Malware Info: CnsMin BHO

Removing CnsMin
Categories: BHO,Hijacker,Toolbar,Downloader
The BHO (Browser Helper Object) waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.

When the default home page is hijacked, the browser opens to the web page set by the hijacker
instead of the user's designated home page. In some cases, the hijacker may block users from
restoring their desired home page.

A search hijacker redirects search results to other pages and may
transmit search and browsing data to unknown servers. An error page hijacker directs
the browser to another page, usually an advertising page, instead of the usual error
page when the requested URL is not found.

A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.

Hijackers take control of various parts of your web browser, including your home page,
search pages, and search bar. They may also redirect you to certain sites should you
mistype an address or prevent you from going to a website they would rather you not,
such as sites that combat malware. Some will even redirect you to their own search engine
when you attempt a search. NB: hijackers almost exclusively target Internet Explorer.
Toolbar presents itself as a helpful add-on for Internet Explorer but it is a real pest.
It replaces your start page, continuosly open a number of pop up windows and so on.
This family of Trojans downloads and installs new malware or adware on the computer.
The downloader then either launches the new malware or registers it to enable autorun
according to the local operating system requirements.

The names and locations of malware to be downloaded are either coded into the
Trojan or downloaded from a specified website.

CnsMin Also known as:


[Panda]Spyware/CnsMin

Visible Symptoms:
Files in system folders:

