Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62200611580
HistorySep 10, 2006 - 12:00 a.m.

From the IE pop-up ads look at rogue software principles-vulnerability warning-the black bar safety net

2006-09-1000:00:00
佚名
www.myhack58.com
8
JSON

A lot of people affected by IE automatically pop-up ads plaguing it, here is a solution ideas, you can get the use of BHO(Browser Helper Objects, browser helper module, making waves of malware. Unfortunately this method is still relatively complex, only the master in use, I hope the master can help friends contact their pain.

1, Run regedit, open to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows

\CurrentVersion\Explorer\BrowserHelperObjects

Here are a number of BHO’s ID number:

|

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} Adobe Acrobat Reader

{3E422F49-1 5 6 6-40D3-B43D-077EF739AC32} unknown

{A5366673-E8CA-11D3-9CD9-0090271D075B} FlashGet(FlashGet)

{AA58ED58-01DD-4d91-8 3 3 3-CF10577473F7} Google Toolbar

{E5A1691B-D188-4 4 1 9-AD02-90002030B8EE} FlashFXP

2, the copy of the Unknown BHO’s ID number, to the HKEY_CLASSES_ROOT under the Search will find the CLSID of the item to expand, double-click InprocServer32, and 右侧 将会 显示 出 这个 CLSID 对应 的 DLL 文件 位置 winnt\system32 和 名称 Navihelper.dll, which was recorded. Possibly unknown ID name will vary, be sure to search all of the unknown IDS, in order to thoroughly clean)

3, the 用 UltraEdit 打开 此 Navihelper.dll found a host. dat a string, and in winnt\system32 under. Use UltraEdit to open the host. dat, you can see the number of ads address, which undoubtedly is a malicious pop-up ads sources.

4, the first in the registry the{3E422F49-1 5 6 6-40D3-B43D-077EF739AC32}and Navihelper the key value of all find out and remove. Then, start, run, enter:“regsvr32 NaviHelper.dll -u”. Finally restart the computer to the winnt\system32 delete NaviHelper. dll and the Host. dat file can be.

Rogue software principles analysis: this Navihelper. dll using a BHO, the stuff is too powerful a method in the IE register, open IE automatically downloaded from the website need to display the ads, and save it in the host. dat, and then according to the host. dat settings in the user use IE when to display ads.

Remembered CTO Tony speak a word, when the malignant software makers from their work, get enough benefits, their behavior will be in the economic interests driven by the formation of a positive cycle that will make the benign software manufacturer unable to cope, the best way is from the start to increase their costs to reduce their income.

JSON