The reason why the deep parsing of the registry repair is unsuccessful is that the

2. After modifying the registry, leave the back door, the purpose is to make you modify the registry seems to be successful, and then resume to the modified state after restarting.

this is mainly in the startup items left in the back door, you can open the registry to (you can also use tools like optimization guru
etc. View)

HKCUSoftware \\ Microsoft \\ Windows \\CurrentVersion\\Run

HKCUSoftware\\Microsoft\\Windows\\CurrentVersion\\RunOnce

HKCUSoftware\\Microsoft\\Windows\\CurrentVersion\\RunServices

HKCUSoftware\\Microsoft\\Windows\\CurrentVersion\\Run-

See if there are any suspicious startup projects, this is the most Friends ignored, which started suspicious of it?

me give a few we need to note, startup items and keys have appeared .hml .htm extension, the best are removed, there was the .vbs The startup item of the suffix is ​​also removed. Another important one is that if there is this startup item, there are similar key values, such as:

The system key value is regedit -sc:\\Windows...please note This regedit -s is a backdoor parameter of the registry, which is used to import the registry. Such options must be removed.

There is also a type of file that will generate a .vbs suffix in c:\\Windows. Or the .dll file, in fact, the .dll file is actually a .reg file (a malicious web page virus disguised as a DLL file)

At this point you have to look at the c:\\Windows\\win.ini file and see the load =, run=, these two options should be empty, if there are other programs to modify load=, run=, will = delete the program, delete the path and file name before deleting, delete the corresponding to the system File

There is also a method, if you repeatedly modify and restart Go back, you can search all the .vbs files under the C drive, there may be hidden, open with Notepad, see that there are changes to the registry, delete it or insurance to change the suffix, you can press malicious Web page virus time to search for files :)

The following vulnerability is very noteworthy, many friends said, you said I tried all the methods. There is absolutely no suspiciousness in the startup items, and there is no vbs file. Oh, everyone has a trap when starting IE. It is the advertisement in the menu of the tool of IE main interface. It must be removed because These will start when you start IE, so you don't have to worry about opening the IE window after you modify other things, otherwise it will be a waste of effort. Method: Open the registry HKEY_LOCAL_MacHINE\\Software\\Microsoft\\Internet Explorer\\Extensions to see the advertisement, delete it!

a very important issue, after the malicious Web page trap must first clear all IE temporary files, remember!

said so much, then how to defend against this type of malicious Web page it?

a once and for all, the F935DC22-1CF0-11D0-ADB9-00C04FD58A0B delete this ID in the path to the registry HKEY_CLASSES_ROOT \\ CLSID {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}

Remember, read it clearly and delete it, don't delete the other one. Deleting this F935DC22-1CF0-11D0-ADB9-00C04FD58A0B will have no effect on the system.

In the menu bar of IE, select "Tools" → "Internet Options", in the pop-up dialog box, switch to the "Security" tab, select "Internet" and click the "Custom Level" button, in " In the Security Settings dialog box, select "Disable" or "Prompt" for all related options in "ActiveX Controls and Plugins" and "Script". However, if "Disable" is selected, some websites that normally use ActiveX and scripts may not be fully displayed. Suggested choice: prompt. When you encounter a warning, look at the original code of the website. If you find that there is a code such as Shl.RegWrite, don't go. If it is an encrypted original code, don't go to a website that you are familiar with. No, be careful as well (look at what the original code is, unless there is any good Java or malicious code)

For Windows98 users, please open C:\\WINDOWS\\JAVA Packages\\ CVLV1NBB .ZIP, delete the "ActiveXComponent.class", for WindowsMe users, please open C:\\Windows\\JavaPackages.NZVFPF1.ZIP and delete "ActiveXComponent.class". These deletions will not affect the normal browsing page.

On Windows 2000/XP, you can block some malicious scripts by disabling the "Remote Registry Service" by right-clicking "Control Panel" → "Administrative Tools" → "Services" Remote Registry Service", select "Properties" in the pop-up menu, open the properties dialog box, and set "Startup ype" to "Disabled" in "General". This can also intercept the part.

Hey, no IE. You can use other browsers... After you have a trap in a malicious webpage, don’t restart your computer immediately. Go to the startup item and see if there is anything. Dangerous startup items, such as deltree.