 
[%PROGRAM_FILES%]\3721\alLiveEx.dll
[%SYSTEM%]\assist.dll
[%SYSTEM%]\cns.dat
[%SYSTEM%]\cns.dll
[%SYSTEM%]\cns.exe
[%SYSTEM%]\drivers\cnsminkp.sys
[%WINDOWS%]\cnsinfo.dat
[%WINDOWS%]\downloaded program files\cnshook.dll
[%WINDOWS%]\downloaded program files\cnsio.dll
[%WINDOWS%]\downloaded program files\cnsmin.dll
[%WINDOWS%]\downloaded program files\cnsmin.inf
[%WINDOWS%]\downloaded program files\cnsmin.ini
[%WINDOWS%]\downloaded program files\cnsmincg.ini
[%WINDOWS%]\downloaded program files\cnsmindt.cab
[%WINDOWS%]\downloaded program files\cnsmindt.dll
[%WINDOWS%]\downloaded program files\cnsminex.cab
[%WINDOWS%]\downloaded program files\cnsminex.dll
[%WINDOWS%]\downloaded program files\cnsminex.ini
[%WINDOWS%]\downloaded program files\cnsminhk.cab
[%WINDOWS%]\downloaded program files\cnsminidn.cab
[%WINDOWS%]\downloaded program files\cnsminio.cab
[%WINDOWS%]\downloaded program files\cnsminio.dll
[%WINDOWS%]\downloaded program files\cnsminsv.cab
[%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll
[%WINDOWS%]\downloaded program files\cnsup.ini
[%WINDOWS%]\downloaded program files\keepmain.dll
[%WINDOWS%]\downlo~1\3721\cnsio.dll
[%WINDOWS%]\downlo~1\cnshook.dll
[%WINDOWS%]\downlo~1\cnsio.dll
[%WINDOWS%]\downlo~1\cnsmin.dll
[%WINDOWS%]\downlo~1\cnsmin.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsmindt.dll
[%WINDOWS%]\downlo~1\cnsminex.dll
[%WINDOWS%]\downlo~1\cnsminex.ini
[%WINDOWS%]\downlo~1\cnsminio.dll
[%WINDOWS%]\DOWNLO~1\CnsMinSV.dll
[%WINDOWS%]\downlo~1\cnsup.ini
[%APPDATA%]\aneestdpea.lib
[%FAVORITES%]\3721 chinese keywords.url
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk
[%PROGRAM_FILES%]\cnscfgf.dat
[%PROGRAM_FILES%]\cnscfgr.dat
[%PROGRAM_FILES%]\cnsmin.dat
[%SYSTEM%]\bdhelper.dll
[%SYSTEM%]\cesweb.dll
[%SYSTEM%]\cnshook.dll
[%SYSTEM%]\ehelper.dll
[%WINDOWS%]\downloaded program files\3721\cnsio.dll
[%WINDOWS%]\downloaded program files\axfilter.dll
[%WINDOWS%]\downloaded program files\cns02.dat
[%WINDOWS%]\downloaded program files\cnsminaf.cab
[%WINDOWS%]\downloaded program files\cnsminck.cab
[%WINDOWS%]\downloaded program files\cnsminck.dll
[%WINDOWS%]\downloaded program files\cnsminsv.dll
[%WINDOWS%]\downloaded program files\keepmainm.cab
[%WINDOWS%]\system\assist.dll
[%WINDOWS%]\system\bdhelper.dll
[%WINDOWS%]\system\cesweb.dll
[%WINDOWS%]\system\cnshook.dll
[%PROGRAM_FILES%]\3721\alLiveEx.dll
[%SYSTEM%]\assist.dll
[%SYSTEM%]\cns.dat
[%SYSTEM%]\cns.dll
[%SYSTEM%]\cns.exe
[%SYSTEM%]\drivers\cnsminkp.sys
[%WINDOWS%]\cnsinfo.dat
[%WINDOWS%]\downloaded program files\cnshook.dll
[%WINDOWS%]\downloaded program files\cnsio.dll
[%WINDOWS%]\downloaded program files\cnsmin.dll
[%WINDOWS%]\downloaded program files\cnsmin.inf
[%WINDOWS%]\downloaded program files\cnsmin.ini
[%WINDOWS%]\downloaded program files\cnsmincg.ini
[%WINDOWS%]\downloaded program files\cnsmindt.cab
[%WINDOWS%]\downloaded program files\cnsmindt.dll
[%WINDOWS%]\downloaded program files\cnsminex.cab
[%WINDOWS%]\downloaded program files\cnsminex.dll
[%WINDOWS%]\downloaded program files\cnsminex.ini
[%WINDOWS%]\downloaded program files\cnsminhk.cab
[%WINDOWS%]\downloaded program files\cnsminidn.cab
[%WINDOWS%]\downloaded program files\cnsminio.cab
[%WINDOWS%]\downloaded program files\cnsminio.dll
[%WINDOWS%]\downloaded program files\cnsminsv.cab
[%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll
[%WINDOWS%]\downloaded program files\cnsup.ini
[%WINDOWS%]\downloaded program files\keepmain.dll
[%WINDOWS%]\downlo~1\3721\cnsio.dll
[%WINDOWS%]\downlo~1\cnshook.dll
[%WINDOWS%]\downlo~1\cnsio.dll
[%WINDOWS%]\downlo~1\cnsmin.dll
[%WINDOWS%]\downlo~1\cnsmin.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsmindt.dll
[%WINDOWS%]\downlo~1\cnsminex.dll
[%WINDOWS%]\downlo~1\cnsminex.ini
[%WINDOWS%]\downlo~1\cnsminio.dll
[%WINDOWS%]\DOWNLO~1\CnsMinSV.dll
[%WINDOWS%]\downlo~1\cnsup.ini
[%APPDATA%]\aneestdpea.lib
[%FAVORITES%]\3721 chinese keywords.url
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk
[%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk
[%PROGRAM_FILES%]\cnscfgf.dat
[%PROGRAM_FILES%]\cnscfgr.dat
[%PROGRAM_FILES%]\cnsmin.dat
[%SYSTEM%]\bdhelper.dll
[%SYSTEM%]\cesweb.dll
[%SYSTEM%]\cnshook.dll
[%SYSTEM%]\ehelper.dll
[%WINDOWS%]\downloaded program files\3721\cnsio.dll
[%WINDOWS%]\downloaded program files\axfilter.dll
[%WINDOWS%]\downloaded program files\cns02.dat
[%WINDOWS%]\downloaded program files\cnsminaf.cab
[%WINDOWS%]\downloaded program files\cnsminck.cab
[%WINDOWS%]\downloaded program files\cnsminck.dll
[%WINDOWS%]\downloaded program files\cnsminsv.dll
[%WINDOWS%]\downloaded program files\keepmainm.cab
[%WINDOWS%]\system\assist.dll
[%WINDOWS%]\system\bdhelper.dll
[%WINDOWS%]\system\cesweb.dll
[%WINDOWS%]\system\cnshook.dll

