Cydoor Adware

Cydoor malware description and removal detail
Categories:Adware
Also known as:

[Kaspersky]TrojanDownloader.Win32.BHO;
[Panda]Spyware/Cydoor
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]asmfiles.cab
[%PROFILE_TEMP%]cd_clint.dll
[%PROFILE_TEMP%]temp.fr????Download Managerjslegals.txt
[%PROFILE_TEMP%]__unin__.exe
[%PROGRAMS%]altnetpeer points manager.lnk
[%PROGRAM_FILES%]AltnetDownload Manageraltnetuninstall.exe
[%PROGRAM_FILES%]AltnetDownload Managerjslegals.txt
[%SYSTEM%]cd_clint.dll
[%SYSTEM%]cd_htm.dll
[%SYSTEM%]cd_load.exe
[%SYSTEM%]vg.dat
[%WINDOWS%]cdmxtrasuninst.exe
[%WINDOWS%]systemcd_clint.dll
[%WINDOWS%]systemcd_htm.dll
[%WINDOWS%]tempcd_clint.dll
[%WINDOWS%]TEMP__unin__.exe
[%PROFILE_TEMP%]3ab1d1.dmp
[%PROFILE_TEMP%]873101.tmp
[%SYSTEM%]cd_swf.dll
[%SYSTEM%]gdnp.dll
[%SYSTEM%]htcheck2.dll
[%SYSTEM%]msg{6ea0f469-dfd6-40fa-8ec0-29c8bf23cf76}0108.dll
[%SYSTEM%]tpbar.dll
[%WINDOWS%]systemcd_gif.dll
[%WINDOWS%]systemcd_html.dll
[%WINDOWS%]systemcd_load.exe
[%WINDOWS%]systemcd_swf.dll
[%WINDOWS%]systemhtcheck2.dll
[%WINDOWS%]systemtpbar.dll

In order to ensure that the Cydoor is launched automatically each time the system is booted, the Cydoor adds a link to its executable file in the system registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
[%PROFILE_TEMP%]__unin__.exe
[%PROGRAM_FILES%]AltnetDownload Manageraltnetuninstall.exe
[%SYSTEM%]cd_load.exe
[%WINDOWS%]cdmxtrasuninst.exe
[%WINDOWS%]TEMP__unin__.exe
[%WINDOWS%]systemcd_load.exe

Platforms / OS: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003, Windows Vista

Detecting Cydoor:

Files:
[%PROFILE_TEMP%]asmfiles.cab
[%PROFILE_TEMP%]cd_clint.dll
[%PROFILE_TEMP%]temp.fr????Download Managerjslegals.txt
[%PROFILE_TEMP%]__unin__.exe
[%PROGRAMS%]altnetpeer points manager.lnk
[%PROGRAM_FILES%]AltnetDownload Manageraltnetuninstall.exe
[%PROGRAM_FILES%]AltnetDownload Managerjslegals.txt
[%SYSTEM%]cd_clint.dll
[%SYSTEM%]cd_htm.dll
[%SYSTEM%]cd_load.exe
[%SYSTEM%]vg.dat
[%WINDOWS%]cdmxtrasuninst.exe
[%WINDOWS%]systemcd_clint.dll
[%WINDOWS%]systemcd_htm.dll
[%WINDOWS%]tempcd_clint.dll
[%WINDOWS%]TEMP__unin__.exe
[%PROFILE_TEMP%]3ab1d1.dmp
[%PROFILE_TEMP%]873101.tmp
[%SYSTEM%]cd_swf.dll
[%SYSTEM%]gdnp.dll
[%SYSTEM%]htcheck2.dll
[%SYSTEM%]msg{6ea0f469-dfd6-40fa-8ec0-29c8bf23cf76}0108.dll
[%SYSTEM%]tpbar.dll
[%WINDOWS%]systemcd_gif.dll
[%WINDOWS%]systemcd_html.dll
[%WINDOWS%]systemcd_load.exe
[%WINDOWS%]systemcd_swf.dll
[%WINDOWS%]systemhtcheck2.dll
[%WINDOWS%]systemtpbar.dll

Folders:
[%PROGRAM_FILES%]qualcommeudoraeudprivadsadcache
[%SYSTEM%]adcache
[%SYSTEM%]roodyc
[%PROFILE_TEMP%]idseupdate
[%PROGRAM_FILES%]eudoraqualcomm2eudoraeudprivadsadcache
[%PROGRAM_FILES%]topicks
[%WINDOWS%]systemadcache

