While checking a system for adware/spyware, SpyCop Spyware Remover reported that cd_clint.dll, which was in c:\windows\system32 was part of "ADWARE: Cydoor". Bazooka Spyware Scanner also reported the file as being part of Cydoor.
Though cd_clint.dll is part of Cydoor, this particular file with an MD5 checksum of 65fd7ea79f626f7b57f4d6ced6339f32 is not. Instead it is a dummy file from CEXX Labs, which is intended to allow you to execute a spyware-dependent program without fear that the program is impeding the system's performance with adware/spyware. The dummy file can be downloaded from "Dummy files for neutering spyware".
The CEXX.Org webpage providing the download states that Pest Patrol 4 also gives a false positive result for this file.
For more information on Cydoor and CD_Clint.dll see Advertising Spyware: CyDoor CD_Load.exe and CD_Clint.dll"
In addition to differences in size and MD5 checksums, you can also easily distinguish the CEXX dummy version of cd_clint.dll from the Cydoor adware version by right-clicking on the file and choosing Properties and then Version. The differences between the files are listed below. It is possible Cydoor has released multiple versions of cd_clint.dll, so the size, checksum, and version information may differ for other versions of the Cydoor cd_clint.dll Dynamic Link Library (DLL) file.
CEXX Dummy Version | Cydoor Adware Version | |
---|---|---|
Filename | cd_clint.dll | cd_clint.dll |
Size | 48.0 KB (48,640) | 151 KB (154,624 bytes) |
MD5 Checksum: | 65fd7ea79f626f7b57f4d6ced6339f32 | 8ca847eba88f8f6505956b0069983811 |
Download Site #1 | CEXX.Org | Moonpoint Support |
Download Site #2 | Moonpoint Support | |
Properties | ||
File Version | 1.0.0.0 | 3.2.1.0 |
Description | DLL (GUI) | Cydoor Technologies ad-system |
Copyright | CEXX Labs + Mike Dombrowski | Copyright (C) Cydoor Technologies, Inc. 1999 |
Comments | "For that EXTRA comfort and protection" | This is a module of Cydoor's ad system. Additional information is available at http://www.cydoor.com |
Company | CEXX Labs - www.cexx.org | Cydoor Technologies, Inc. |
File Version | 1.0.0 | 3,2,1,0 |
Internal Name | ProjectOne | CD_clint.dll |
Language | English (United States) | English (United States) |
Legal Trademarks | CYDOOR is a trademark of CYDOOR Technologies. CEXX.ORG is not affiliated with CYDOOR Technologies | Cydoor Technologies(tm) |
Original File Name | project1.dll | CD_Clint.dll |
Product Name | CEXX.ORG Spyware Condom (CYDOOR-Compatible) | Cydoor Technologies ad-system |
Product Version | 1.0.0.0 | 3,2,1,0 |
Special Build Description | 14 |
Some antispyware software will report a false positive for the CEXX cd_clint.dll, identifying it as being part of Cydoor adware, apparently from the name alone. Programs I've found report a false positive and those I've found not to report it as malware are listed below.
Program | Program Version | Database/Definitions Version |
---|---|---|
False Positive Detection as Cydoor | ||
Bazooka Scanner | 1.13.03 | 8/8/2005 |
SpyCop | 6.21 | 08-11-2005 |
Spy Sweeper | 4.0.4 (Build 430) | 492 (Updated on August 12, 2005) |
No False Positive Detection | ||
Ad-Aware SE Personal | Build 1.06r1 | SE1R61 10.08.2005 |
ClamWin | 0.86.2 | 19:39 08 Aug 2005 (main: 33; daily 1010) |
Microsoft AntiSpyware Beta1 | 1.0.615 | 5743 (8/8/2005 8:01:19 PM) |
Spybot Search & Destroy | 1.4 | 2005-08-04 |
Symantec AntiVirus | 9.0.0.338 | 8/10/2005 rev. 4 |
I also submitted the file to Jotti's Online Malware Scan, which scanned the file with 14 different antivirus programs all of which reported "found nothing" for the file.
References: