MoonPoint Support Logo


Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals

Advanced Search
Sun Mon Tue Wed Thu Fri Sat

Sat, Aug 13, 2005 11:03 pm

Cydoor cd_clint.dll False Positive

While checking a system for adware/spyware, SpyCop Spyware Remover reported that cd_clint.dll, which was in c:\windows\system32 was part of "ADWARE: Cydoor". Bazooka Spyware Scanner also reported the file as being part of Cydoor.

Though cd_clint.dll is part of Cydoor, this particular file with an MD5 checksum of 65fd7ea79f626f7b57f4d6ced6339f32 is not. Instead it is a dummy file from CEXX Labs, which is intended to allow you to execute a spyware-dependent program without fear that the program is impeding the system's performance with adware/spyware. The dummy file can be downloaded from "Dummy files for neutering spyware".

The CEXX.Org webpage providing the download states that Pest Patrol 4 also gives a false positive result for this file.

For more information on Cydoor and CD_Clint.dll see Advertising Spyware: CyDoor CD_Load.exe and CD_Clint.dll"

In addition to differences in size and MD5 checksums, you can also easily distinguish the CEXX dummy version of cd_clint.dll from the Cydoor adware version by right-clicking on the file and choosing Properties and then Version. The differences between the files are listed below. It is possible Cydoor has released multiple versions of cd_clint.dll, so the size, checksum, and version information may differ for other versions of the Cydoor cd_clint.dll Dynamic Link Library (DLL) file.

 CEXX Dummy VersionCydoor Adware Version
Size48.0 KB (48,640)151 KB (154,624 bytes)
MD5 Checksum:65fd7ea79f626f7b57f4d6ced6339f32 8ca847eba88f8f6505956b0069983811
Download Site #1 CEXX.Org Moonpoint Support
Download Site #2 Moonpoint Support  
File Version1.
DescriptionDLL (GUI)Cydoor Technologies ad-system
CopyrightCEXX Labs + Mike DombrowskiCopyright (C) Cydoor Technologies, Inc. 1999
Comments"For that EXTRA comfort and protection" This is a module of Cydoor's ad system. Additional information is available at
CompanyCEXX Labs - www.cexx.orgCydoor Technologies, Inc.
File Version1.0.03,2,1,0
Internal NameProjectOneCD_clint.dll
LanguageEnglish (United States)English (United States)
Legal TrademarksCYDOOR is a trademark of CYDOOR Technologies. CEXX.ORG is not affiliated with CYDOOR Technologies Cydoor Technologies(tm)
Original File Nameproject1.dllCD_Clint.dll
Product NameCEXX.ORG Spyware Condom (CYDOOR-Compatible) Cydoor Technologies ad-system
Product Version1.0.0.03,2,1,0
Special Build Description 14

Some antispyware software will report a false positive for the CEXX cd_clint.dll, identifying it as being part of Cydoor adware, apparently from the name alone. Programs I've found report a false positive and those I've found not to report it as malware are listed below.

ProgramProgram VersionDatabase/Definitions Version
False Positive Detection as Cydoor
Bazooka Scanner 1.13.03 8/8/2005
SpyCop 6.21 08-11-2005
Spy Sweeper 4.0.4 (Build 430) 492 (Updated on August 12, 2005)
No False Positive Detection
Ad-Aware SE Personal Build 1.06r1 SE1R61 10.08.2005
ClamWin 0.86.2 19:39 08 Aug 2005 (main: 33; daily 1010)
Microsoft AntiSpyware Beta1 1.0.615 5743 (8/8/2005 8:01:19 PM)
Spybot Search & Destroy 1.4 2005-08-04
Symantec AntiVirus 8/10/2005 rev. 4

I also submitted the file to Jotti's Online Malware Scan, which scanned the file with 14 different antivirus programs all of which reported "found nothing" for the file.


  1. Advertising Spyware CyDoor CD_Load.exe and CD_Clint.dll
  2. Dummy files for neutering spyware
  3. Cydoor - Adware removal instructions

[/security/spyware/cydoor] permanent link

Sat, Aug 13, 2005 9:39 pm

Norton Internet Security Network Access Problem

I've spent a few days trying to resolve a problem on a system where there was no web access, but I could ping IP addresses, except for the IP address of the system itself. I finally traced the problem to the Norton Internet Security 2002 firewall software running on the system.

[ More Info ]

[/os/windows/software/security/firewall] permanent link

Sat, Aug 13, 2005 1:06 pm

Registry P3P History Key

While troubleshooting an Internet access problem on a system, I noticed a lot of entries for dubious sites in the registry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\. There were a lot of keys for domain names I know are associated with adware/spyware, such as,, and There were a lot of other dubious sounding domain names, such as,, and When I checked the values of the keys, I noticed they were all set as follows:

(Default)REG_DWORD0x00000005 (5)

At Microsoft's WinInet Registry settings webpage, I found the following:

Per Site Cookie Handling

To handle site-by-site cookies, per-domain cookie decisions are stored under the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\<domain> key. The domains are added to the registry by WinInet when the user adds sites by using the Per Site Privacy Actions dialog box.

The default value of the <domain> key stores the decision value. The following table shows the possible values.

REG_DWORD: 1 (COOKIE_STATE_ACCEPT) Accept all cookies from this site.
REG_DWORD: 5 (COOKIE_STATE_REJECT) Reject all cookies from this site.

So a value of five in the key will block cookies from a site listed with that value. The values were probably placed there by one of the antispyware programs I previously installed on the system.

Internet Explorer 6 apparently checks the P3P keys to determine whether to allow a site to place a cookie on the system as described in IE6 and cookies. P3P stands for Platform for Privacy Preferences.


  1. WinInet Registry Settings
  2. IE6 and cookies
  3. P3P Public Overview

[/os/windows/registry] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo