Welcome Guest ( Log In | Register )

Bump Topic Topic Closed RSS Feed

Outline · [ Standard ] · Linear+

 Spyware & Browser Hijack removal & links

views
     
lex
post Apr 12 2005, 08:33 PM

Old Am I?
Group Icon
VIP
18,182 posts

Joined: Jan 2005
From: Dagobah
QUOTE(seecs @ Mar 30 2005, 11:21 PM)
I need help here...my pc is infected by CnsMin and I can't delete/rename the cnshook.dll and cnsmin.dll file in windows\downloaded program files\.

I had try to clean it but it restore itself in the registry key even before i reboot. I follow the removal instruction from www.spywareguide.com also fail to clean the CnsMin.

laugh.gif Did you click on that website http://www.3721.com/ which I gave ? laugh.gif

Dirty bugger that CNS.DLL.. tongue.gif affects only IE (Idiot Exploiter) but not Mozilla, FireFox or Netscape. blush.gif

I'm one of the several people have always advocate the use of alternative browsers, but many stubborn people around anyway.. so let it be! laugh.gif

In the Command Prompt line, type the following commands:

CD \WINDOWS\DOWNLO~1
ATTRIB *.* -H -S
DIR/P

This displays all hidden files in your "Downloaded Program Files" folder. You CANNOT see them under Explorer! You will see files CnsMin.dll, CnsHook.dll, keepMain.dll and keepmain.cab in there. Those are stubborn files to kill. These cannot be deleted under Safe Mode either because they make use of RUNDLL32 service which locks them from deletion (even in Safe Mode with Command Prompt only!). ohmy.gif

You have to boot from your WinXP CD to delete these files (use the "Repair" function). wink.gif

This post has been edited by lex: Apr 12 2005, 09:20 PM
lex
post Apr 23 2005, 11:17 PM

Old Am I?
Group Icon
VIP
18,182 posts

Joined: Jan 2005
From: Dagobah
QUOTE(Darkmage12 @ Apr 23 2005, 11:07 PM)
ei bout that wengs adware if its so stuborn how u remove it?

How else... please read my previous post... like this one:
QUOTE(lex @ Apr 23 2005, 10:55 PM)
Boot from WinXP install CD, and in the recovery console... delete that file.

FYI rolleyes.gif

lex
post Apr 30 2005, 11:03 PM

Old Am I?
Group Icon
VIP
18,182 posts

Joined: Jan 2005
From: Dagobah
Anyway, I would like to inform all that a NEW VARIANT of this CNS spyware has been found locally! This one is a BIG cause of CONCERN because.... sweat.gif

It is TOTALLY INVISIBLE to all anti-spyware, trojan detectors, rootkitrevealer and HijackThis detection!! It does NOT show up as an NT process, totally hidden... Must be using more advanced rootkit techniques. It does not show any signs of infection either (startups look normal).. everything looks normal. It does not install into folders that I expect CNS would install.. blink.gif

I did noticed CNS.EXE under Windows system folder. The tip balloon appeared saying it belongs to "Microsoft", checking its properties also says owner "Microsoft" but what was suspicious is that all TRUE Microsoft files shows "Microsoft Corporation", and not "Microsoft"! It cannot be deleted (even under Safe Mode!). ohmy.gif

Using WinXP CD boot-up didn't clean it either (it came back! cry.gif ) Looking around yielded that it installed itself as a WDM device driver in fact! Inside the Windows System32\Drivers folder, there it was... CnsMinKP.sys Damn! They are getting smarter all the time! sweat.gif

Just beware! These malware stuff are getting more sophisticated all the time.. shakehead.gif
lex
post Jun 6 2005, 03:29 PM

Old Am I?
Group Icon
VIP
18,182 posts

Joined: Jan 2005
From: Dagobah
Adware lop.com is pretty old but also pretty nasty as it causes random Explorer crashes. Quite difficult (and tricky) to kill, also resides in the desktop whenver the system starts (even in Safe Mode!). rolleyes.gif
lex
post Aug 30 2005, 04:28 PM

Old Am I?
Group Icon
VIP
18,182 posts

Joined: Jan 2005
From: Dagobah
LOP is a sneaky adware/spyware which I came across often before. It can infect both IE and Netscape/Mozilla as well, however only way it can enter your system is still thru IE (aka Idiot Exploiter). One it infects the system, your browser, desktop, explorer and search functions are hijacked. It also create/modify registry entries so that it can be used with Mozilla or Netscape. On some machines, especially those running older Windows ME operating systems, it randomly crashes the system.. usually causing Explorer crashes and illegal operations. mad.gif

Anyway, DO NOT trust the uninstaller tool from the creators of LOP themselves. Its better to get a 3rd party utility to clean out that pesky LOP. flex.gif

Topic ClosedOptions
 

Change to:
| Lo-Fi Version
0.0137sec    0.25    7 queries    GZIP Disabled
Time is now: 29th March 2024 - 05:44 PM