Misc/CnsMin

Alias/esSpyware.4987(BitDefender), Adware.CNS-1(ClamAV)
Release DateMar 12, 2007
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.196
Description

Visible Symptoms

Sometimes it can pop up one or several browser windows to display advertisements.

Detailed Analysis

This detection is for a sort of dll files usally named CnsMin.dll. It can be injected into all running processes and can change or manipulate their behavior. It is able to record inputs, hide itself, monitor applications, manipulate other programs.

  • It creates the following registry entry to register itself to run at each Windows startup:
    • key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • value: CnsMin
    • data: Rundll32.exe %PathName%,Rundll32
    %PathName% is a file path points to the dll itself.
    Description Last Updated Date: Mar 08, 2010
    Reference: ID - 339792