4-counter.com & 3721 Spyware

Another of my customer got another bad attack of Spyware - This time it automatically generated alot of item on the My Favourite Folder.  And it hijacked his Internet Explorer home page and point it to 4-counter.com.  If the browser is left on, after a while, it automatically starts downloading pronographic materials from it's list of random sites.  And also it uses the MS Outlook to spam its contact list - sending messages out to invite the user to click on a pronographic site.

It looks like there has a combination of:

• 3721 - Chinese Search Engine
• 4-counter.com / icanfindit.net - "I Can Find It, Search For Pleasure"

After a couple of research and experiment, I was able to remove them from the computer.

Here is my 4-counter removal procedure:

1. Open Task Manager and end these processes:
   helper.dll
   C:\WINDOWS\system32\rundll32.exe
   C:\PROGRA~1\3721\helper.dll
   
   
2. Deregister the above:
   regsvr32  /u  C:\PROGRA~1\3721\helper.dll
   regsvr32  /u  C:\WINDOWS\system32\rundll32.exe
   
   
3. Remove Run - "helper" key from the registry.
   
   
4. Restart the computer - run one of the following Spyware.
• Ad-Aware
• Spybot
• Bazooka
• AdMuncher
• CWShredder
• Spyware Blaster
• WebRoot Spy Sweeper