Jump to content

Found:Chinese SpyWare on My PC

pkfops

By pkfops,
in AOS & Immigration Challenges

Recommended Posts

pkfops

pkfops

Posted
Posted (edited)

I had a little virus issue on my PC this morning.

 

Virus found in helper.dll

 

Upon investigation, it was in my program folder 3721.

 

I suspect it was piggiedbacked when my wife did a download

or upgrade.

 

Found out 3721 is Chinese spyware, Ad-Ware & Spybot also

flagged this.

 

Has anybody had issues with CnsMin and or 3721?

 

Should I remove?

 

And or how should I remove?

 

thanks :offtopic:

Edited by pkfops (see edit history)
Link to comment
pkfops

pkfops

Posted
  • Author
Posted
This appears to be more an 'adware' than virus... so an application is associated with it.

 

Look here:

http://www.securemost.com/articles/trou_3_remove_cnsmin.htm

235676[/snapback]

Thanks David.

 

My wife is currently vacationing with

her family, touring northern California

and Oregon. She will be home tomorrow.

 

As for my home PC; I am no longer a user.

 

My wife is the user and I am just the administrator. :offtopic:

 

"Something is wrong; will you fix it please?" :offtopic:

Link to comment
m-coon

m-coon

Posted
Posted

I have it on both of my computers as well - not sure where we picked them up. But, I have tried everything I can think of - even called MS tech support - NOTHING WILL REMOVE IT.

I intend to just re-format the drive soon and then will be rid of it.

This is one powerful adware - I have deleted parts of the entire file - and they just keep coming back??????

Good luck. I will try the advise above - but if anybody else comes up with a way to remove it - I hope you will share it with us here!

Thanks,

Scott

Link to comment
david_dawei

david_dawei

Posted
Posted
I have it on both of my computers as well - not sure where we picked them up. But, I have tried everything I can think of - even called MS tech support - NOTHING WILL REMOVE IT.

I intend to just re-format the drive soon and then will be rid of it.

This is one powerful adware - I have deleted parts of the entire file - and they just keep coming back??????

Good luck. I will try the advise above - but if anybody else comes up with a way to remove it - I hope you will share it with us here!

Thanks,

Scott

236420[/snapback]

deleting part of a file often does leave something out there that continues to generate it over and over... Often a physical file is deleted, but a registry entry to another file continues to run (ie: the registry value was not deleted)...

 

I have found that usually Spydoctor, Adaware and HijackThishelp me to identify the files and/or registry areas... if they don't get rid of it, I usually poke around the registry, which is not for the faint of heart...

 

One other thing that can be checked is from DOS, "msconfig" startup tab.. to see what's loading (although HijackThis should also show it).

Link to comment
yuehan123

yuehan123

Posted
Posted

Be careful about re-formatting.

 

You may lose more than you bargained for.

 

If you saved a back-up and then restore your back up why bother re-formatting? Unless you have a clean back up with all your data and software pre-cnsmin, the bugs will also be restored with the back up. If you re-download your wife's "stuff" you'll likely get cnsmin back regardless.

 

If you don't use a back up how will you restore all the stuff you have now? It is likely you have a lot of things to lose. For example all your Yahoo archives and Microsoft Outlook addresses. They are not in "my documents," that I know of. Bought other software on-line? Where are the download instructions and license keys?

 

anyway, cnsmin doesn't do any real harm that I ever saw, it is more a matter that all the USA spyware programs have been told to find it. My wife's computer in China, and a lot of, I guess, Chinese computers have it, they live with it. Follow the instructions for Hijackthis or ignore cnsmin for a while.

 

I really don't know where cnsmin goes or how it hides, but it is so clever that running all the standard adware and spyware programs and deleting it using "safe" mode to delete it manually from the registry didn't kill it. You can remove it with Hijackthis but it is a manual process requiring you to make decisions and press the delete button.

 

When I ran Hijackthis I did not post the log or ask for advice. I read what the guy had to say, followed the example files and deleted those entries hijack this clearly marked as 'doesn't belong.' If you are not comfortable doing this, and why not, you are ready to re-format anyway? Let the Hijackthis forum group help you. The instructions are all there.

 

I'm not a computer guy. I know some members are. Maybe they will give you some advice. Good luck.

Link to comment
cosmiclobster

cosmiclobster

Posted
Posted (edited)

csnmin and other like it are very annoying and hard to remove, but not impossible.

 

Ewido is a good free program to remove garbage and AntiVir is a free virus protection program and it is good also. I also have Spyware Blaster and Spybot Search and Destroy on my PC (both free) I also recommend a good firewall (I use Lavasoft Personal Firewall, which is not free but it was for me *wink*).

A friend gave me his laptop because it was so hopelessly buried in Chinese spyware and crap that it took a half hour to boot and it would take another 10 minutes to open a program!! It took me the better part of 2 days to clean it out and make it functional again.

 

If anyone is interested, this is what I had to go through.

It usually takes 3 or 4 rounds to get it all out also.

Download a free program by Mike Lin called Startup (google to find it). Run it and remove programs if you don't know what they are and remove most of the other things also. It will be easy to get them to automatically start up again if you want them.

Do a search in windows for csnmin (or whatever other viruses you are aware of but can't get rid of) to see what program folders and files have it. You can try to delete them but your PC probably won't let you as they are currently running and in memory.

Restart windows in safe mode (F8 while booting) In safe mode open a DOS window and run regedit. Do a search for csnmin and delete every instance of it there is. Again, you may not be able to delete them all.

