Home / malwarePDF  

Spyware:Win32/CnsMin


First posted on 03 March 2019.
Source: Microsoft

Aliases :

There are no other names known for Spyware:Win32/CnsMin.

Explanation :

CnsMin installs a browser helper object (BHO) that redirects Internet Explorer searches to a Chinese search portal. CnsMin may be installed without adequate user consent. It may prevent its files from being removed or restore files that have been removed. When installed, CnsMin may do any or all of the following: Create a folder containing a shortcut in the All Users program folder: C:Documents and SettingsAll UsersStart MenuProgramschinese keyword Create a folder named '3721' in the Program Files folder and install the following files: notifier.dll%ProgramFiles%3721patch03.dll%ProgramFiles%3721scrblock.dll%ProgramFiles%37213721alrex.dll%ProgramFiles%37213721cns1.exe%ProgramFiles%37213721
epair.dll Add the following registry subkey in order to run as a service:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCnsMinKP  Modify the following registry subkeys in order to run automatically each time Windows starts: Subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce Value: CnsMinKP
Subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Value: CnsMin
Value: assistse
Value: helper.dll   Add the subkey {D157330A-9EF3-49F8-9A67-4141AC41ADD4} to each of the following:HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks   
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks  Add the following subkeys:{00000000-0000-0001-0001-596BAEDD1289} 
{507F9113-CD77-4866-BA92-0E86DA3D0B97} 
{59BC54A2-56B3-44a0-93E5-432D58746E26} 
{5D73EE86-05F1-49ed-B850-E423120EC338} 
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} 
{FD00D911-7529-4084-9946-A29F1BDF4FE5} 
{BB936323-19FA-4521-BA29-ECA6A121BC78}
to HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerExtensionsCmdMapping  Create or modify the following registry entries:HKEY_CLASSES_ROOTADKiller.ADKillerObj.1    
HKEY_CLASSES_ROOTclsid{118CE65F-5D86-4AEA-A9BD-94F92B89119F}    
HKEY_CLASSES_ROOTclsid{178DA2CB-5660-42F4-B2E1-2815401C5910}    
HKEY_CLASSES_ROOTclsid{1b0e7716-898e-48cc-9690-4e338e8de1d3}    
HKEY_CLASSES_ROOTclsid{47387079-DA8D-48AB-98C7-0017812D51EA}    
HKEY_CLASSES_ROOTclsid{6231d512-e4a4-4df2-be62-5b8f0ee348ef}    
HKEY_CLASSES_ROOTclsid{6d8f256b-6ab8-4398-8f86-1e56207db77a}    
HKEY_CLASSES_ROOTclsid{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}    
HKEY_CLASSES_ROOTclsid{d157330a-9ef3-49f8-9a67-4141ac41add4}    
HKEY_CLASSES_ROOTclsid{DDDE2452-AF9E-4577-AE6C-465DBCB54D49}    
HKEY_CLASSES_ROOTclsid{e5e4e352-6947-44ee-a420-db84efd3fe93}    
HKEY_CLASSES_ROOTFFlash.FlashObjectInterface    
HKEY_CLASSES_ROOTFFlash.FlashObjectInterface.1    
HKEY_CLASSES_ROOTInsIII.brins    
HKEY_CLASSES_ROOTInsIII.brins.1    
HKEY_CLASSES_ROOTInstaller.brins    
HKEY_CLASSES_ROOTinterface{df692509-d9ef-48a0-9cd0-3aa5b81f6f68}    
HKEY_CLASSES_ROOTSoftwareMicrosoftWindowscurrentversionexplorerrowser helper objects{6231d512-e4a4-4df2-be62-5b8f0ee348ef}    
HKEY_CLASSES_ROOTSoftwareMicrosoftWindowscurrentversionexplorerrowser helper objects{ca92b524-bc8a-4610-bd2c-6bd3e28155d0}    
HKEY_CLASSES_ROOTSoftwareMicrosoftWindowscurrentversionexplorerrowser helper objects{d157330a-9ef3-49f8-9a67-4141ac41add4}    
HKEY_CLASSES_ROOTSoftwareMicrosoftWindowscurrentversionexplorerrowser helper objects{e5e4e352-6947-44ee-a420-db84efd3fe93}    
HKEY_CLASSES_ROOT ypelib{a5adeae7-a8b4-4f94-9128-bf8d8db5e927}    
HKEY_CLASSES_ROOTsMod.AxObj    
HKEY_CLASSES_ROOTsMod.AxObj.1    
HKEY_CURRENT_USERSoftware3721    
HKEY_CURRENT_USERSoftware3721CnsMin    
HKEY_LOCAL_MACHINESOFTWARE3721    
HKEY_LOCAL_MACHINESOFTWARE3721CnsMin    
