[筆記] WinXP 電腦 IE首頁 被dh440.com & http://web.sogou.com/?12141 綁架、劫持的處理方法
工作上的需求,要幫業務弄一台XP的PC出來
手邊已經沒有什麼XP的安裝片了,於是上網下載了一個
系統家園Ghost XP SP3 繁體中文純淨版
媽咧個B咧,純淨個屁喔!
裡面裝了一堆亂七八糟有的沒的軟體,不過這些軟體好處理,就移除掉就好了
但是呢,IE首頁一直被綁架著很不爽
開啟IE後,會先讀取 dh440.com 然後會轉址到 http://web.sogou.com/?12141
這東西非常頑固!不管是手動清registry 、改IE設定、甚至重設IE都沒用
以往碰到的狀況,頂多就是重設IE就好,這次頭大了。
好,想說以毒攻毒吧!先下個 360安全衛士,不管是掃描、掃毒、主頁保護都跑過了,還是沒用!
又換個QQ電腦管家,也是一樣全功能都執行一遍,也是解決不了。
又下載了 adwcleaner portable 來試試看,雖說有掃到東西,但是首頁被綁架的情況依然沒有成功處理
最後又試了 malwarebyte 才總算把這個dh440.com 轉址 web.sogou.com 的首頁綁架解決!
因為用dh440.com 當關鍵字去GOOGLE,其實找不到什麼有用的幫助
就順便記錄一下,希望能幫到其他人!
malwarebyte 最後掃出來的LOG是這樣
我猜是那個2345explorer的問題 > Malwarebytes > > www.malwarebytes.com > > > -Log Details- > > Scan Date: 2017/1/11 > > Scan Time: 上午 10:44:27 > > Logfile: > > Administrator: Yes > > > -Software Information- > > Version: 3.0.5.1299 > > Components Version: 1.0.43 > > Update Package Version: 1.0.974 > > License: Trial > > > -System Information- > > OS: Windows XP Service Pack 3 > > CPU: x86 > > File System: NTFS > > User: QKIEYVGMWMKCQVW\Administrator > > > -Scan Summary- > > Scan Type: Threat Scan > > Result: Completed > > Objects Scanned: 218347 > > Time Elapsed: 7 min, 8 sec > > > -Scan Options- > > Memory: Enabled > > Startup: Enabled > > Filesystem: Enabled > > Archives: Enabled > > Rootkits: Enabled > > Heuristics: Enabled > > PUP: Enabled > > PUM: Enabled > > > -Scan Details- > > Process: 0 > > (No malicious items detected) > > > Module: 0 > > (No malicious items detected) > > > Registry Key: 0 > > (No malicious items detected) > > > Registry Value: 9 > > PUM.Optional.DisableShowSearch, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974 > > PUM.Optional.DisableShowHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974 > > PUM.Optional.NoSMHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974 > > PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|ANTIVIRUSDISABLENOTIFY, No Action By User, [19218], [293294],1.0.974 > > PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FIREWALLDISABLENOTIFY, No Action By User, [19218], [293295],1.0.974 > > PUM.Optional.DisabledSecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UPDATESDISABLENOTIFY, No Action By User, [19218], [293296],1.0.974 > > PUM.Optional.DisableShowSearch, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWSEARCH, No Action By User, [19230], [293317],1.0.974 > > PUM.Optional.DisableShowHelp, HKU\S-1-5-21-839522115-1532298954-1801674531-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|START_SHOWHELP, No Action By User, [19226], [293313],1.0.974 > > PUM.Optional.NoSMHelp, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NOSMHELP, No Action By User, [19245], [293358],1.0.974 > > > Data Stream: 0 > > (No malicious items detected) > > > Folder: 3 > > PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default, No Action By User, [15], [308620],1.0.974 > > PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data, No Action By User, [15], [308620],1.0.974 > > PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer, No Action By User, [15], [308620],1.0.974 > > > File: 2 > > PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\Bookmarks, No Action By User, [15], [308620],1.0.974 > > PUP.Optional.Elex, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\2345Explorer\User Data\Default\page_file.dat, No Action By User, [15], [308620],1.0.974 > > > Physical Sector: 0 > > (No malicious items detected)