Baidu search toolbar allows
using Chinese domain names during browsing web sites.
All information about visited web sites are collected and may be used
by the manufacturer of the toolbar.
The toolbar is useless for non-Chinese users and we don't know why the
different web sites offer to download this software.
Baidu software doesn't hide their files and registry keys.
Baidu kernel driver "cnprov.sys" prevents the Baidu's files and
registry keys from deletion.
A user has a right to uninstall toolbar
using included uninstaller.
It looks good but I don't like that the simple toolbar uses the
driver that hooks the registry and files operations on the kernel level.
Each kernel driver decreases performance and increases the risk
BSOD. The kernel drivers are good for hardware devices or in the
antiviral software. But it is absolutely not allowed for
Why the Baidu uses the kernel driver in this version of this software?
The answer is one. It's hard in removal and some of the users couldn't
They will be under the Chinese watch or they need to format
their computers. Annoying procedure isn't?
RegRun detects and removes Baidu
RegRun Reanimator detects the "cnprov.sys" driver
and it removes the driver from the registry at the next reboot.
But you need to repeat the deletion procedure
at next check. This why the driver is already loaded in memory.
We need using reboot to unload the driver.
Also, we need to remove idnsvr.exe and cnprovh.dll
from Windows startup.
After that we can simply delete Program
Files\OCINS subfolder and the %SysDir%\cnprov.dat.
Download RegRun Reanimator (free of charge, no
Suggest you to use RegRun Platinum Edition
to be sure that your rootkit's clear!