[筆記] WinXP 電腦 IE首頁 被dh440.com & http://web.sogou.com/?12141 綁架、劫持的處理方法
本文于734天之前發表,文章內容可能已經過時。
工作上的需求,要幫業務弄一台XP的PC出來
手邊已經沒有什麼XP的安裝片了,於是上網下載了一個
系統家園Ghost XP SP3 繁體中文純淨版
媽咧個B咧,純淨個屁喔!
裡面裝了一堆亂七八糟有的沒的軟體,不過這些軟體好處理,就移除掉就好了
但是呢,IE首頁一直被綁架著很不爽
開啟IE後,會先讀取 dh440.com 然後會轉址到 http://web.sogou.com/?12141
這東西非常頑固!不管是手動清registry 、改IE設定、甚至重設IE都沒用
以往碰到的狀況,頂多就是重設IE就好,這次頭大了。
好,想說以毒攻毒吧!先下個 360安全衛士,不管是掃描、掃毒、主頁保護都跑過了,還是沒用!
又換個QQ電腦管家,也是一樣全功能都執行一遍,也是解決不了。
又下載了 adwcleaner portable 來試試看,雖說有掃到東西,但是首頁被綁架的情況依然沒有成功處理
最後又試了 malwarebyte 才總算把這個dh440.com 轉址 web.sogou.com 的首頁綁架解決!
因為用dh440.com 當關鍵字去GOOGLE,其實找不到什麼有用的幫助
就順便記錄一下,希望能幫到其他人!
malwarebyte 最後掃出來的LOG是這樣
我猜是那個2345explorer的問題
Malwarebytes
-Log Details-
Scan Date: 2017/1/11
Scan Time: 上午 10:44:27
Logfile:
Administrator: Yes
-Software Information-
Version: 3.0.5.1299
Components Version: 1.0.43
Update Package Version: 1.0.974
License: Trial
-System Information-
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: QKIEYVGMWMKCQVW\Administrator
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 218347
Time Elapsed: 7 min, 8 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 9
PUM.Optional.DisableShowSearch, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974
PUM.Optional.DisableShowHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974
PUM.Optional.NoSMHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, [19218], [293294],1.0.974
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, [19218], [293295],1.0.974
PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [19218], [293296],1.0.974
PUM.Optional.DisableShowSearch, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974
PUM.Optional.DisableShowHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974
PUM.Optional.NoSMHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974
Data Stream: 0
(No malicious items detected)
Folder: 3
PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default, No Action By User, [15], [308620],1.0.974
PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data, No Action By User, [15], [308620],1.0.974
PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer, No Action By User, [15], [308620],1.0.974
File: 2
PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\Bookmarks, No Action By User, [15], [308620],1.0.974
PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\page_file.dat, No Action By User, [15], [308620],1.0.974
Physical Sector: 0
(No malicious items detected)