This application requires Javascript for optimal performance.

Misc/CnsMin - Released Mar 12, 2007 - Last Updated Mar 08, 2010

Alias/es

Spyware.4987(BitDefender), Adware.CNS-1(ClamAV)

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

Sometimes it can pop up one or several browser windows to display advertisements.

Detailed Analysis

This detection is for a sort of dll files usally named CnsMin.dll. It can be injected into all running processes and can change or manipulate their behavior. It is able to record inputs, hide itself, monitor applications, manipulate other programs.

  • It creates the following registry entry to register itself to run at each Windows startup:
    • key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • value: CnsMin
    • data: Rundll32.exe %PathName%,Rundll32
    %PathName% is a file path points to the dll itself.

    Recommended Action

      FortiGate Systems

    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

      FortiClient Systems

    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Reference: ID - 339792