How to detect CnsMin:

Files: [%PROGRAM_FILES%]\3721\alLiveEx.dll [%SYSTEM%]\assist.dll [%SYSTEM%]\cns.dat [%SYSTEM%]\cns.dll [%SYSTEM%]\cns.exe [%SYSTEM%]\drivers\cnsminkp.sys [%WINDOWS%]\cnsinfo.dat [%WINDOWS%]\downloaded program files\cnshook.dll [%WINDOWS%]\downloaded program files\cnsio.dll [%WINDOWS%]\downloaded program files\cnsmin.dll [%WINDOWS%]\downloaded program files\cnsmin.inf [%WINDOWS%]\downloaded program files\cnsmin.ini [%WINDOWS%]\downloaded program files\cnsmincg.ini [%WINDOWS%]\downloaded program files\cnsmindt.cab [%WINDOWS%]\downloaded program files\cnsmindt.dll [%WINDOWS%]\downloaded program files\cnsminex.cab [%WINDOWS%]\downloaded program files\cnsminex.dll [%WINDOWS%]\downloaded program files\cnsminex.ini [%WINDOWS%]\downloaded program files\cnsminhk.cab [%WINDOWS%]\downloaded program files\cnsminidn.cab [%WINDOWS%]\downloaded program files\cnsminio.cab [%WINDOWS%]\downloaded program files\cnsminio.dll [%WINDOWS%]\downloaded program files\cnsminsv.cab [%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll [%WINDOWS%]\downloaded program files\cnsup.ini [%WINDOWS%]\downloaded program files\keepmain.dll [%WINDOWS%]\downlo~1\3721\cnsio.dll [%WINDOWS%]\downlo~1\cnshook.dll [%WINDOWS%]\downlo~1\cnsio.dll [%WINDOWS%]\downlo~1\cnsmin.dll [%WINDOWS%]\downlo~1\cnsmin.ini [%WINDOWS%]\downlo~1\cnsmincg.ini [%WINDOWS%]\downlo~1\cnsmindt.dll [%WINDOWS%]\downlo~1\cnsminex.dll [%WINDOWS%]\downlo~1\cnsminex.ini [%WINDOWS%]\downlo~1\cnsminio.dll [%WINDOWS%]\DOWNLO~1\CnsMinSV.dll [%WINDOWS%]\downlo~1\cnsup.ini [%APPDATA%]\aneestdpea.lib [%FAVORITES%]\3721 chinese keywords.url [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk [%PROGRAM_FILES%]\cnscfgf.dat [%PROGRAM_FILES%]\cnscfgr.dat [%PROGRAM_FILES%]\cnsmin.dat [%SYSTEM%]\bdhelper.dll [%SYSTEM%]\cesweb.dll [%SYSTEM%]\cnshook.dll [%SYSTEM%]\ehelper.dll [%WINDOWS%]\downloaded program files\3721\cnsio.dll [%WINDOWS%]\downloaded program files\axfilter.dll [%WINDOWS%]\downloaded program files\cns02.dat [%WINDOWS%]\downloaded program files\cnsminaf.cab [%WINDOWS%]\downloaded program files\cnsminck.cab [%WINDOWS%]\downloaded program files\cnsminck.dll [%WINDOWS%]\downloaded program files\cnsminsv.dll [%WINDOWS%]\downloaded program files\keepmainm.cab [%WINDOWS%]\system\assist.dll [%WINDOWS%]\system\bdhelper.dll [%WINDOWS%]\system\cesweb.dll [%WINDOWS%]\system\cnshook.dll [%PROGRAM_FILES%]\3721\alLiveEx.dll [%SYSTEM%]\assist.dll [%SYSTEM%]\cns.dat [%SYSTEM%]\cns.dll [%SYSTEM%]\cns.exe [%SYSTEM%]\drivers\cnsminkp.sys [%WINDOWS%]\cnsinfo.dat [%WINDOWS%]\downloaded program files\cnshook.dll [%WINDOWS%]\downloaded program files\cnsio.dll [%WINDOWS%]\downloaded program files\cnsmin.dll [%WINDOWS%]\downloaded program files\cnsmin.inf [%WINDOWS%]\downloaded program files\cnsmin.ini [%WINDOWS%]\downloaded program files\cnsmincg.ini [%WINDOWS%]\downloaded program files\cnsmindt.cab [%WINDOWS%]\downloaded program files\cnsmindt.dll [%WINDOWS%]\downloaded program files\cnsminex.cab [%WINDOWS%]\downloaded program files\cnsminex.dll [%WINDOWS%]\downloaded program files\cnsminex.ini [%WINDOWS%]\downloaded program files\cnsminhk.cab [%WINDOWS%]\downloaded program files\cnsminidn.cab [%WINDOWS%]\downloaded program files\cnsminio.cab [%WINDOWS%]\downloaded program files\cnsminio.dll [%WINDOWS%]\downloaded program files\cnsminsv.cab [%WINDOWS%]\Downloaded Program Files\CnsMinSV.dll [%WINDOWS%]\downloaded program files\cnsup.ini [%WINDOWS%]\downloaded program files\keepmain.dll [%WINDOWS%]\downlo~1\3721\cnsio.dll [%WINDOWS%]\downlo~1\cnshook.dll [%WINDOWS%]\downlo~1\cnsio.dll [%WINDOWS%]\downlo~1\cnsmin.dll [%WINDOWS%]\downlo~1\cnsmin.ini [%WINDOWS%]\downlo~1\cnsmincg.ini [%WINDOWS%]\downlo~1\cnsmindt.dll [%WINDOWS%]\downlo~1\cnsminex.dll [%WINDOWS%]\downlo~1\cnsminex.ini [%WINDOWS%]\downlo~1\cnsminio.dll [%WINDOWS%]\DOWNLO~1\CnsMinSV.dll [%WINDOWS%]\downlo~1\cnsup.ini [%APPDATA%]\aneestdpea.lib [%FAVORITES%]\3721 chinese keywords.url [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\3721éïíøöúêö.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ieðþ¸´.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\ïµí³¼óëù.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\öúêö°ïöú.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\òþë½±£»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\°²è«·à»¤.lnk [%PROFILE%]\administrator\start menu\programs\3721éïíøöúêö\¹ã¸æà¹½ø.lnk [%PROGRAM_FILES%]\cnscfgf.dat [%PROGRAM_FILES%]\cnscfgr.dat [%PROGRAM_FILES%]\cnsmin.dat [%SYSTEM%]\bdhelper.dll [%SYSTEM%]\cesweb.dll [%SYSTEM%]\cnshook.dll [%SYSTEM%]\ehelper.dll [%WINDOWS%]\downloaded program files\3721\cnsio.dll [%WINDOWS%]\downloaded program files\axfilter.dll [%WINDOWS%]\downloaded program files\cns02.dat [%WINDOWS%]\downloaded program files\cnsminaf.cab [%WINDOWS%]\downloaded program files\cnsminck.cab [%WINDOWS%]\downloaded program files\cnsminck.dll [%WINDOWS%]\downloaded program files\cnsminsv.dll [%WINDOWS%]\downloaded program files\keepmainm.cab [%WINDOWS%]\system\assist.dll [%WINDOWS%]\system\bdhelper.dll [%WINDOWS%]\system\cesweb.dll [%WINDOWS%]\system\cnshook.dll

