Yahoo! Assistant
Yahoo!
Yahoo! Assistant
Yahoo! Assistant, formerly named 3721 Internet Assistant,
is a
Browser Helper Object for Internet Explorer developed by Beijing 3721
Technology Co. Ltd, and was renamed to Yahoo! Assistant
after Beijing 3721 Technology was acquired by
Yahoo!.
3721 Internet Assistant, together with 3721 Chinese Keywords,
are known as Spyware by Microsoft AntiSpyware, and malware or browser hijacker
by some others, such as Panda Antivirus
Distrubution
3721 Internet Assistant was originally released as a normal
client-server application. However, it turned to use
ActiveX
technology to install itself on a client system later and was also shipped with
many sharewares as default install options. 3721 Internet Assistant was
also blamed for its use of a flaw in Microsoft Internet Explorer to install
itself automatically when a user is browsing an array of 3721 sponsored personal
and commercial websites with Microsoft Internet Explorer. Yahoo! Assistant is
also included in 3721 Chinese Keywords and
Yahoo! Mail Express, but sometimes the whole package of Internet Assistant,
Chinese Keywords and Mail Express is named "Yahoo! Assistant" in some
sharewares.
Features
3721 claims 3721 Internet Assistant includes a lot of useful features,
such as IE setting repair, security shield, removal of internet history
information and blocking ads. However, it installs various windows hooks that
will slow down the system, and tries to install the hooks repeatedly. Some users
also reported that Internet Assistant buttons reappeared immediately after their
manual removal using Internet Explorer customization features, and
Blue Screen of Death appeared when using Internet Assistant.
Blocking popup ads
A test using
http://www.kephyr.com/popupkillertest shows 3721 Internet Assistant
can block roughly half of popup methods itself when the built-in popup blocker
in Windows XP SP2 is not present or is turned off.
Internet Explorer Extension Management
3721 Internet Assistant can enable/disable individual Internet
Explorer extensions, except the advertisement links and extensions installed by
Yahoo products.
Concealing
3721 Internet Assistant processes are running as "Rundll32.exe" in
Windows
Task manager. If one is killed, it will be revived by others immediately.
A driver named CnsMinKP.sys is installed with 3721 Internet Assistant,
along with several hidden Windows services.
After uninstallation, several files are left on the system, but they are not
visible in
Windows Explorer. They can be found by using tools such as
Total Commander or in the DOS box.
Uninstall
3721 Internet Assistant, together with 3721 Chinese Keywords,
according to
Interfax, are regarded by Chinese internet users as "Hooligan" or "Zombie"
applications. The uninstall program of the pair provided by 3721 simply
redirects users to the 3721 website (in Simplified Chinese thus not recognizable
except by Chinese speakers), and the default option of the web page is to keep
3721 Internet Assistant after the uninstallation. After following the web
uninstallation wizard and a reboot, many 3721 files will still remain on the
client system. The pair were ranked #1 by
Beijing Association of Online Media in its list of Chinese
Malware at
2005.
Because the pair used several kernel technologies to protect themselves, it
is very difficult for many anti-spyware applications or IT professionals to
remove them completely. For example, a driver named CnsMinKP.sys/vxd is
installed with them and loaded even in Windows safe mode, and many kinds of
attempts that try to remove 3721 files or registrys will be circumvented by this
driver. For another, an incomplete uninstallation will trigger the "self-repair"
feature that downloads missing files from internet. As a result,
Microsoft AntiSpyware will enter an infinite loop when it is trying to
remove the 3721 applications.
Step to block 3721 websites
Execution of following command lines may prevent a Windows NT/XP/2000 system
from the automatic installation of 3721 applications when visiting many
websites:
echo 127.0.0.1 cnsmin.3721.com >>%systemroot%\system32\drivers\etc\hosts
echo 127.0.0.1 www.3721.net >>%systemroot%\system32\drivers\etc\hosts
echo 127.0.0.1 www.3721.com >>%systemroot%\system32\drivers\etc\hosts
echo 127.0.0.1 cn.zs.yahoo.com >>%systemroot%\system32\drivers\etc\hosts
echo 127.0.0.1 cn.download.zs.yahoo.com >>%systemroot%\system32\drivers\etc\hosts
This will translate some 3721 websites to a local IP, thus block these
websites.
External links
Home | Up | AlltheWeb | AltaVista | Broadcast | Del.icio.us | eGroups | Flickr | GeoCities | Inktomi | Kelkoo | LAUNCHcast | Oddpost | Rocketmail | Upcoming | Yahoo! Assistant | Yahoo! Search Marketing
Yahoo!, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
|