remove 惡意程式(oursurfing)綁架IE11首頁

admin

Step 1. Show hidden files on your computer system by changing system folder settings
Step 2. Search for and remove malicious files generated by OurSurfing.com on your Hard Drive.
Step 3. Go to Registry Editor and delete all its related registry keys

Step 1. Show hidden files on your computer system by changing system folder settings:
Here’s how to display hidden files and folders.
On Win7/Vista
1. Open Folder Options by clicking the Start button , clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2.Click the View tab.
3.Under Advanced settings, click Show hidden files, folders, and drives, and then click OK.
On Win 8
1. Press Win key(the key that has Windows logo) and R key together, and then type Control, hit Enter
2. Type “folder” into the search bar and select Show hidden files and folders.

3. Then, click on the View tab at the top of the window.
4. Under Advanced Settings, locate “Hidden files and folders.” Select Show hidden files and folders just below that

5.Click on OK.
6. Hidden files will now be shown when performing searches in Windows Explorer.
Step 2. Search for and remove malicious files generated by OurSurfing.com on your Hard Drive.
CAUTION: Windows stores many important settings in hidden files and folders. Do not modify or delete hidden files if you do not know precisely what will happen as a result.
%program files%\common files\system\OurSurfing.com.dll
%program files(x86)%\OurSurfing.com uninstall\
%programData%\OurSurfing.com.exe\
%appdata%\roaming\[OurSurfing.com].exe or folder
%Windows%\system32\driver\OurSurfing.com.sys
%users%\default\appdata\local\OurSurfing.com.log
Step 3. Go to Registry Editor and delete all its related registry keys
The Registry Editor enables you to view, search for, and change settings in your system registry, which contains information about how your computer runs. Although you can use Registry Editor to inspect and modify the registry, doing so is risky, as making incorrect changes can damage your system.
1. Open Registry Editor first:
On Win7/Vista
Click Start
In the Start Menu, either in the Run Box or Search box, type regedit and press Enter.
If prompted by User Account Control, click Yes to open the Registry Editor.
Once opened successfully, you should be in the Windows Registry Editor Window, similar to the example shown below.

On Win 8
Press windows key + R key together
Type “regedit.exe” and run it
You can see the registry editor now.

2.Look for and delete malicious registry entries created by OurSurfing.com Virus
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MATS\WindowsInstaller\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}\2014.07.30.07.52.18]
“ProductName”=”OurSurfing.com”
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EAF386F0-7205-40F2-8DA6-1BABEEFCBE89}]
“DisplayName”=”OurSurfing.com”
[HKEY_USERS\S-1-5-21-3825580999-3780825030-779906692-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\{50f25211-852e-4d10-b6f5-50b1338a9271}]
“DisplayName”=”OurSurfing.com”

ps1.C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer(捷徑)
       內容須修改為: "C:\Program Files\Internet Explorer\iexplore.exe"