艾瑞克的 Hexo 空間

[筆記] WinXP 電腦 IE首頁 被dh440.com & http://web.sogou.com/?12141 綁架、劫持的處理方法

本文發表於340天之前,文章內容可能已經過時,如有疑問,請聯繫作者。

工作上的需求,要幫業務弄一台XP的PC出來

手邊已經沒有什麼XP的安裝片了,於是上網下載了一個

系統家園Ghost XP SP3 繁體中文純淨版

媽咧個B咧,純淨個屁喔!

裡面裝了一堆亂七八糟有的沒的軟體,不過這些軟體好處理,就移除掉就好了

但是呢,IE首頁一直被綁架著很不爽

開啟IE後,會先讀取 dh440.com 然後會轉址到 http://web.sogou.com/?12141

這東西非常頑固!不管是手動清registry 、改IE設定、甚至重設IE都沒用

以往碰到的狀況,頂多就是重設IE就好,這次頭大了。

好,想說以毒攻毒吧!先下個 360安全衛士,不管是掃描、掃毒、主頁保護都跑過了,還是沒用!

又換個QQ電腦管家,也是一樣全功能都執行一遍,也是解決不了。

又下載了 adwcleaner portable 來試試看,雖說有掃到東西,但是首頁被綁架的情況依然沒有成功處理

最後又試了 malwarebyte 才總算把這個dh440.com 轉址 web.sogou.com 的首頁綁架解決!

因為用dh440.com 當關鍵字去GOOGLE,其實找不到什麼有用的幫助

就順便記錄一下,希望能幫到其他人!

 

malwarebyte 最後掃出來的LOG是這樣

我猜是那個2345explorer的問題

Malwarebytes

www.malwarebytes.com

-Log Details-

Scan Date: 2017/1/11

Scan Time: 上午 10:44:27

Logfile:

Administrator: Yes

-Software Information-

Version: 3.0.5.1299

Components Version: 1.0.43

Update Package Version: 1.0.974

License: Trial

-System Information-

OS: Windows XP Service Pack 3

CPU: x86

File System: NTFS

User: QKIEYVGMWMKCQVW\Administrator

-Scan Summary-

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 218347

Time Elapsed: 7 min, 8 sec

-Scan Options-

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

-Scan Details-

Process: 0

(No malicious items detected)

Module: 0

(No malicious items detected)

Registry Key: 0

(No malicious items detected)

Registry Value: 9

PUM.Optional.DisableShowSearch, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974

PUM.Optional.DisableShowHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974

PUM.Optional.NoSMHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, [19218], [293294],1.0.974

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, [19218], [293295],1.0.974

PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [19218], [293296],1.0.974

PUM.Optional.DisableShowSearch, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974

PUM.Optional.DisableShowHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974

PUM.Optional.NoSMHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974

Data Stream: 0

(No malicious items detected)

Folder: 3

PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default, No Action By User, [15], [308620],1.0.974

PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data, No Action By User, [15], [308620],1.0.974

PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer, No Action By User, [15], [308620],1.0.974

File: 2

PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\Bookmarks, No Action By User, [15], [308620],1.0.974

PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\page_file.dat, No Action By User, [15], [308620],1.0.974

Physical Sector: 0

(No malicious items detected)

avatar
[筆記] CentOS Linux 底下,偵測檔案內容異動 發信通知