Those 3721 network real name "virus" (including partial source code)
Author: Qiu Tang
When I recently browsed some portals, I will have an unconsciously installed a "3721 network real name".
IE plugin. Although these portals and 3721 are kind, so unilaterally installed such a
The plugin is a bit wrong! The reason why it is a virus because it is also boot automatically, and although it brings
Some convenient, but so that the system is very unstable, slow down online speed. See on the S8S8.NET forum
Between many netizens, you often have a prompt of Explorer.exe error when shutdown. I am also deeply affected.
It's hard to study it, the problem is in this "3721 network real name"! More infusable is
Can be comparable to the comparison of the program, there is no uninstall function at all!
Attach its source code here, you can see this is not a Trojan. However, the program is written very bad ...
#include "windows.h"
#include "winbase.h"
void main ()
{
Char buf [max_path];
:: ZeromeMory (buf, max_path);
:: getWindowsDirectory (BUF, MAX_PATH);
Char filename [MAX_PATH];
:: ZeromeMory (Filename, Max_Path);
STRCPY (FileName, BUF);
STRCAT (FileName, "// Downloaded Program Files // CNSMinio.dll");
:: MovefileEx (filename, null, movefile_delay_until_reboot);
:: ZeromeMory (Filename, Max_Path);
STRCPY (FileName, BUF);
STRCAT (FileName, "// Downloaded Program Files // CNSmin.dll");
:: MovefileEx (filename, null, movefile_delay_until_reboot);
:: ZeromeMory (Filename, Max_Path);
STRCPY (FileName, BUF);
STRCAT (FileName, "// Downloaded Program files // cnsio.dll");
:: MovefileEx (filename, null, movefile_delay_until_reboot);
}
Here, you will uninstall the detailed process of this plugin.
Since this 3721 network real name plugin is called the connection library using Rundll32.exe, the system cannot terminate
Rundll32.exe process, so we must restart your computer and press F8 to enter security mode
(F8 can only press once, don't press more!)
After that, click Start -> Run Regedit.exe Open the registry, enter:
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Windows / CurrentVersion / RUN /
Delete: CNSMIN
Its key value is: rundll32.exe c: /winnt/downloadlo ~ 1/cnsmin.dll, rundll32
(If it is Win98, here C: / WinNT / DOWNLO ~ 1 / C: / Windows / Download ~ 1 /)
HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / Internet Explorer / AdvancedOptions /
Delete the entire directory:! CNS
This directory joins the 3721 network real name option in the Internet Options -> Advanced.
HKEY_LOCAL_MACHINE / SOFTWARE / 3721 / and HKEY_CURRENT_USER / SOFTWARE / 3721 /
Delete the entire directory: 3721
Note: If you have other software of 3721, such as the best flying cat, etc., you should delete it.
Whole Table of Contents: HKEY_LOCAL_MACHINE / SOFTWARE / 3721 / CNSMIN
And HKEY_CURRENT_USER / SOFTWARE / 3721 / CNSMIN
HKEY_CURRENT_USER / SOFTWARE / Microsoft / Internet Explorer / Main /
Delete key: CNSENABLE whose key value is: A2C39D5F
Delete key: CNSHINT whose key value is: A2C39D5F
Delete key: CNSList whose key value is: A2C39D5F
After deleting the items in the registry, you also need to delete the 3721 network real name file stored in the hard disk.
Delete as follows:
C: / WinNT / DOWNLO ~ 1 directory
(Here the C: / WinNT / DOWNLO ~ 1 / C: / WINDOWS / DOWNLO ~ 1 / Top)
2001-08-09 15:34
2001-08-02 17:03 40,960 CNSIO.DLL
2001-08-08 14:14 102,400 CNSMIN.DLL
2001-08-24 23:14 42 CNSMIN.ini
2001-08-09 10:18 13,848 CNSMINEX.CAB
2001-07-06 17:57 32,768 CNSMINEX.DLL
2001-08-25 02:52 115 CNSMINEX.INI
2001-08-25 02:51 17,945 CNSMinio.CAB
2001-08-02 17:02 32,768 CNSMinio.dll
2001-08-24 23:15 40,793 CNSMINUP.CAB
C: / WinNT / DOWNLO ~ 1/3721 directory
2001-08-02 17:03 40,960 CNSIO.DLL
2001-08-24 15:53 102,400 cnsmin.dll
2001-07-06 17:59 213 cnsmin.inf
2001-08-24 15:48 28,672 CNSMINIO.DLL
All of the above documents are all deleted, so the 3721 network real name "virus" is all clear from your computer.
Finally, restart your computer and enter the normal mode. Now there is no bundle of 3721 network real names!
Published on:
http://www.yesky.com/
original:
http://chutium.top263.net/docs/3721.txt