HKEY_LOCAL_MACHINESOFTWARE3721CnsMinCnsMinEx    
HKEY_LOCAL_MACHINESOFTWAREClassesADKiller.ADKillerObj    
HKEY_LOCAL_MACHINESOFTWAREClassesADKiller.ADKillerObj.1
HKEY_LOCAL_MACHINESOFTWAREClassesAssist.EasyAssist    
HKEY_LOCAL_MACHINESOFTWAREClassesAssist.EasyAssist.1    
HKEY_LOCAL_MACHINESOFTWAREClassesAutoLive.Live    
HKEY_LOCAL_MACHINESOFTWAREClassesAutoLive.Live.1    
HKEY_LOCAL_MACHINESOFTWAREClassesBhoObj.AxObj    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{141A5E19-BDCB-4E27-A3D7-9E16503BC05B}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{1b0e7716-898e-48cc-9690-4e338e8de1d3}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{6231d512-e4a4-4df2-be62-5b8f0ee348ef}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{9EB2B422-C9EE-46C4-A471-1E79C7517B1D}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{ABEC6103-F6AC-43A3-834F-FB03FBA339A2}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{b835c273-3522-4cc6-92ec-75cc86678da4}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{B83FC273-3522-4CC6-92EC-75CC86678DA4}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{BB936323-19FA-4521-BA29-ECA6A121BC78}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{d157330a-9ef3-49f8-9a67-4141ac41add4}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{DB4F72F5-FA97-4424-A8CD-758FEAE6861F}    
HKEY_LOCAL_MACHINESOFTWAREClassesclsid{EF1D17A9-089F-40cc-8D64-7324CDEBA0DB}    
HKEY_LOCAL_MACHINESOFTWAREClassesCnsHelper.CH    
HKEY_LOCAL_MACHINESOFTWAREClassesCnsHelper.CH.1    
HKEY_LOCAL_MACHINESOFTWAREClassesCnsMinHK.CnsHook    
HKEY_LOCAL_MACHINESOFTWAREClassesCnsMinHK.CnsHook.1    
HKEY_LOCAL_MACHINESOFTWAREClassesCoolBar.CoolBarObj    
HKEY_LOCAL_MACHINESOFTWAREClassesCoolBar.CoolBarObj.1    
HKEY_LOCAL_MACHINESOFTWAREClassesFFlash.FlashObjectInterface    
HKEY_LOCAL_MACHINESOFTWAREClassesFFlash.FlashObjectInterface.1    
HKEY_LOCAL_MACHINESOFTWAREClasses ypelib{aab6bce3-1df6-4930-9b14-9ca79dc8c267}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftCode Store DatabaseDistribution Units{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2}  
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerAdvancedOptions!CNS
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{00000000-0000-0001-0001-596BAEDD1289}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{507F9113-CD77-4866-BA92-0E86DA3D0B97}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{59BC54A2-56B3-44a0-93E5-432D58746E26}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{5d73ee86-05f1-49ed-b850-e423120ec338}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerExtensions{fd00d911-7529-4084-9946-a29f1bdf4fe5}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionapp managementarpcache{1b0e7716-898e-48cc-9690-4e338e8de1d3}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionapp managementarpcachecnsmin 
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{1b0e7716-898e-48cc-9690-4e338e8de1d3}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6231d512-e4a4-4df2-be62-5b8f0ee348ef}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{BB936323-19FA-4521-BA29-ECA6A121BC78}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{d157330a-9ef3-49f8-9a67-4141ac41add4}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DDDE2452-AF9E-4577-AE6C-465DBCB54D49}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EF1D17A9-089F-40cc-8D64-7324CDEBA0DB}
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorershellexecutehooks{b83fc273-3522-4cc6-92ec-75cc86678da4}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstall{1b0e7716-898e-48cc-9690-4e338e8de1d3}    
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionUninstallcnsmin    

Last update 03 March 2019

 

TOP

Malware :