Registry Keys:
HKEY_CLASSES_ROOTadm25.adm25
HKEY_CLASSES_ROOTadm25.adm25.1
HKEY_CLASSES_ROOTappidadm.exe
HKEY_CLASSES_ROOTappidaltnet signing module.exe
HKEY_CLASSES_ROOTclsid{1d3bce37-7834-4579-8169-e67681420a98}
HKEY_CLASSES_ROOTclsid{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
HKEY_CLASSES_ROOTclsid{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
HKEY_CLASSES_ROOTclsid{def37997-d9c9-4a4b-bf3c-88f99eaceec2}
HKEY_CLASSES_ROOTclsid{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_CLASSES_ROOTinterface{258a3625-183b-4477-aee2-ea54df6d878d}
HKEY_CLASSES_ROOTinterface{29e825aa-13bc-457c-806a-d72e4a25b3c5}
HKEY_CLASSES_ROOTinterface{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
HKEY_CLASSES_ROOTinterface{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
HKEY_CLASSES_ROOTinterface{e79dadc6-18d0-4a2a-831f-d196d41f8438}
HKEY_CLASSES_ROOTinterface{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_CURRENT_USERsoftwarecydoor
HKEY_CURRENT_USERsoftwarecydoor services
HKEY_LOCAL_MACHINEsoftwarealtnet
HKEY_LOCAL_MACHINEsoftwareclassesclsid{1d3bce37-7834-4579-8169-e67681420a98}
HKEY_LOCAL_MACHINEsoftwareclassesclsid{9bbcf06c-dcd7-495d-80df-cdd5399d0ff8}
HKEY_LOCAL_MACHINEsoftwareclassesclsid{c15b7ea2-a360-43e8-a591-5faedc7c4e1d}
HKEY_LOCAL_MACHINEsoftwareclassesclsid{def37997-d9c9-4a4b-bf3c-88f99eaceec2}
HKEY_LOCAL_MACHINEsoftwareclassesclsid{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{16097036-894c-4c00-a61f-93ca0d49a70e}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{1b540d44-3f61-4394-ae30-25fdc3649405}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{258a3625-183b-4477-aee2-ea54df6d878d}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{29e825aa-13bc-457c-806a-d72e4a25b3c5}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{2ed5af98-9258-45ba-b79b-06625c92f662}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{700dc0dd-f409-42e0-9de5-21ee1a2ba9fd}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{9d4548ce-92fd-4c6c-ae7f-3dbe3bc763d8}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{ce9b37ec-d243-47a2-83db-3a8350175193}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{d273d427-57c6-4b12-860f-bbb8195f6e2a}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{e79dadc6-18d0-4a2a-831f-d196d41f8438}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{e813099d-5529-47f4-9b37-4afafcb00a43}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{fd42f6d3-7ab1-470c-979b-7996edc99099}
HKEY_LOCAL_MACHINEsoftwarecydoor
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionapp managementarpcachetopicks
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_202
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_277
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_336
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_371
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks
HKEY_USERS.defaultsoftwarecydoor
HKEY_USERS.defaultsoftwarecydoor services
HKEY_CLASSES_ROOTclsid{02cdb0ed-874a-4dcb-8d9f-c2e3b169f265}
HKEY_CLASSES_ROOTclsid{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOTclsid{1717a4a5-d63a-4f70-b373-ae4aa46d1236}
HKEY_CLASSES_ROOTclsid{5c40012e-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOTclsid{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}
HKEY_CLASSES_ROOTclsid{9f8ac164-6826-4b52-8f65-9c31305e81cc}
HKEY_CLASSES_ROOTclsid{cbdb0279-9d76-48ac-abd3-8cb9a4d73d4a}
HKEY_CLASSES_ROOTclsid{d7cb5baf-18d9-46d4-8f72-909d409506fa}
HKEY_CLASSES_ROOTdatamgr32.actionmgr
HKEY_CLASSES_ROOTdatamgr32.actionmgr.1
HKEY_CLASSES_ROOTdatamgr32.datamgr1
HKEY_CLASSES_ROOTdatamgr32.datamgr1.1
HKEY_CLASSES_ROOTfetchcomm.commfetch
HKEY_CLASSES_ROOTfetchcomm.commfetch.1
HKEY_CLASSES_ROOThtcheck2.checkpage
HKEY_CLASSES_ROOThtcheck2.checkpage.1
HKEY_CLASSES_ROOThtcheck2.chelpobj
HKEY_CLASSES_ROOThtcheck2.chelpobj.1
HKEY_CLASSES_ROOThtchecksvr.scanpage
HKEY_CLASSES_ROOThtchecksvr.scanpage.1
HKEY_CLASSES_ROOTidiumupdater.idiumsysupdater
HKEY_CLASSES_ROOTidiumupdater.idiumsysupdater.1
HKEY_CLASSES_ROOTinterface{5c40012d-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOTinterface{5c40012f-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOTinterface{c809ee32-c648-459b-9a99-5cb20f61dcfc}
HKEY_CLASSES_ROOTinterface{dae6416e-491d-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOTinterface{eb29cd69-7020-4d1d-a0be-72130dfba9f7}
HKEY_CLASSES_ROOTtopicks.topicksbar
HKEY_CLASSES_ROOTtopicks.topicksbar.1
HKEY_CLASSES_ROOTtopicksreg.topickreg1
HKEY_CLASSES_ROOTtopicksreg.topickreg1.1
HKEY_CLASSES_ROOTtypelib{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOTtypelib{49d25a3f-28ef-4f38-bf7f-bc5fe6d39fa7}
HKEY_CLASSES_ROOTtypelib{5c400120-44ca-11d7-8411-0002a5f9d08e}
HKEY_CLASSES_ROOTtypelib{9a7cfeda-5911-4ef1-b49a-35c34230ffc1}
HKEY_CLASSES_ROOTtypelib{be7613d4-7d09-4cf8-b747-6dff0564891e}
HKEY_CLASSES_ROOTtypelib{dae64161-491d-11d5-ab93-00d0b760b4eb}
HKEY_CLASSES_ROOTtypelib{f533946a-db32-4426-a104-bc22f543da6a}
HKEY_CURRENT_USERsoftwaretopicks
HKEY_LOCAL_MACHINEinterface{262c80b1-9f63-45ea-acf7-539bdacd0e12}
HKEY_LOCAL_MACHINEinterface{68ccc4da-b487-4791-ad94-e72fd4d1074c}
HKEY_LOCAL_MACHINEinterface{a02235e1-68ba-11d5-ab93-00d0b760b4eb}
HKEY_LOCAL_MACHINEinterface{b2ffa779-8dc5-4774-837f-7323b32e293e}
HKEY_LOCAL_MACHINEinterface{b8492793-8827-4172-a83f-e4a6de6e707f}
HKEY_LOCAL_MACHINEinterface{c809ee32-c648-459b-9a99-5cb20f61dcfc}
HKEY_LOCAL_MACHINEinterface{e964b4a5-351b-40a6-8b8d-d856aac538dc}
HKEY_LOCAL_MACHINEsoftwareclassesinterface{91d91d21-8008-429d-821c-7266aac84a9f}
HKEY_LOCAL_MACHINEsoftwareclassestopicks.topicksbar
HKEY_LOCAL_MACHINEsoftwareclassestopicks.topicksbar.1
HKEY_LOCAL_MACHINEsoftwareclassestopicksreg.topickreg1
HKEY_LOCAL_MACHINEsoftwareclassestopicksreg.topickreg1.1
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_253
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_270
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_314
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalladsupport_319

