Who is hurting China IT - 3721

When "3712" President XXX talks about "3712 mode", I didn't think that I have already embarked on a road. The hacking theft of others is impulsive, and hackers are impulsive in other people's own installation and monitoring software, then that one "3712" company regardless of whether the user is willing, is it forced to load a "real-name software" in the user yourself?

In order to avoid competition, there is a constant code that is shielded UR in the cnshook.dll file. It means that "You don't make it right, I said 1 is 1, who doesn't obey, I will shield anyone." Don't face it, I don't want to face. " I don't know if this is not a bar. Spam just makes your mailbox full of useless information, and "3712 real name software" makes the user machine full of garbage. And how many software quality is poor, how many of our programmers When debugging the system program? Because it is installed with 3712 and being diced.

I have installed 3712 after 3712, the CPU is always 100%. I have no way to uninstall now, unloading, I don't know when I have been replied, really fuck. Continuous shielding his download URL Only reinstall the system.

Another thing is: MSN Messager, which was very easy, suddenly added a search, for the trust of Microsoft, set it up, and the real mother's original still appeared again.

If China IT companies like 3721, I would rather China No IT businesses.

If possible, we should raise funds, tell 3721 This shameless company, I think any victim will generously.

The browsing on each BBS is extracted below:

Repost] Attachment! ! 3721 can control your computer! !

Repost] Attachment! ! 3721 can control your computer! !

I have inadvertently seen in a forum, the following is the original text.

I am a technology. I haven't been very smooth in the past two days, especially in Baidu to check the information, a lot of death, I think it is a network problem, but I have to remove the network.

After some anti-virus war, I ruled out the cause of the virus. So I contracted the unique and browser-related network real name plugins related to the browser-3721 in my machine. When I saw the 3721 program code, I was scared when I was scared. It turns out that this program has a latter door, and all people don't know if there is a back door. Other programs of 3721 will come out through this latter door. In this program I found a piece of code, it is it! ! ! I causing me to go online! ! (3721 network real name by setting the file in the CNSHOK.DLL, implements the blockade of Baidu webpage, there is http://www3.baidu.com/baidu.php?url= constant code in the cnshook.dll file, is used To shield the URL, this DLL will be registered under the window BHO interface, that is, the browser will call this interface at a time to access the webpage. When it is found that the DLL will cancel the access when accessing the URL containing the above signature. Resulting in the final access failed; at this time, if other browsers can be replaced, the Baidu page can be accessed normally. After deleting the 3721 network real name program, the access to Baidu page will return to normal.)

This code is like a robot, behind this code, if you add http://www.sina.com.cn, you will not go, plus http://www.sohu. com.cn, Sohu will not go, that is, 3721 is happy to shield anyone! ! I heard that the 3721 virus plug-in coverage is high, horrible! ! It turns out that you have to listen to 3721, who is called where you are on, he doesn't let you get on, you can't go, horror! ! !

When you recently browse some portals, you will be unknowing an IE plugin called "3721 Network Reality". Although these portals and 3721 are kind, so that this unilaterally installed such a plug-in is a bit wrong! The reason why it is a virus because it is also boot automatically, and although it brings some convenience, it is extremely unstable, and slows down in the Internet speed. On the S8S8.NET Forum, I saw a lot of netizens often show the prompts of Explorer.exe when shutdown. I also have to suffer from harm, take a closer study, the problem is in this "3721 network real name"! More infusable is that it may be due to the comparison of the program, there is no uninstall function at all! Attach its source code here, you can see this is not a Trojan. However, the program is written very bad ...

#include "windows.h" #include "winbase.h" void main () {char buf [max_path]; :: zeromemory (buf, max_path); :: getWindowsDirectory; char filename [max_path];:: : ZeroMemory (filename, MAX_PATH); strcpy (filename, buf); strcat (filename, "// Downloaded Program Files // CnsMinIO.dll"); :: MoveFileEx (filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT); :: ZeroMemory (filename, MAX_PATH); strcpy (filename, buf); strcat (filename, "// Downloaded Program Files // CnsMin.dll"); :: MoveFileEx (filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT); :: ZeroMemory (filename, MAX_PATH); strcpy ( Filename, BUF); STRCAT (FileName, "// Downloaded Program Files // CNSIO.DLL"); :: MoveFileEx (filename, null, movefile_delay_until_reboot);}

Here, you will uninstall the detailed process of this plugin.

Since this 3721 network real name plugin is to use Rundll32.exe call connection library, the system cannot terminate the Rundll32.exe process, so we must restart your computer, press F8 to enter the security mode (F8 can only press once, don't press more!)

After that, click Start -> Run Regedit.exe Open the registry, enter:

HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN / Delete Key: CNSMIN whose key value is: rundll32.exe c: /winnt/downloadlo ~ 1/cnsmin.dll, rundll32 (if it is Win98, here C: / WinNT / Downlo ~ 1 / for C: / Windows / Download /)

HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / AdvanceDOptions / Delete Whole Directory:!

HKEY_LOCAL_MACHINE / SOFTWARE / 3721 / and HKEY_CURRENT_USER / Software / 3721 / Delete the entire directory: 3721 NOTE: If you installed additional software in 3721, such as Need for flying cats, you should delete the entire directory: HKEY_LOCAL_MACHINE / SOFTWARE / 3721 / CnsMin and HKEY_CURRENT_USER / SOFTWARE / 3721 / CNSMINHKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / Main / Delete key: CNSenable whose key value is: A2C39D5F Delete key: CNSHINT whose key value is: A2C39D5F Delete key: CNSLIST whose key value is: A2C39D5F

After deleting the items in the registry, you also need to delete the 3721 network real name file stored in the hard disk.

Delete as follows:

C: / WinNT / DOWNLO ~ 1 directory (here C: / WinNT / DOWNLO ~ 1 / C: / Windows / Download / Down)

2001-08-09 15:34