Recently, when browsing some portals, an IE plug-in called "3721 Network Real Name" will be installed unknowingly. Although these portals and 3721 were good intentions, it is a bit inappropriate to install such a plug-in in one-sided manner! The reason why it is said to be a virus is that it also starts automatically when it is powered on, and although it brings some convenience, it makes the system run extremely unstable and slows down the Internet speed. I saw on the forum that many netizens said that errors often appear when the computer is shut down. I was also deeply affected by it. After careful study, the problem lies in this "3721 Internet real name"! What's even more annoying is that it may be because the program is in a hurry and there is no uninstall function at all!
The source code is attached here, and it can be seen from the code that this is not a *. But the program is very poor...
#include ""
#include ""
void main()
{
char buf[MAX_PATH];
::ZeroMemory(buf, MAX_PATH);
::GetWindowsDirectory(buf, MAX_PATH);
char filename[MAX_PATH];
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
}
The following will give you a detailed process of uninstalling this plug-in.
Since this 3721 network real-name plug-in uses the call connection library, the system cannot terminate the process, so we must restart the computer and press F8 to enter safe mode (F8 can only be pressed once, don’t press more!). After that, click Start -> Run Open the registry and enter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Delete key: CnsMin
Its key value is: C:\WINNT\DOWNLO~1\,Rundll32
(If it is win98, the C:\WINNT\DOWNLO~1\ here is C:\WINDOWS\DOWNLO~1\)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\
Delete the entire directory:!CNS
This directory has added the 3721 network real name option to Internet Options -> Advanced.
HKEY_LOCAL_MACHINE\SOFTWARE\3721\ and HKEY_CURRENT_USER\Software\3721\
Delete the entire directory: 3721
Note: If you install other software of 3721, such as Need for Feimao, etc., you should delete it.
The entire directory: HKEY_LOCAL_MACHINE\SOFTWARE\3721\CnsMin
and HKEY_CURRENT_USER\Software\3721\CnsMin
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Delete key: CNSEnable Its key value is: a2c39d5f
Delete key: CNSHint Its key value is: a2c39d5f
Delete key: CNSList Its key value is: a2c39d5f
After deleting the entries in the registry, you also need to delete the 3721 network real-name file stored on the hard disk.
Delete the following files:
C:\WINNT\DOWNLO~1 Directory
(The C:\WINNT\DOWNLO~1\ here is C:\WINDOWS\DOWNLO~1\ same below)
2001-08-09 15:34
3721
2001-08-02 17:03 40,960
2001-08-08 14:14 102,400
2001-08-24 23:14 42
2001-08-09 10:18 13,848
2001-07-06 17:57 32,768
2001-08-25 02:52 115
2001-08-25 02:51 17,945
2001-08-02 17:02 32,768
2001-08-24 23:15 40,793
C:\WINNT\DOWNLO~1\3721 Directory
2001-08-02 17:03 40,960
2001-08-24 15:53 102,400
2001-07-06 17:59 213
2001-08-24 15:48 28,672
All the above files are deleted, so that all the 3721 network real-name "virus" will be cleared from your computer.
Finally, restart the computer and enter normal mode. Now there is no longer any 3721 network real-name loan!
..:::[end]:::..
Here is how to prohibit 3721:
After uninstalling 3721, open c:\windows\hosts (find, description is a file) with Notepad and add the following characters (separate between IP and domain name by a space):
0.0.0.0
0.0.0.0 cnsmin.
0.0.0.0 download.
The saved file name is Hosts (be careful not to add any extension). The Windows 98/Me system saves the file to the Windows directory. The Windows 2000/XP system saves the file to the WINNT\system32\drivers\etc directory. If there is already a Hosts file, just replace it. Then open the browser to observe the results, how about it? You can no longer see the 3721 dialog box?
Similarly, using Hosts files can also deal with advertisements in web pages. Nowadays, many large websites have hosts that specialize in storing advertisements. By checking the source code of the web page, you can know which host the ad file is stored, and then use the Hosts file to parse the host's IP, so that these ads can be blocked.
It can also speed up frequent websites: (space) (IP is the real value)
..:::[other]:::..
In addition, you can use a multi-page browser to
218.244.44.10
202.106.148.154
218.244.44.10
202.106.148.154
download. 218.244.44.34
download. 218.244.44.35
These are added to the blacklist,
Ban Section C
218.244.44.*
202.106.148.*
Attached with Hosts:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 # source server
# 38.25.63.10 # x client host
127.0.0.1 localhost
127.0.0.1 #3721 Network Real Name
127.0.0.1 #3721 Network Real Name
127.0.0.1 cnsmin. #3721 Network Real Name
127.0.0.1 #3721 Network real name
127.0.0.1 #3721 Network Real Name
127.0.0.1 #3721 Network Real Name
The source code is attached here, and it can be seen from the code that this is not a *. But the program is very poor...