Registry Values:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopr1150.xml
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopr1150.xml
HKEY_CURRENT_USERsoftwaremicrosoftinternet explorermain
HKEY_CURRENT_USERsoftwaremicrosoftinternet explorermain
HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionrun
HKEY_LOCAL_MACHINEhardwareresourcemappnp managerpnpmanager
HKEY_LOCAL_MACHINEhardwareresourcemappnp managerpnpmanager
HKEY_LOCAL_MACHINEsoftwareclassesappidadm.exe
HKEY_LOCAL_MACHINEsoftwareclassesappidaltnet signing module.exe
HKEY_LOCAL_MACHINEsoftwareclassesappidhtchecksvr2.exe
HKEY_LOCAL_MACHINEsoftwaremicrosoftinternet explorertoolbar
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrunonce
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopicks - explore the web
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopr1150.xml
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstalltopr1150.xml
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallwebcpr.xml
HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionuninstallwebcpr.xml
HKEY_USERS.defaultsoftware
HKEY_USERS.defaultsoftware

Removing Cydoor:

An up-to-date copy of ExterminateIt should detect and prevent infection from Cydoor.

If you do not have ExterminateIt and you are worried that you may have infected computer, you could run trial version of ExterminateIt, or remove Cydoor manually.

To completely manually remove Cydoor malware from your computer, you need to delete the Windows registry keys and registry values, the files and folders associated with Cydoor.

  1. Use Task Manager to terminate the Cydoor process.
  2. Delete the original Cydoor file and folders.
  3. Delete the system registry key parameters
  4. Update your antivirus databases or buy antivirus software and perform a full scan of the computer.

We recommends that all Internet users
back up any important information on their computers,
enable maximum protection from network attacks and malicious code on their computers,
refrain from executing suspicious programs received from untrustworthy sources.



ExterminateIt effectively and automatically removes Cydoor from you computer
and is a good solution for those who are seeking easy and effective protection for their computer
from Trojan Horses, Rootkits, Backdoors, spyware, botnets, keystroke loggers, dialers and other malicious software(malware).


Download ExterminateIt! to instantly get rid of Cydoor!

Check now if your PC is infected with Cydoor

You can buy full version of ExterminateIt at RegNow.com.

Also Be Aware of the Following Threats:
Remove Cbomb.ANSI.Bomb Worm
Remove Afhrm Trojan
Remove Bus.Conquerer Trojan
Remove QDel117 Trojan
Remove Catman Trojan

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)