Boot your PC from an old dos disk. Navagate to the folders where you found csnmin the last time and delete them.

If your PC says you do not have permission or cannot delete, run the delete command with the -f options I.E. delete csnmin -f.

If that still doesn't work use the attrib command with the -r option. I.E. attrib csnmin -r. That will remove the read only option and you should be able to delete it then.

It will take a few go arounds of re bootiing and seeing what is left.

By repeating this procedure a few times, you should be able to get rid of it. QQ and tencent, 3721.com and a dozen other Chinese website will put this crap on your PC, often without you doing anything other than clicking on a single link on their page!! Beware!!!

Unless, of course, you want to donate your hopelessly infected laptop of PC to a worthy cause (ME) :rolleyes: :lol: :lol:

 

One last thing - reformatting and transfering your stuff back to the harddrive will almost certainly transfer the viruses also!!!

Edited by cosmiclobster (see edit history)
Link to comment
papa bear

papa bear

Posted
Posted (edited)
csnmin and other like it are very annoying and hard to remove, but not impossible.

 

Ewido is a good free program to remove garbage and AntiVir is a free virus protection program and it is good also. I also have Spyware Blaster and Spybot Search and Destroy on my PC (both free) I also recommend a good firewall (I use Lavasoft Personal Firewall, which is not free but it was for me *wink*).

A friend gave me his laptop because it was so hopelessly buried in Chinese spyware and crap that it took a half hour to boot and it would take another 10 minutes to open a program!! It took me the better part of 2 days to clean it out and make it functional again.

 

If anyone is interested, this is what I had to go through.

It usually takes 3 or 4 rounds to get it all out also.

Download a free program by Mike Lin called Startup (google to find it). Run it and remove programs if you don't know what they are and remove most of the other things also. It will be easy to get them to automatically start up again if you want them.

Do a search in windows for csnmin (or whatever other viruses you are aware of but can't get rid of) to see what program folders and files have it. You can try to delete them but your PC probably won't let you as they are currently running and in memory.

Restart windows in safe mode (F8 while booting) In safe mode open a DOS window and run regedit. Do a search for csnmin and delete every instance of it there is. Again, you may not be able to delete them all.

Boot your PC from an old dos disk. Navagate to the folders where you found csnmin the last time and delete them.

If your PC says you do not have permission or cannot delete, run the delete command with the -f options I.E. delete csnmin  -f.

If that still doesn't work use the attrib command with the -r option. I.E. attrib csnmin -r. That will remove the read only option and you should be able to delete it then.

It will take a few go arounds of re bootiing and seeing what is left.

By repeating this procedure a few times, you should be able to get rid of it. QQ and tencent, 3721.com and a dozen other Chinese website will put this crap on your PC, often without you doing anything other than clicking on a single link on their page!! Beware!!!

Unless, of course, you want to donate your hopelessly infected laptop of PC to a worthy cause (ME) :blink:  :)  :D

 

One last thing - reformatting and transfering your stuff back to the harddrive will almost certainly transfer the viruses also!!!

236554[/snapback]

Here are the links to ewido, antivir and firefox, firefox is an alternative to microsofts interner exploder and when it is setup properly will eliminate most Malware, popups and, viruses

http://www.ewido.net/en/

http://www.free-av.com/

http://www.mozilla.com/firefox/

if you use just the first two properly you will never have to do a reinstall again, at least not because of spyware/adware/dataminers/browser hijackers/keyloggers ect...

and these should not be confused with viruses.

 

If your neighbor was throwing trash in your yard would you just pick it up yourself and dispose of it, of course not, you would take legal action.

Save all logs from any spyware remover you use and send them with a letter of complaint to your congressman and senator, we need legislation to stop this from happening in the first place.

Edited by papa bear (see edit history)
Link to comment
david_dawei

david_dawei

Posted
Posted

Overall, the biggest problem I see is that the antivirus or anti-spyware software gets rid of part of the offending file and there remains something in the registry somewhere... Thus, these 'repeated' attempts to get rid of something, and the need to use more than one program to do it makes it necessary...

 

An issue I've seen that when you run an antivirus, it is usually done after the computer boots up, and therefore there are items in memory and possibly propagated to a few places upon boot up.

 

There is an antivirus program called "Avast" (free) that allows "boot time scanning", which means that on a reboot, it will scan the memory and disc as the first step of the startup (prior to anything loading) and runs in a dos like screen. There may be others programs that allow this and so would be good to use this periodically.

Link to comment
cosmiclobster

cosmiclobster

Posted
Posted

Here is a link to Mike Lin's Start Up program:

Start Up

One version is a stand alone program and the other lives in Control Panel, but they both work the same.

It makes it very easy to go in and see what gets loaded into your PC every time you power up, and just as easy to delete the things that you don't need to have running in memory every single time you power up!

Check it out!

Link to comment
david_dawei

david_dawei

Posted
Posted
Here is a link to Mike Lin's Start Up program:

Start Up

One version is a stand alone program and the other lives in Control Panel, but they both work the same.

It makes it very easy to go in and see what gets loaded into your PC every time you power up, and just as easy to delete the things that you don't need to have running in memory every single time you power up!

Check it out!

236688[/snapback]

Just downloaded this... This is an interesting tool, easy to use... but not as detailed as what I normally like...

 

Here is a link to various tools, including another "Startup" and "HijackThis", both which show lots of detail about what's loaded or running; HijackThis allows removing the items.

 

http://www.spywareinfo.com/~~merijn/downloads.html

Link to comment

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go to topic listing
×
×
  • Create New...