When you recently browsed some portals, you may be installed with an Internet Explorer plug-in named "3721 Network Real Name. Although these portal websites and 3721 are good intentions, it is a bit inappropriate to install such a plug-in unilaterally! The reason is that it is a virus because it is also started automatically at startup, and although it brings some convenience, it makes the system run extremely unstable and slows down the Internet access speed. On the s8s8.net forum, many netizens said that the error message "cmder.exe" is often prompted when the instance is shut down. I am also suffering from the same harm. After a careful study, the problem lies in the "3721 real-name network! What's more, it may be because the program is too hasty to uninstall it!
The source code is attached here. The Code shows that this is not a Trojan. However, the program is poorly written ......
# Include "windows. h"
# Include "winbase. h"
Void main ()
{
Char buf [MAX_PATH];
: ZeroMemory (buf, MAX_PATH );
: GetWindowsDirectory (buf, MAX_PATH );
Char filename [MAX_PATH];
: ZeroMemory (filename, MAX_PATH );
Strcpy (filename, buf );
Strcat (filename, "\ Downloaded Program Files \ CnsMinIO. dll ");
: MoveFileEx (filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT );
: ZeroMemory (filename, MAX_PATH );
Strcpy (filename, buf );
Strcat (filename, "\ Downloaded Program Files \ CnsMin. dll ");
: MoveFileEx (filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT );
: ZeroMemory (filename, MAX_PATH );
Strcpy (filename, buf );
Strcat (filename, "\ Downloaded Program Files \ cnsio. dll ");
: MoveFileEx (filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT );
}
The following describes how to uninstall the plug-in.
Because the 3721network real-name plug-in uses rundll32.exeto call the Connection database, the system cannot stop the rundll32.exe process. Therefore, we must restart the computer and press F8 to enter the safe mode (Press F8 only once, never press more !). Click Start> RUN regedit.exe to open the registry and enter:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run \
Delete key: CnsMin
The key value is Rundll32.exe C: \ WINNT \ DOWNLO ~ 1 \ CnsMin. dll, Rundll32
(For win98, Here C: \ WINNT \ DOWNLO ~ 1 \ C: \ WINDOWS \ DOWNLO ~ 1 \)
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Internet Explorer \ AdvancedOptions \
Delete the entire directory :! CNS
This directory adds the 3721 Network Real Name option to Internet Options> advanced.
HKEY_LOCAL_MACHINE \ SOFTWARE \ 3721 \ and HKEY_CURRENT_USER \ Software \ 3721 \
Delete the entire directory: 3721
Note: If you have installed 3721 of other software, such as the best flying cat, you should delete it.
Entire directory: HKEY_LOCAL_MACHINE \ SOFTWARE \ 3721 \ CnsMin
And HKEY_CURRENT_USER \ Software \ 3721 \ CnsMin
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ Main \
Delete key: CNSEnable, whose key value is a2c39d5f
Delete key: CNSHint whose key value is a2c39d5f
Delete key: CNSList whose key value is a2c39d5f
After deleting the entries in the registry, you also need to delete the 3721 network real-name file stored on the hard disk.
Delete the following files:
C: \ WINNT \ DOWNLO ~ 1 directory
(Here, C: \ WINNT \ DOWNLO ~ 1 \ C: \ WINDOWS \ DOWNLO ~ 1 \ same below)
3721
40,960 cnsio. dll
102,400 CnsMin. dll
CnsMin. ini
13,848 CnsMinEx. cab
32,768 CnsMinEx. dll
115 CnsMinEx. ini
17,945 CnsMinIO. cab
32,768 CnsMinIO. dll
40,793 CnsMinUp. cab
C: \ WINNT \ DOWNLO ~ 1 \ 3721 under the Directory
40,960 cnsio. dll
102,400 CnsMin. dll
213 CnsMin. inf
28,672 CnsMinIO. dll
Delete all the above files, so that the 3721 Network Real Name "virus" will be cleared from your computer.
Finally, restart the computer and enter normal mode. Now there are no more than 3721 real-name network bundles!
...: [End]:...
The method to disable 3721 is as follows:
After uninstall 3721, use NotePad to open c: \ windows \ hosts (search, indicating the file) and add the following characters (separate the IP address and domain name with a space ):
0.0.0.0 www.3721.com
0.0.0.0 cnsmin.3721.com
0.0.0.0 download.3721.com
The saved file name is Hosts (do not add any extension). The Windows 98/Me system saves the file to the Windows directory, in Windows 2000/XP, the file is saved to the WINNT \ system32 \ drivers \ etc directory. If the Hosts file already exists, replace it directly. Then open the browser to observe the results. How can this problem be solved? Can't see the 3721 dialog box anymore?
Similarly, using Hosts files can also deal with advertisements on webpages. Currently, many large websites have Hosts that store advertisements. by viewing the source code of the webpage, you can find the host on which the advertisement files are stored, and then use the Hosts file to parse the IP address of the host, you can reject these advertisements.
It can also accelerate frequently visited websites: X. X (Space) WWW. X. COM (the IP address is real)
...: [Other]:...
In addition, you can use a multi-page browser
3721. com 218.244.44.10
3721. net 202.106.148.154
Www.3721.com 218.244.44.10
Www.3721.net 202.106.148.154
Download.3721.com 218.244.44.34
Download.3721.net 218.244.44.35
Add these to the blacklist,
Block Section C
218.244.44 .*
202.106.148 .*
Attached Hosts:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# Entry shoshould be kept on an individual line. The IP address shold
# Be placed in the first column followed by the corresponding host name.
# The IP address and the host name shocould be separated by at least one
# Space.
#
# Additionally, comments (such as these) may be inserted on individual
# Lines or following the machine name denoted by a' # 'symbol.
#
# For example:
#
#102.54.94.97 rhino.acme.com # source server
#38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
127.0.0.1 3721.com #3721 Network Real Name
127.0.0.1 3721.net #3721 real-name Network
127.0.0.1 cnsmin.3721.com #3721 Network Real Name
127.0.0.1 download.3721.com #3721 Network Real Name
127.0.0.1 www.3721.com #3721 Network Real Name
127.0.0.1 www.3721.net #3721 Network Real Name
