
"Use_Async_DNS"="yes"
"Placeholder_Width"=hex:1a,00,00,00
"Placeholder_Height"=hex:1a,00,00,00
"Start Page"="http://www.hao123.com"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CompanyName"="Microsoft Corporation"
"Custom_Key"="MICROSO"
"Wizard_Version"="6.0.2600.0000"
"Default_Secondary_Page_URL"=hex(7):00,00
"Extensions Off Page"="about:NoAdd-ons"
"Security Risk Page"="about:SecurityRisk"
"Check_Associations"="yes"
"IEWatsonEnabled"=dword:00000000
"First Home Page"="192.168.1.222"


"400"=dword:00000200
"403"=dword:00000100
"404"=dword:00000200
"405"=dword:00000100
"406"=dword:00000200
"408"=dword:00000200
"409"=dword:00000200
"410"=dword:00000100
"500"=dword:00000200
"501"=dword:00000200
"505"=dword:00000200




"WMPlayer.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"infopath.exe"=dword:00000000
"msn6.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"*"=dword:00000001
"msimn.exe"=dword:00000001


"kminisite.exe"=dword:00001f40


"*"=dword:00000000
"explorer.exe"=dword:00000001
"iexplore.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"SAPLOGON.exe"=dword:00000000
"SAPfewgsrv.exe"=dword:00000000
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"*"=dword:00000001
"msimn.exe"=dword:00000001
"SAPGUI.exe"=dword:00000000
"SAPGuiIT.exe"=dword:00000000
"SAPLgPad.exe"=dword:00000000
"Scale_for_R3.exe"=dword:00000000


"ieuser.exe"=dword:00000001
"iexplore.exe"=dword:00000001


"YahooMusicEngine.exe"=dword:00000001


"devenv.exe"=dword:00000001
"dexplore.exe"=dword:00000001
"helppane.exe"=dword:00000001


"msfeedssync.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001


"msiexec.exe"=dword:00000000


@=""
"waol.exe"=dword:00000001
"cs.exe"=dword:00000001
"wm.exe"=dword:00000001


"iexplore.exe"=dword:00000000


"helppane.exe"=dword:00000000


"wlmail.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"explorer.exe"=dword:00000004
"iexplore.exe"=dword:0000000a


"explorer.exe"=dword:00000002
"iexplore.exe"=dword:0000000a


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"mshta.exe"=dword:00000001
"outlook.exe"=dword:00000001
"sidebar.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000


"communicator.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
"msimn.exe"=dword:00000001
"winmail.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001


"msimn.exe"=dword:00000001
"outlook.exe"=dword:00000001
"winmail.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001


"excel.exe"=dword:00000001
"infopath.exe"=dword:00000001
"powerpnt.exe"=dword:00000001
"winword.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001


"msn.exe"=dword:00000001
"msn6.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001


"iexplore.exe"=dword:00000001


"WMPlayer.exe"=dword:00000001
@=""
"iexplore.exe"=dword:00000001
"explorer.exe"=dword:00000001
"msimn.exe"=dword:00000001

"1"="www.%s.com"
"2"="www.%s.org"
"3"="www.%s.net"
"4"="www.%s.edu"

丿终结者 发表于 2019-11-21 23:32

中了什么 这么狠{:301_999:}

AIctiy 发表于 2019-11-21 23:33

very nice boss

ahxx 发表于 2019-11-21 23:35

2345啊{:1_937:}

hwb2018 发表于 2019-11-21 23:51

吓的我赶紧火绒加卡巴全开

qwjituan 发表于 2019-11-21 23:52

随便找个火绒 或者 360的客服远程就能搞定。很方便，屡试不爽

大大君233 发表于 2019-11-21 23:56

这个很恐怖

qaz003 发表于 2019-11-21 23:57

这个好玩。。你系统win几的？
说说是咋中的，给个地址，我也想玩下

湿求了鸭 发表于 2019-11-21 23:57

楼主，怎么解决的，我的也是

摆渡de灵魂 发表于 2019-11-22 00:00

不知道用火绒可不可以，求解

查看完整版本: 电脑主页被劫持，所有包括IE，360，谷歌全无一辛免！杀毒无用！