#include ""
#include ""
void main()
{
char buf[MAX_PATH];
::ZeroMemory(buf, MAX_PATH);
::GetWindowsDirectory(buf, MAX_PATH);
char filename[MAX_PATH];
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
::ZeroMemory(filename, MAX_PATH);
strcpy(filename, buf);
strcat(filename, "\\Downloaded Program Files\\");
::MoveFileEx(filename, NULL, MOVEFILE_DELAY_UNTIL_REBOOT);
}
The following will give you a detailed process of uninstalling this plug-in.
Since this 3721 network real-name plug-in uses the call connection library, the system cannot terminate the process, so we must restart the computer and press F8 to enter safe mode (F8 can only be pressed once, don’t press more!). After that, click Start -> Run Open the registry and enter:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Delete key: CnsMin
Its key value is: C:\WINNT\DOWNLO~1\,Rundll32
(If it is win98, the C:\WINNT\DOWNLO~1\ here is C:\WINDOWS\DOWNLO~1\)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\
Delete the entire directory:!CNS
This directory has added the 3721 network real name option to Internet Options -> Advanced.
HKEY_LOCAL_MACHINE\SOFTWARE\3721\ and HKEY_CURRENT_USER\Software\3721\
Delete the entire directory: 3721
Note: If you install other software of 3721, such as Need for Feimao, etc., you should delete it.
The entire directory: HKEY_LOCAL_MACHINE\SOFTWARE\3721\CnsMin
and HKEY_CURRENT_USER\Software\3721\CnsMin
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\
Delete key: CNSEnable Its key value is: a2c39d5f
Delete key: CNSHint Its key value is: a2c39d5f
Delete key: CNSList Its key value is: a2c39d5f
After deleting the entries in the registry, you also need to delete the 3721 network real-name file stored on the hard disk.
Delete the following files:
C:\WINNT\DOWNLO~1 Directory
(The C:\WINNT\DOWNLO~1\ here is C:\WINDOWS\DOWNLO~1\ same below)
2001-08-09 15:34
3721
2001-08-02 17:03 40,960
2001-08-08 14:14 102,400
2001-08-24 23:14 42
2001-08-09 10:18 13,848
2001-07-06 17:57 32,768
2001-08-25 02:52 115
2001-08-25 02:51 17,945
2001-08-02 17:02 32,768
2001-08-24 23:15 40,793
C:\WINNT\DOWNLO~1\3721 Directory
2001-08-02 17:03 40,960
2001-08-24 15:53 102,400
2001-07-06 17:59 213
2001-08-24 15:48 28,672
All the above files are deleted, so that all the 3721 network real-name "virus" will be cleared from your computer.
Finally, restart the computer and enter normal mode. Now there is no longer any 3721 network real-name loan!
..:::[end]:::..
Here is how to prohibit 3721:
After uninstalling 3721, open c:\windows\hosts (find, description is a file) with Notepad and add the following characters (separate between IP and domain name by a space):
0.0.0.0
0.0.0.0 cnsmin.
0.0.0.0 download.
The saved file name is Hosts (be careful not to add any extension). The Windows 98/Me system saves the file to the Windows directory. The Windows 2000/XP system saves the file to the WINNT\system32\drivers\etc directory. If there is already a Hosts file, just replace it. Then open the browser to observe the results, how about it? You can no longer see the 3721 dialog box?
Similarly, using Hosts files can also deal with advertisements in web pages. Nowadays, many large websites have hosts that specialize in storing advertisements. By checking the source code of the web page, you can know which host the ad file is stored, and then use the Hosts file to parse the host's IP, so that these ads can be blocked.
It can also speed up frequent websites: (space) (IP is the real value)
..:::[other]:::..
In addition, you can use a multi-page browser to
218.244.44.10
202.106.148.154
218.244.44.10
202.106.148.154
download. 218.244.44.34
download. 218.244.44.35
These are added to the blacklist,
Ban Section C
218.244.44.*
202.106.148.*
Attached with Hosts:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 # source server
# 38.25.63.10 # x client host
127.0.0.1 localhost
127.0.0.1 #3721 Network Real Name
127.0.0.1 #3721 Network Real Name
127.0.0.1 cnsmin. #3721 Network Real Name
127.0.0.1 #3721 Network real name
127.0.0.1 #3721 Network Real Name
127.0.0.1 #3721 Network Real Name