[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 461
  • Last Modified:

Why Google's Gmail works for 3721?

For a few months, I have been bothered by the 3721. Although I could spend some minutes with the Ad aware to clear it, but it is annoying that it comes back again and again.
I did not know where it came from and searching online failed to have useful information.
So I spent the last few days clearing everything under safe mood and made a shortcut to the Progam Files, for me to check after going online.
Finally, on my notebook, I found that when I log on to Gmail, the 3721 files appeared in the folder.

I never doubt Google for it because 3721 is bought by Yahoo. It seems that I may be wrong that they are co-operating for whatever reasons we never know.

Does any expert know about this? Is there any way to avoid or just not to use Gmail? Is free services again is just a SCAM from the famous Google?
0
fhtong
Asked:
fhtong
1 Solution
 
savoneCommented:
I use Gmail and I have no problems.
0
 
ComputronCommented:
I believe that is spyware. I did some checking and it seems Trendmicro has a solution.
http://www.trendmicro.com/vinfo/grayware/ve_graywareDetails.asp?GNAME=ADW%5FCNSMIN%2EA

This is another removal tool that works well
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Make sure that you don't have the program in your start folder. Attempt to disable it before it can rearm itself again.

Its a nasty parasite, but you should be able to deal with it. Let us know if you need further assistance. Good luck
0
 
fhtongAuthor Commented:
Thanks, Computron.

From the link, it seems that confirmed my previous assumption (with another question) that the 3721 affected Chinese version only.

After the posting of my question, I tested this morning and found that the same visit to Gmail.google.com was without the 3721 invasion. I am not sure whether they backed off because of the disclosure or not.

I may keep this question open for awhile to get more attention because I really want to investigate not for the solution but for the confirmation of how 3721 be enforced.

As for my finding yesteray, I am sure what I have found. Although I am not an expert, but I have been online over ten years and have good experience as an user and to solve lots of similar problem without any assistance before.

With experts-exchange, I save a lot time. I must say that experts-exchange is the best site for me and all the experts are wonderful online friends.

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
ComputronCommented:
It looks like it attaches to searchs you make. That is perhaps the connection with google. I found a few more links to provide additional information.

http://www.mac-net.com/296485.page

http://www3.ca.com/securityadvisor/pest/pest.aspx?id=453074952
0
 
fhtongAuthor Commented:
Thanks again.

In fact, I shall keep a close look for what will happen later. If it is confirmed that the gmail is to blame, then I have to consider giving up the gmail account and look for other email solution.

I am sure that this will not be the last case. Nowadays, we cannot trust big companies anymore. It has been my attitude to accept all types of commercial etc. of any website because they have to survive, but not without notice and affects the PC of individual. May be there should be a law to punish the use of other's PC without approval, say certain amount per day.

0
 
chiingliangCommented:
check your host file

under c:\windows\system32\drivers\etc\hosts

open the file and check if anything that says google or gmail. delete the line

sounds like u got hijacked.

secondly, check your start up programs. make sure nothing says 3721 or anything suspecious.
start->run->msconfig
0
 
fhtongAuthor Commented:
Thanks, chiingliang
I follow your advice and cannot find evidence of google or gmail. That may be a point for me to confirm the problem.
Perhaps it is better to say more about my previous evidence.

I use a PC and a notebook. The PC has three hard disks, each has different Windows, viz. (1) Windows 2000 Chinese Traditional, (2) Windows 98 Chinese Simplified and (3) Windows 98 English.

Windows 2000 Chinese Traditional - is my major daily system for all works including calling my Gmail account
Windows 98 Chinese Simplified - is used to browse Chinese Daily News and one of my Gmail account in Chinses Simplifed name
Notebook (Windows XP) - is used to browse two Gmail accounts of my clients.
All these three systems are infected by 3721.
I cannot confirm anything with the Windows 2000 Chinese Tradition because of daily visits of many sites.
Windows 98 Chinese Simplified - Chinese Daily News is Chinese official site and will not work with any commercial activity, so I began to worry whether it was Gmail.
After reboot in safe mode for PC and notebook as well, run Ad Aware and clear accordingly, then erase the 3721 folder (in Program Files).
To have a fast checking, I made a shortcut to Program Files for the PC and notebook.
My notebook has a Chinese Anti-virus program "Jiang Min".
I started IE with the notebook, enter gmail.google.com, after loading the "Jiang Min" jumped up with a notice that there was an intrusion for the reg. Then I checked the shortcut for Program Files, a folder 3721 appeared.
The next step was, of course, reboot in safe mode and delete the folder 3721.

