www.111333.com.cn 网站劫持
创建lnternet Explorer.lnk到以下文件夹
%AllUsersProfile%\
%System%\
%System%\1\
%System%\2\
%System%\3\
%System%\hao123.exe
%System%\go.bat
%System%\shlos.rar
删除
C:\Documents and Settings\[UserName]\Start Menu\Programs\lnternet Explorer.lnk
修改
%System%\shdoclc.dll
创建
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command]
(Default) = ""%ProgramFiles%\Internet Explorer\iexplore.exe" hxxp://www.5414.cn"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
(Default) = "C:\\Program Files\Internet Explorer\iexplore.exe hxxp://www.111333.com.cn/?in=startmenu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Search Bar = "***.111333.com.cn/?in=IERSearch"
Start Page = "***.111333.com.cn/?in=StarPage"
Search Page = "***.111333.com.cn/?in=IESearch"
[HKEY_CURRENT_USER\Software\WinRAR SFX]
C%%WINDOWS%%system32%% = "%Windir%\\system32\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt]
(Default) = "txtfile "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
(Default) = 0x0000000C
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
(Default) = 0x0000000C
删除
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile]
IsShortcut = ""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile]
IsShortcut = ""
需屏蔽站点
5414.cn
111333.com.cn
111555.com.cn
218.5.79.31
所需文件%System%\shdoclc.dll
附件: shdoclc.rar (2009-3-14 15:17:19, 135.53 K)
该附件被下载次数 388
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322; GreenBrowser)
