CNS
-
he noob wat
-
too add on, i used the shreder tool but it says that the file has been locked down or used by an application.Originally posted by davidche:I found another place with this cns thingy. Its called cnsminkp(.dat)
anyway, under its properties i found this thing whcic looks useful
-
AVG said my shell32.dll had been changed
-
Please, CCleaner cleans off temp files. It has NO EFFECTS on malicious files. If CCleaner can clean off system32 folder or system folders, you are screwed. Don't know where you get the idea that clearing temporary files helps, it's not case. The only case when it helps, and the only infection that uses temporary files is an A:B infection.Originally posted by kawasaki2:Here's my recommended tactic:
When I encounter files possibly left behind by an unknown program, and the anti-malware tools cannot do it, I forcefully erase the file from the computer permanently. I don't recommend working with the registry for this, unless you know what you're doing.
Use these tools:
Eraser
--------
www.heidi.ie/eraser
CCleaner
-----------
www.ccleaner.com
Use it and clear off the file.
Eraser setting to note:
Erasing preferences use the default 35 passes. Check all boxes.
CCleaner:
Main screen:
Check all boxes except Hotfix uninstallers, these are the uninstallers for windows updates. You may want to clear them out or not.
Applications:
Check all boxes.
Issues:
Check all boxes.
Please inspect the tools section of the program, under uninstall and startup, see if there's anything suspicious in there.
Options:
Settings: English, check the first 3 boxes off, enable ccleaner auto-check for updates, choose NSA 7 passes for secure deletion.
Cookies:
Up to you.
Custom:
Up to you.
Advanced:
Check boxes no. 4, 5, 6, 7. Box no. 7, save all settings to .ini file is for convenience.
And secure deletion doesn't help. Secure deletion is for privacy. It doesn't delete a file securely, as its name suggests. -
Did you update your Windows?Originally posted by MyPillowTalks:AVG said my shell32.dll had been changed
Do a check with you:
Locate your shell32.dll file
Right click and select Properties
In the General tab, tell me its file size.
In the Version tab, tell me the file version, the company -
Shredder tool has no effects.Originally posted by davidche:too add on, i used the shreder tool but it says that the file has been locked down or used by an application.
Post back the list of files detected and where are they located.
In this format:
file name - file location
Example:
cns.dll - C:\Windows\system32 -
cns.dll -C:\WINNT\system32Originally posted by ndmmxiaomayi:Shredder tool has no effects.
Post back the list of files detected and where are they located.
In this format:
file name - file location
Example:
cns.dll - C:\Windows\system32
cns.exe -C:\WINNT\system32
cns.dat -C:\Winnt\system32
cnsminkp - C:\ Winnt\system32\drivers
wHEN I GO IN C DRIVE, I SEE WINDOWS AND WINNT.
WHEN I PRESS WINDOWS, I SEE TEMP, FILESTOR32...ETC....
WHEN I CLICK WINNT, I SEE SYSTEM 32, SYSTEM...ETC... -
cns.dll -C:\WINNT\system32
cns.exe -C:\WINNT\system32
cns.dat -C:\Winnt\system32
cnsminkp - C:\ Winnt\system32\drivers
Can you please update your anti-spyware and anti-virus programs and scan your computer again to see if the cns file is still being detected. -
Use this program called Unlocker.Originally posted by davidche:too add on, i used the shreder tool but it says that the file has been locked down or used by an application.
Download it from here: http://ccollomb.free.fr/unlocker/
After unlocking the file, use Eraser and try to delete the file again.
What are the file properties for the cns files? Right-click and check the properties of the file first before doing anything. -
http://forum.lowyat.net/lofiversion/index.php/t11787.html
Still finding ways..this is not a virus. its a malware
Did you click on that website http://www.3721.com/ which I gave ?
Dirty bugger that CNS.DLL.. affects only IE (Idiot Exploiter) but not Mozilla, FireFox or Netscape.
I'm one of the several people have always advocate the use of alternative browsers, but many stubborn people around anyway.. so let it be!
In the Command Prompt line, type the following commands:
CD \WINDOWS\DOWNLO~1
ATTRIB *.* -H -S
DIR/P
This displays all hidden files in your "Downloaded Program Files" folder. You CANNOT see them under Explorer! You will see files CnsMin.dll, CnsHook.dll, keepMain.dll and keepmain.cab in there. Those are stubborn files to kill. These cannot be deleted under Safe Mode either because they make use of RUNDLL32 service which locks them from deletion (even in Safe Mode with Command Prompt only!).
