NeXpose Vulnerability Database
Spyware Cydoor Installed
Severity |
CVSS |
Published |
Added |
Modified |
|---|---|---|---|---|
| Severe (4) | 6.4 (AV:N/AC:L/Au:N/C:P/I:P/A:N) | N/A | Nov 24, 2004 | Mar 17, 2009 |
Description:
Cydoor is an adware/spyware program that is installed by various third-party software packages such as KaZaa. Upon installation, Cydoor downloads and displays advertisements to the user without prompting for permission. While contacting the central Cydoor servers, a unique identifier is transmitted, which is used to track the user's browsing habits.
References:
- URL: http://www.accs-net.com/smallfish/cydoor.htm
- URL: http://www.accs-net.com/smallfish/cydoor01.htm
- URL: http://www.spywareguide.com/product_show.php?id=7
Solution:
Remove Cydoor from your system
To remove Cydoor, you must delete its keys in the Windows registry and delete its files on the disk. Its registry keys are:
- HKEY_LOCAL_MACHINE\SOFTWARE\Cydoor
- HKEY_LOCAL_MACHINE\SOFTWARE\Cydoor Services
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cydoor
The files it installs are:
- %WINDOWS_DIR%\System\CD_CLINT.DLL
- %WINDOWS_DIR%\System\CD_GIF.DLL
- %WINDOWS_DIR%\System\CD_SWF.DLL
- %WINDOWS_DIR%\System\CD_LOAD.EXE
- %WINDOWS_DIR%\System\ADCACHE\* (the entire ADCACHE directory can be deleted)
Lastly, you should reboot the machine and ensure that Cydoor has been removed completely.
Information on these pages is summary information extracted from the NeXpose Vulnerabilty Assessment system. Full details are provided within the NeXpose product for licensed users.
