有网友表示自己在下载使用了VeryCD下载链接查看器这款工具以后,再打开浏览器就被直接跳转到这个导航页面了,而且打开多个浏览器:IE、Chrome、Firefox、Opera、Safari、Maxthon,均相同症状,检查浏览器首页设置——均正常!对于这个问题该怎么解决呢?下面小编就为大家介绍一下具体的解决方法吧,欢迎大家参考和学习。
最后发现,原来快速启动栏的IE浏览器快捷命令被其修改,修改后的类似如下图,于是认为就是普通的修改快捷方式,手工删除 2345 网址的部分,但半小时后再次被更改了。考虑到可能加载了启动项,在注册表、启动项、服务等中均未查找到相关信息,重启后IE快捷方式被重新篡改。尝试了事件查看器和任务计划,均未在里面查出任何信息。
之后又安装了超级兔子、360、exterminateit等工具进行检查,也未检出。
打开ProcessMonitor进行监视,发现每隔30分钟出现一个scrcons.exe进程自动启动并修改快速启动栏的命令,然后自动关闭幸亏是30分钟一次,你要是24小时一次,那我就杯具了……,修改Win7下opera快速启动图标路径类似如下:
C:UsersiefansAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarOpera12.01 1532.lnk
查找资料,发现这应该是一个通过WMI发起的定时自动运行脚本。要查看WMI事件,到以下地址下载WMITool并安装
安装后打开WMI event viewer,点击左上角register for events,弹出Connect to namespace框,填入“rootsubscription”手工复制粘贴啊,默认出现的不是这个,确定,出现下图:
点击左侧_EventFilter:Name="unown_filter",再至右侧右键点击ActiveScriptEventConsume r Name="unown",右键选择view instant properties,如下图:
查看ScriptText项可知,这是一段VBScript调用系统服务间隔30分钟执行一次,将所有浏览器调用加上“
受到影响的浏览器有各色浏览器,差不多齐了:
"IEXPLORE.EXE", "chrome.exe", "firefox.exe", "360chrome.exe", "360SE.exe", "SogouExplorer.exe", "opera.exe", "Safari.exe", "Maxthon.exe", "TTraveler.exe", "TheWorld.exe", "baidubrowser.exe","liebao.exe", "QQBrowser.exe"
具体代码如下:
On Error Resumelink = " = Array"IEXPLORE.EXE", "chrome.exe", "firefox.exe", "360chrome.exe", "360SE.exe", "SogouExplorer.exe", "opera.exe","Safari.exe", "Maxthon.exe", "TTraveler.exe", "TheWorld.exe", "baidubrowser.exe", "liebao.exe", "QQBrowser.exe":Set oDic = CreateObject"scripting.dictionary":For Each browser In LCasebrowser,fso = CreateObject"Scripting.Filesystemobject":Set WshShell = CreateObject"Wscript.Shell":strDesktop ="C:UsersGeminiDesktop":strAllUsersDesktop = WshShell.SpecialFolders"AllUsersDesktop":QuickLaunch = "C:UsersGeminiAppDataRoamingMicrosoftInternet ExplorerQuickLaunch":UserPinnedStartMenu = QuickLaunch & "User PinnedStartMenu":UserPinnedTaskBar = QuickLaunch & "User PinnedTaskBar":For Each file In fso.GetFolderstrDesktop.Files:IfLCasefso.GetExtensionNamefile.Path = "lnk"oShellLink = WshShell.CreateShortcutfile. = oShellLink. = fso.GetBaseNamepath & "." &fso.GetExtensionNamepath:If oDic.ExistsLCasename= link:If file.Attributes And 1= file.Attributes - 1:End Each file In fso.GetFolderstrAllUsersDesktop.Files:If LCasefso.GetExtensionNamefile.Path = "lnk"oShellLink = WshShell.CreateShortcutfile. =oShellLink. = fso.GetBaseNamepath & "." & fso.GetExtensionNamepath:If oDic.ExistsLCasename= link:If file.Attributes And 1 = file.Attributes - 1:Endfso.FolderExistsQuickLaunchEach file In fso.GetFolderQuickLaunch.Files:IfLCasefso.GetExtensionNamefile.Path = "lnk"oShellLink = WshShell.CreateShortcutfile. = oShellLink. = fso.GetBaseNamepath & "." &fso.GetExtensionNamepath:If oDic.ExistsLCasename= link:If file.Attributes And 1= file.Attributes - 1:End If:If fso.FolderExistsUserPinnedStartMenuEach file In fso.GetFolderUserPinnedStartMenu.Files:If LCasefso.GetExtensionNamefile.Path = "lnk"oShellLink =WshShell.CreateShortcutfile. = oShellLink. = fso.GetBaseNamepath & "." & fso.GetExtensionNamepath:If oDic.ExistsLCasename=link:If file.Attributes And 1= file.Attributes - 1:EndIf:If fso.FolderExistsUserPinnedTaskBarEach file Infso.GetFolderUserPinnedTaskBar.Files:If LCasefso.GetExtensionNamefile.Path = "lnk"oShellLink = WshShell.CreateShortcutfile. = oShellLink. =fso.GetBaseNamepath & "." & fso.GetExtensionNamepath:If oDic.ExistsLCasename= link:If file.Attributes And 1= file.Attributes -1:EndIf
最后,清除方法:在WMI event viewer中将“_EventFilter:Name="unown_filter"”项目右键删除!
删不掉?
到WMITool安装路径例如:C:Program Files x86WMI Tools下,右键点击wbemeventviewer.exe,选择以管理员身份运行!删之!
还没完,还要手动将快速启动栏中,将各个浏览器快捷命令中的!
暂时就这么多了,还有没有其它影响的话,用用再看吧!
