LD SoftwareBespoke Software, Web Design, Security Consultants and Host Services.

Menu

Sentinel
You have been warned!
We have caught 5852 shameful hackers.

NukeSentinel(tm)

Paypal Referral
Sign up for PayPal and start accepting credit card payments instantly.

Link Exchange
Join our free link exchange

Click Here
 
Yahoo! Assistant

Yahoo!

Yahoo! Assistant

From Wikipedia the free encyclopedia, by MultiMedia

Back | Home | Up | Next


Yahoo! Assistant, formerly named 3721 Internet Assistant, is a Browser Helper Object for Internet Explorer developed by Beijing 3721 Technology Co. Ltd, and was renamed to Yahoo! Assistant after Beijing 3721 Technology was acquired by Yahoo!.

3721 Internet Assistant, together with 3721 Chinese Keywords, are known as Spyware by Microsoft AntiSpyware, and malware or browser hijacker by some others, such as Panda Antivirus

Distrubution

3721 Internet Assistant was originally released as a normal client-server application. However, it turned to use ActiveX technology to install itself on a client system later and was also shipped with many sharewares as default install options. 3721 Internet Assistant was also blamed for its use of a flaw in Microsoft Internet Explorer to install itself automatically when a user is browsing an array of 3721 sponsored personal and commercial websites with Microsoft Internet Explorer. Yahoo! Assistant is also included in 3721 Chinese Keywords and Yahoo! Mail Express, but sometimes the whole package of Internet Assistant, Chinese Keywords and Mail Express is named "Yahoo! Assistant" in some sharewares.

Features

3721 claims 3721 Internet Assistant includes a lot of useful features, such as IE setting repair, security shield, removal of internet history information and blocking ads. However, it installs various windows hooks that will slow down the system, and tries to install the hooks repeatedly. Some users also reported that Internet Assistant buttons reappeared immediately after their manual removal using Internet Explorer customization features, and Blue Screen of Death appeared when using Internet Assistant.

Blocking popup ads

A test using http://www.kephyr.com/popupkillertest shows 3721 Internet Assistant can block roughly half of popup methods itself when the built-in popup blocker in Windows XP SP2 is not present or is turned off.

Internet Explorer Extension Management

3721 Internet Assistant can enable/disable individual Internet Explorer extensions, except the advertisement links and extensions installed by Yahoo products.

Concealing

3721 Internet Assistant processes are running as "Rundll32.exe" in Windows Task manager. If one is killed, it will be revived by others immediately.

A driver named CnsMinKP.sys is installed with 3721 Internet Assistant, along with several hidden Windows services.

After uninstallation, several files are left on the system, but they are not visible in Windows Explorer. They can be found by using tools such as Total Commander or in the DOS box.

Uninstall

3721 Internet Assistant, together with 3721 Chinese Keywords, according to Interfax, are regarded by Chinese internet users as "Hooligan" or "Zombie" applications. The uninstall program of the pair provided by 3721 simply redirects users to the 3721 website (in Simplified Chinese thus not recognizable except by Chinese speakers), and the default option of the web page is to keep 3721 Internet Assistant after the uninstallation. After following the web uninstallation wizard and a reboot, many 3721 files will still remain on the client system. The pair were ranked #1 by Beijing Association of Online Media in its list of Chinese Malware at 2005.

Because the pair used several kernel technologies to protect themselves, it is very difficult for many anti-spyware applications or IT professionals to remove them completely. For example, a driver named CnsMinKP.sys/vxd is installed with them and loaded even in Windows safe mode, and many kinds of attempts that try to remove 3721 files or registrys will be circumvented by this driver. For another, an incomplete uninstallation will trigger the "self-repair" feature that downloads missing files from internet. As a result, Microsoft AntiSpyware will enter an infinite loop when it is trying to remove the 3721 applications.

Step to block 3721 websites

Execution of following command lines may prevent a Windows NT/XP/2000 system from the automatic installation of 3721 applications when visiting many websites:

echo 127.0.0.1 cnsmin.3721.com >>%systemroot%\system32\drivers\etc\hosts 
echo 127.0.0.1 www.3721.net >>%systemroot%\system32\drivers\etc\hosts 
echo 127.0.0.1 www.3721.com >>%systemroot%\system32\drivers\etc\hosts 
echo 127.0.0.1 cn.zs.yahoo.com >>%systemroot%\system32\drivers\etc\hosts 
echo 127.0.0.1 cn.download.zs.yahoo.com >>%systemroot%\system32\drivers\etc\hosts 

This will translate some 3721 websites to a local IP, thus block these websites.

External links


Home | Up | AlltheWeb | AltaVista | Broadcast | Del.icio.us | eGroups | Flickr | GeoCities | Inktomi | Kelkoo | LAUNCHcast | Oddpost | Rocketmail | Upcoming | Yahoo! Assistant | Yahoo! Search Marketing

Yahoo!, made by MultiMedia | Free content and software

This guide is licensed under the GNU Free Documentation License. It uses material from the Wikipedia.

 
You can syndicate our News with backend.php And our Forums with rss.php
You can also access our feeds via Feedburner Site News and LD Software Forums
© 2009 ld-software.co.uk All Rights Reserved.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.39 Seconds