QUOTE(seecs @ Mar 30 2005, 11:21 PM)
I need help here...my pc is infected by CnsMin and I can't delete/rename the cnshook.dll and cnsmin.dll file in windows\downloaded program files\.
I had try to clean it but it restore itself in the registry key even before i reboot. I follow the removal instruction from www.spywareguide.com also fail to clean the CnsMin.
I had try to clean it but it restore itself in the registry key even before i reboot. I follow the removal instruction from www.spywareguide.com also fail to clean the CnsMin.
Did you click on that website http://www.3721.com/ which I gave ?
Dirty bugger that CNS.DLL.. affects only IE (Idiot Exploiter) but not Mozilla, FireFox or Netscape.
I'm one of the several people have always advocate the use of alternative browsers, but many stubborn people around anyway.. so let it be!
In the Command Prompt line, type the following commands:
CD \WINDOWS\DOWNLO~1
ATTRIB *.* -H -S
DIR/P
This displays all hidden files in your "Downloaded Program Files" folder. You CANNOT see them under Explorer! You will see files CnsMin.dll, CnsHook.dll, keepMain.dll and keepmain.cab in there. Those are stubborn files to kill. These cannot be deleted under Safe Mode either because they make use of RUNDLL32 service which locks them from deletion (even in Safe Mode with Command Prompt only!).
You have to boot from your WinXP CD to delete these files (use the "Repair" function).
This post has been edited by lex: Apr 12 2005, 09:20 PM