Folders: [%PROGRAM_FILES%]\3721 [%WINDOWS%]\downloaded program files\3721 [%COMMON_PROGRAMS%]\Chinese keywords [%PROFILE%]\start menu\programs\3721éïíøöúêö [%PROGRAMS%]\chinese keywor [%PROGRAMS%]\chinese keywords

Registry Keys: HKEY_CLASSES_ROOT\autolive.live HKEY_CLASSES_ROOT\autolive.live.1 HKEY_CLASSES_ROOT\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F} HKEY_CLASSES_ROOT\clsid\{47387079-da8d-48ab-98c7-0017812d51ea} HKEY_CLASSES_ROOT\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2} HKEY_CLASSES_ROOT\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4} HKEY_CLASSES_ROOT\clsid\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_CLASSES_ROOT\CLSID\{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} HKEY_CLASSES_ROOT\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} HKEY_CLASSES_ROOT\cnshelper.ch HKEY_CLASSES_ROOT\cnshelper.ch.1 HKEY_CLASSES_ROOT\fflash.flashobjectinterface HKEY_CLASSES_ROOT\fflash.flashobjectinterface.1 HKEY_CLASSES_ROOT\idnhelper.actobj HKEY_CLASSES_ROOT\idnhelper.actobj.1 HKEY_CLASSES_ROOT\idnhelper.idnhelperobj HKEY_CLASSES_ROOT\idnhelper.idnhelperobj.1 HKEY_CLASSES_ROOT\interface\{09cee5c3-ceb5-4e4b-9885-a0bad4305d9a} HKEY_CLASSES_ROOT\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1} HKEY_CLASSES_ROOT\interface\{46c18a88-0915-48fc-a8be-58a9fe7f6e45} HKEY_CLASSES_ROOT\interface\{48e688c8-609f-4b08-944e-3c7fab99cd08} HKEY_CLASSES_ROOT\interface\{a13d9b20-dfce-46ce-894b-1d6a4f688f13} HKEY_CLASSES_ROOT\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e} HKEY_CLASSES_ROOT\interface\{df692509-d9ef-48a0-9cd0-3aa5b81f6f68} HKEY_CLASSES_ROOT\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35} HKEY_CLASSES_ROOT\typelib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927} HKEY_CLASSES_ROOT\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267} HKEY_CLASSES_ROOT\typelib\{b37e0a2d-9a61-4a95-a0e0-6d6f6123dab4} HKEY_CLASSES_ROOT\typelib\{b9fad589-bb1b-4c06-bc98-16300869c24b} HKEY_CLASSES_ROOT\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7} HKEY_CURRENT_USER\software\3721 HKEY_LOCAL_MACHINE\software\3721 HKEY_LOCAL_MACHINE\software\classes\autolive.live HKEY_LOCAL_MACHINE\software\classes\autolive.live.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{9eb2b422-c9ee-46c4-a471-1e79c7517b1d} HKEY_LOCAL_MACHINE\software\classes\clsid\{abec6103-f6ac-43a3-834f-fb03fba339a2} HKEY_LOCAL_MACHINE\software\classes\clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4} HKEY_LOCAL_MACHINE\software\classes\clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_LOCAL_MACHINE\software\classes\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_LOCAL_MACHINE\software\classes\cnshelper.ch HKEY_LOCAL_MACHINE\software\classes\cnshelper.ch.1 HKEY_LOCAL_MACHINE\software\classes\fflash.flashobjectinterface HKEY_LOCAL_MACHINE\software\classes\fflash.flashobjectinterface.1 HKEY_LOCAL_MACHINE\software\classes\interface\{1bb0abbe-2d95-4847-b9d8-6f90de3714c1} HKEY_LOCAL_MACHINE\software\classes\interface\{48e688c8-609f-4b08-944e-3c7fab99cd08} HKEY_LOCAL_MACHINE\software\classes\interface\{924f5b3a-7a27-484a-b873-e855c9708667} HKEY_LOCAL_MACHINE\software\classes\interface\{be08f6bc-c3e6-4149-beb1-cb449e1b372e} HKEY_LOCAL_MACHINE\software\classes\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc} HKEY_LOCAL_MACHINE\software\classes\interface\{df692509-d9ef-48a0-9cd0-3aa5b81f6f68} HKEY_LOCAL_MACHINE\software\classes\typelib\{19069804-2cf0-4357-b696-ba6e9aad99ef} HKEY_LOCAL_MACHINE\software\classes\typelib\{4158db95-de71-41ff-bea1-2c3d1c679df1} HKEY_LOCAL_MACHINE\software\classes\typelib\{7354662f-caa3-448b-bc01-04f55a2dca35} HKEY_LOCAL_MACHINE\software\classes\typelib\{a5adeae7-a8b4-4f94-9128-bf8d8db5e927} HKEY_LOCAL_MACHINE\software\classes\typelib\{aab6bce3-1df6-4930-9b14-9ca79dc8c267} HKEY_LOCAL_MACHINE\software\classes\typelib\{f9ad9d67-efa8-480e-8291-0163f3960de7} HKEY_LOCAL_MACHINE\software\interchina HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\advancedoptions\!cns HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{507f9113-cd77-4866-ba92-0e86da3d0b97} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{59bc54a2-56b3-44a0-93e5-432d58746e26} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\cnsmin HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{118CE65F-5D86-4AEA-A9BD-94F92B89119F} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cnsmin HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\legacy_cnsminkp HKEY_LOCAL_MACHINE\system\currentcontrolset\services\cnsminkp HKEY_CLASSES_ROOT\clsid\{118ce65f-5d86-4aea-a9bd-94f92b89119f} HKEY_CLASSES_ROOT\clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_CLASSES_ROOT\clsid\{5eb7cb50-e375-4718-b4c0-9ad12efa2f84} HKEY_CLASSES_ROOT\clsid\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_CLASSES_ROOT\clsid\{6d8f256b-6ab8-4398-8f86-1e56207db77a} HKEY_CLASSES_ROOT\clsid\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_CLASSES_ROOT\clsid\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_CLASSES_ROOT\clsid\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_CLASSES_ROOT\cnsminhk.cnshook HKEY_CLASSES_ROOT\cnsminhk.cnshook.1 HKEY_CLASSES_ROOT\interface\{7436db12-1a7a-4d87-a4e0-713ec9d86050} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\classes\assist.easyassist HKEY_LOCAL_MACHINE\software\classes\assist.easyassist.1 HKEY_LOCAL_MACHINE\software\classes\clsid\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_LOCAL_MACHINE\software\classes\clsid\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_LOCAL_MACHINE\software\classes\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2} HKEY_LOCAL_MACHINE\software\classes\clsid\{b835c273-3522-4cc6-92ec-75cc86678da4} HKEY_LOCAL_MACHINE\software\classes\clsid\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\classes\cnsminhk.cnshook HKEY_LOCAL_MACHINE\software\classes\cnsminhk.cnshook.1 HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{00000000-0000-0001-0001-596baedd1289} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{118ce65f-5d86-4aea-a9bd-94f92b89119f} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{1b0e7716-898e-48cc-9690-4e338e8de1d3} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{5eb7cb50-e375-4718-b4c0-9ad12efa2f84} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6231d512-e4a4-4df2-be62-5b8f0ee348ef} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{bb936323-19fa-4521-ba29-eca6a121bc78} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ca92b524-bc8a-4610-bd2c-6bd3e28155d0} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d157330a-9ef3-49f8-9a67-4141ac41add4} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{e5e4e352-6947-44ee-a420-db84efd3fe93} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\downloaded program files\cnshook.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{1b0e7716-898e-48cc-9690-4e338e8de1d3}

Registry Values: HKEY_CLASSES_ROOT\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc}\typelib HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_CLASSES_ROOT\clsid\{7ca83cf1-3aea-42d0-a4e3-1594fc6e48b2}\inprocserver32 HKEY_CLASSES_ROOT\interface\{c3a9f7f8-8862-496a-b8a4-25d4140b7dbc}\typelib HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\main HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_CURRENT_USER\software\microsoft\internet explorer\urlsearchhooks HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\advancedoptions HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{0f7de07d-bd74-4991-9d5f-ecbb8391875d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\ex HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/autolive.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cns02.dat HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cnsmin.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/cnsmin.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls

Removing CnsMin:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Mxkeybd Spyware Removal
Removing Backdoor.WinCmp32.Server Backdoor
Tuareg.dr Trojan Cleaner
FunLove.dr Trojan Cleaner

Malware Info

Blog Archive

About Me

Sunday, January 25, 2009

CnsMin BHO

How to detect CnsMin:

Removing CnsMin:

No comments: