Reply
Sun 29 Jun, 2003 02:17 pm
Okay, I have a confusing thing in my computer.
Ad-Aware found something called Cydoor in my computer. I did the quarantine and remove thing. Most of the junk it found was removed, but two of the files were unremoveable. I was not able to manually remove them either.
Is Cydoor another Trojan horse? How do I get rid of it?
Off to investigate SpyBot...
Cydoor comes with Kazaa, imesh etc. If you use Kazaa lite they have dummy Cydoor files meant to spoof Cydoor and make Kazaa work. Cydoor is there for its Ads OnSoftware™ ability. It is what serves ads on Kazaa, for example, keeping Kazaa free.
Cydoor is adware that sends info to the following domains:
rgs1.net
rgs2.net
cms1.net
cms2.net
bns1.net
bns2.net
It's not a trojan it's is not a danger but it does download executable code and it does transmit surfing information to serve ads.
Cydoor downloads ads while you are online for offline ad displays.
Cydoor used to embed itself in the registry, it is better now than it used to be but it is still adware.
To remove (do at your own risk!):
1.Delete the following files (usually found in C:\WINDOWS\SYSTEM\):
CD_CLINT.DLL
CD_GIF.DLL
CD_HTM.DLL
CD_SWF.DLL
CD_LOAD.EXE
2.Delete the ADCACHE folder and its contents (usually found under C:\WINDOWS\SYSTEM\).
3.Remove Cydoor and Cydoor Services from the Windows Registry. The following Cydoor keys were added in my Windows 98 Registry and are shown for reference only:
HKEY_CURRENT_USER\Software\Cydoor\
HKEY_CURRENT_USER\Software\Cydoor Services\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ Cydoor=CD_Load.exe