Basing on this, so I posted my question, hoping to get advice. As mentioned, after my post, I tested again the next day with the notebook and there was nothing happened. Together with your advice to find the evidence, I can say that there is not evidence anymore.

That is why I said that I shall keep on checking this case with the same way. If that wil happen again, I shall follow your suggestion immediately to look for evidence.

This question will be close very soon.

Thanks again.

0
 
salvagbfCommented:
If you still suspect Google, or if you ever have a problem, I'm sure they'd love to hear from you, there are some good people working there.

From within Gmail, you can click on Help, Contact Us, and then filter through the options till you arrive at your issue. Or, sign into gmail, then go to

https://services.google.com/inquiry/gmail_bugs?referrer=bugflow

-Bernie
0
 
fhtongAuthor Commented:
Hi, all.
This morning, after clearing the 3721 with Ad Aware under Safe Mode, then I start the Windows 2000 Chinese Traditional. Open the Program Files, there is no folder of 3721.
After opening IE, I check again, no 3721.
Then I browse www.google.com, after page loaded, then I check the Program Files, there is a 3721 folder.
Is it possible that 3721 can slip into google.com and take a free ride to intrude?
If not, then why browsing google.com will have the 3721 files created in Program Files?
I follow Bernie's link to check services. google.com and cannot find anything related to 3721.
I wish that anyone with Windows (Chinese) to follow my way to investigate.



0
 
fhtongAuthor Commented:
After the last post, I try again to verify the situation.
It is found that after clearing the 3721 folder, started with the IE browser, the first one was OK without problem.
Then I went to other website, not Google, the 3721 folder appeared again. So it is confirmed that it has nothing to do with Google. It is the next site that bought up the problem.
Now I think that it is the auto backup has been locked to 3721.
I have searched the 3721 and the result indicated that /WINNT/Repair/RegBack had the 3721.
Is there a way to work it out?
0
 
ComputronCommented:
Did you follow the removal instructions for the link I gave at the top ? The files and registry settings are important to remove.
0
 
fhtongAuthor Commented:
Computron, I have checked your reference. In fact, the Ad Aware has found those files and duly deleted.
I can use Registry Editor and Taskman in my PC due to unknown reason and I am checking for the solution. It is possible that I have to reinstall the Windows.
For the time being, I just spend something to reboot in safe mood and use Ad Aware to clear the 3721.
The thing that I need is to locate from which site the 3721 is linked. Then that site will never be visited anymore. Of course, if I can confirm, I shall tell everyone to abandon that site forever.
0
 
fhtongAuthor Commented:
Sorry,

the second line should be:

I cannot use Registry Editor and Taskman in my PC due to unknown reason and I am checking for the solution. It is possible that I have to reinstall the Windows.
0
 
ComputronCommented:
If you go to command prompt and do netstat -an to look at active connections. Its tough to help with Windows problems since we know nothing about your computer.

Also, you can cehck out http://www.sysinternals.com/ntw2k/utilities.shtml

They have allot of utilities to help you see what is happening on your computer as it happens.
0
 
fhtongAuthor Commented:
Thanks.

I have found information about 3721 in various forums of China. It seems that the dirty work of 3721 has angered many netizen. Of course, those affected are Windows Chinese version. It may be sad that there is nothing like expert-exchange in Chinese.

My case is not yet over, although there is nothing happened to my PC for a few days. I am still using the same method to find out which site works for 3721. If there is any proof or even possible relation, I shall circulate that to everyone and of course, post here to alert everyone.

Frankly speaking, I do not like 3721 even since their establishment. The first impression is right that such a guy would never be good, yet unfortunately this type of guy would become rich and powerful.

0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now