CommonName is marketed as a 'keywords' service, allowing one to enter simple names insatead of URLs.
After its original release, the software has become a complicated (and sometimes buggy) search-hijacker and adware, aggressively bundled with many third-party apps.
CommonName/Toolbar: installs an IE toolbar with a keyword lookup box.
CommonName/Agent: takes over searches entered into the standard IE address bar (by means of an IE Browser Helper Object), and pops up ads occasionally.
CommonName/Mib: version 3.6.0.0 onwards also includes a WinSock2 Layered Service Provider, CNMib.dll.
CommonName/Zenet: version 3.6.2.0 onwards also has its BHO re-register itself periodically, to make it hard to remove manually.
CommonName/Winnet: version 4.0.0.0 onwards also has a separate updating process, which re-registers itself constantly, to make it even harder to remove manually.
CNBabeIE after the file name used. CommonName/Toolbar is known internally as BabeIE, CommonName/Agent and Mib as BabeIE2.
Included in many file-sharing programs, such as Grokster and iMesh, and older versions of KaZaA.
Yes. All variants except Toolbar connect to their controlling servers once a day, who may ask them to open pop-under advertising. They also change search settings to point to commonname.com.
Cookies are used to identify you when requests are made to CommonName. This may occur when the advertising is opened, a keyword is entered into the address bar.
When you visit a URL whose top-level-domain the CommonName/Agent or Mib software does not know about (eg. alternative TLDs or intranet hostnames; CommonName/Agent also does not know about .edu, .mil, .int, .su and .gb), a request is also made. This could allow users to be tracked across web site visits.
Yes (Winnet variant): Can download and execute arbitrary code from its controlling server, as an update feature.
No (other variants).
Can cause Explorer to crash occasionally with a 'runtime error' in CNBabe, or an 'illegal operation' in CNMib.
CommonName/Agent also had a bug in its unknown-top-level-domain code which meant that any URL longer than 72 characters became corrupted.
The Agent and Mib variants can cause 404 pages not to be shown.
The Winnet variant can bombard you with autodial requests if you are not connected to the internet when it wants to check for updates.
For Agent, Toolbar and Mib variants, the CommonName entry in the Control Panel's Add/Remove Programs option should work fine.
With the later variants (Zenet and Winnet), unfortunately, this just sends you to a page on CommonName's web site with a form to submit leading to an uninstaller download. This requires a working Internet Explorer with ActiveX downloads enabled to function.
Spybot S&D update 2002-09-08 and later, and Ad-Aware can remove the Toolbar and Agent variants; Spybot update 2002-11-30 and HijackThis 1.8 can remove the Mib variant.
Each successive variant of CommonName gets harder to remove by hand. Do not try to uninstall the later variants (Mib, Zenet, Winnet) by just deleting the files. They include a Winsock2 layered service provider module (LSP); if you manage to delete this you will lose network connectivity.
You must first kill the 'winnet.exe' process (otherwise, it will keep setting itself up to run automatically). Press Ctrl-Alt-Delete and open the Task Manager. If you are using Windows NT/2000/XP, choose the 'Processes' tab to list all programs. Choose 'winnet.exe' and end the process.
Continue with the instructions for Zenet.
Open the registry (Start->Run->regedit). Open the key 'HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000000}', right click the 'InProcServer32' subkey and choose 'Delete'. (This neuters the CommonName BHO but doesn't completely remove it, so it won't notice the change and re-register itself.)
Now go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. There will be a value here titled 'Zenet' (or 'Winnet', for that variant). Delete it and reboot the machine immediately.
Continue with the instructions for Mib.
The CNMib.dll module must now be removed from the Winsock2 LSP chain. CounterExploitation's tool LSPFix can do this for you. Download it, run it and tell it to 'Remove' CNMib.dll, and 'Keep' everything else.
You can also do it by hand if you are brave. Open the registry (Start->Run->regedit) and open the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\ Parameters\Protocol_Catalog9\Catalog_Entries. There will be a list of numeric subkeys; open each one and double-click its 'PackedCatalogItem' value. You should be able to see a filename at the top of the right-hand column in the 'Edit Binary Value' window. If it is 'C:\Program Files\CommonName\Toolbar\cnmib.dll' or similar, delete the entire '00000somenumber' key. The path must point exactly at the cnmib.dll file! Do not delete the key just because you see a cnmib hanging on the end - for example '%SystemRoot%\system32\mswsock.dll.r\cnmib.dll' actually points to mswsock, not cnmib.
Then rename the numeric subkeys so that they count up each number from 000000000001, filling in any gaps you left by deleting old ones. Finally, go back up to 'Protocol_Catalog9' and change the 'Num_Catalog_Entries' value to reflect the new number of subkeys you have. Set the base to decimal in the 'Edit DWORD value' window and enter the highest number subkey that is left after renaming.
If your manual removal went wrong in any way you will have lost your networking ability. Sorry! LSPFix may still be able to rescue you in this situation, but otherwise you are looking at a reinstall of Windows or at least its networking components.
Once the LSP is gone, continue with the instructions for Agent.
Open the registry (Start->Run->regedit) and delete the following keys and values:
HKEY_LOCAL_MACHINE\Software\CommonName
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add A Page Note
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Bookmark This Page
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Email This Link
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search using CommonName
HKEY_CLASSES_ROOT\BabeIE.AgentIE
HKEY_CLASSES_ROOT\BabeIE.AgentIE.1
HKEY_CLASSES_ROOT\BabeIE.Handler
HKEY_CLASSES_ROOT\BabeIE.Handler.1
HKEY_CLASSES_ROOT\BabeIE.Helper
HKEY_CLASSES_ROOT\BabeIE.Helper.1
HKEY_CLASSES_ROOT\CLSID\{00000000-0000-0000-0000-000000000000}
HKEY_CLASSES_ROOT\CLSID\{6656b666-992f-4d74-8588-8ca69e97d90c}
HKEY_CLASSES_ROOT\CLSID\{9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
HKEY_CLASSES_ROOT\TypeLib\{D879D743-E2CC-4161-8034-2234203681C9}
HKEY_CLASSES_ROOT\TypeLib\{DD0032DF-CEEF-4E0A-8B75-E4D8861E11E5}
HKEY_CLASSES_ROOT\Protocols\Handler\cn
Reboot and you should be able to delete the entire CommonName folder in Program Files. Finally, you can use Internet Options->Programs->Reset Web Settings to restore the normal search options.
Phew! You can stop now.
First, deregister CNBabe. To do this, open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands:
cd "%WinDir%\System"
regsvr32 /u "C:\Program Files\CommonName\Toolbar\CNBabe.dll"
(Change the filename above if your Program Files folder is somewhere other than 'C:\Program Files' - for example if you are using a different drive, or a non-English version of Windows.)
Reboot and you should be able to delete the CommonName folder in Program Files.
Official CommonName site.
CommonName provides a keyword navigation and powersearch search engine service. Further products, such as Login Manager and Form Filler are also provided with the Toolbar version of the software. We will leave it up to users to judge the usefulness of our product, but we want to emphasize that we do not collect personal user information nor track personal web usage. We have a strict privacy policy.
If you are unhappy after trying our service, remove it from your computer through Settings/Control Panel/Add Remove Programs. If you need help, feel free to contact us at support@commonname.com.