You have to boot from your WinXP CD to delete these files (use the "Repair" function). -
@TS. can u do a full system search( search for hidden files too). search for "CNS"
cos cns also appears in driver for some other people's cases.
firstly u will need to locate them all
SS and post it. so i could determine which are the cns malwares.
and also, make their location visable -
There is one last thing you could try before contacting Microsoft for help. Download and install the new beta version of IE.
http://www.bleepingcomputer.com/forums/topic51345-20.html
http://www.microsoft.com/windows/ie/default.mspx
It may reinstall any corrupted or missing files and resolve your problem.
that guy got this problem solved.
from http://bbs.360safe.com/viewthread.php?tid=78598&extra=page%3D10Full Name:
from http://kvirus.blogchina.com/3225295.html
CnsMin Websearch
Type: Adware
Created by: Beijing 3721 Technology Company Ltd.
SG Index: 5 [Explain]
Removal tools: List of products that detect/remove/protect against CnsMin:
# Pro User: X-Cleaner
# IM - P2P Security Appliance: RTGuardian
# Regulatory Compliance: Greynet Enterprise Manager
Comment: Other than replacing the IE search feature with a Chinese site likely to be incomprehensible to non-Chinese users, CnsMin is not overtly harmful, but it uses extremely anti-social methods to make it difficult to uninstall. Is installed by ActiveX drive-by-download at its company's site, 3721.com. Has also apparently been included in junk e-mail, which could be how some Western users have ended up with it.
Information URL: http://www.3721.com/
Manual removal: You cannot delete CnsMin whilst it is running; if you try to deregister it, it restores all its registry entries immediately. In Windows 95 and 98 you can boot without loaded it must be done by using Start -> Shutdown -> Restart in MS-DOS mode and typing the following commands:
cd DOWNLO~1
del cns*.*
del 3721*.*
rmdir 3721
exit
Then reboot.In Windows NT/2000/XP it is possible to move the files so that they cannot be reloaded. Open the Command prompt (Start -> Programs -> Accessories) and type:
from "baidu answers". because the origin of the virus came from china. i'll do a search in china's intranet.
cd "%WinDir%\Downloaded Program Files"
ren CnsMin.dll CnsDel.dll
Reboot and load the Command prompt again. Type:
cd "%WinDir%\Downloaded Program Files"
del cns*.*
(As far as I know, users of Windows Me are screwed - there is no MS-DOS mode and files cannot be renamed. Try to get hold of a DOS boot disc?)
The first time you reboot after deleting or moving CnsMin you�fll get an error about not being able to find it. Ignore this. To clean up the remaining traces of the software that cause this, open the registry (Start -> Run -> regedit) and delete the following keys:
HKEY_CLASSES_ROOT\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}
HKEY_CLASSES_ROOT\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}
HKEY_CLASSES_ROOT\CnsHelper.CH
HKEY_CLASSES_ROOT\CnsHelper.CH.1
HKEY_CLASSES_ROOT\CnsMinHK.CnsHook
HKEY_CLASSES_ROOT\CnsMinHK.CnsHook.1
HKEY_CURRENT_USER\Software\3721
HKEY_LOCAL_MACHINE\Software\3721
HKEY_LOCAL_MACHINE\Software\InterChina
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AdvancedOptions\!CNS
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{5D73EE86-05F1-49ed-B850-E423120EC338}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\{FD00D911-7529-4084-9946-A29F1BDF4FE5}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\CnsMin
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin
Link�F
http://www.doxdesk.com/parasite/CnsMin.html
http://zhidao.baidu.com/question/10121815.html
they direct translate until very jialat. come i help u translate.
Using google language tool
This is not two things is not a Trojan horse virus is a rogue software components. Anti-virus software and Trojan removal of the software can not remove it, you starting this : Intelligent analysis software liquidation assistants' rogue 'official version v1.46 Build 032 (R51124) green downloaded version addresses http : //www.51ct.cn/downinfo/37.html Mar-cns.ex e-information process or process documents : Mar cns.exe description of the process : Name : Cns cns.exe mound Chinese Internet site is MAK procedures. Products : MAK Internet is a systematic process : Address : 3721 Chinese background process : whether the use of the network : Common mistakes : not whether hardware-related memory : unknown Scheme, the Scheme safety levels : unknown (0-5) : 0 : whether advertising software : Spyware : whether the virus has not Trojan :
it says that this cns thingy isn't a virus nor tojan. its a adware. using common anti virus or trajan program cannot remove them. you have to use this adware removal:
malware removal tool. (the software in chinese name.. ps i donnoe how to translate). v1.46 Build 032. standalone version at
http://www.51ct.cn/downinfo/37.html -
Go to Folder Options, and make sure 'Show all hidden files' is selected.Originally posted by manyu882:@TS. can u do a full system search( search for hidden files too). search for "CNS"
cos cns also appears in driver for some other people's cases.
firstly u will need to locate them all
SS and post it. so i could determine which are the cns malwares.
and also, make their location visable -
@ts. Cns doesn't do harm actually. so u can just ignore it. it is a toolbar created by some beijin company for the convience for chinese people while suring their internet. however, CnS is hard to be removed, thats why everyone rates it as an adaware.
-
advice noted!
thanks alot for your help...but i would be glad to remove it iof there is a solution from mayi. -
Same as the solutions posted.