C-dilla Removal

I recently bought a used computer. When I took it out of the box, I found several older-version software CDs and, over a period of a couple of months, installed 6 or 8 of them on my newer machine. They're all uninstalled now and have been passed on in the box when I resold the older one. However, I do have a memento -- the C-dilla trojan.

Hardly anybody really knows anything useful about C-dilla and there is no fix available for it. It's supposed to be in Add/Remove Programs, but it's not. There is supposed to be an uninstall for it at Intuit, but it's been removed, besides, there are so many different versions, I might never hit the right one. Spybot is supposed to remove it, but it doesn't. I've been to many forums and done tons of searching -- I get hardly any response at all.

Listed below are what I've found on my system:

1) C-Dilla  -- Non-Plug and Play Driver (enabled).

2) CDANTSRV.EXE -- C:\WINDOWS\system32\drivers.

3) CDANT.SYS -- C:\WINDOWS\system32\drivers.

4) CDILLA16.EXE -- C:\Windows.

5) F:DRIVE -- Mysterious 16-bit, 46.9MB partition that contains a folder called TEST, It tests the modem, bios, etc for something, probably illegal software. I didn't load this partition, nor did Windows or eMachines, but guess what sometimes loads a partition when it is installed -- yep, C-dilla.

6) 34 entries in the registry (there could be more that I can't find).

I'd like to avoid formatting at this time so I've made a full data backup, backed up the Registry, and set a new restore point. All I know to do is to start deleting, and take anything I can't delete to the DOS prompt to continue trying. I'm not sure, however, of the order in which the files (including the driver in Device Manager and the Registry entries) should be deleted. Also, should I do any reboots during this process?  
larryfretwellAsked:
Who is Participating?
 
skyflash_deConnect With a Mentor Commented:

Erm..... C-Dilla is not a trojan.

Yes, someone may have named their trojan C-Dilla, but it ALSO is a legit tool for licensing of applications, for example it is used by 3D studio.

If it is a normal application, its no wonder that no spyware remover removes it. :P
If you remove C-Dilla, the applications will not work anymore that it was used to license.

But, C-Dilla doesnt install on its own, you probably installed it yourself while installing some of the "backup" CDs you found.

Its really easy to uninstall it, just use the uninstaller. And if you deleted the uninstaller, just delete the folder and let RegCleaner run and its all gone.
0
 
benclellandCommented:
You should be able to remove the files when in safe mode.

I believe that Ad-aware (ww.lavasoft.com) and Search and Destroy (http://www.safer-networking.org/) get rid of this.
0
 
malirCommented:
try to delete and remove only the C-dilla related files through maual removal , it should only effect the app files that was installed with, in that way appz will be disabled.

this should help you out..
http://www.pestpatrol.com/PestInfo/c/c-dilla.asp
0
 
larryfretwellAuthor Commented:
benclelland, malir -- I clicked the link you gave me and searched for C-dilla. Here's what I found:

"Release 4 of Spybot-S&D 1.1 (December 28, 2002). Release 4 improves the removal of C-Dilla (installed as device driver)."

I realize it's old, but that's not the point. I've used Spybot for over 2 years and I guess it's possible that it killed the functioning of the software, but didn't clear all of the files and the driver. Norton SystemWorks notified me that "my partition had been deleted; did I want to put it back?" At the time I thought Windows or eMachines had included it, so I said yes, put it back. Now I'm thinking Spybot might have deleted it. The software has apparently been disabled to some extent because Spybot no longer detects it and I run it twice a week. Pest Patrol has discontinued its detection and removal of C-dilla, but it might have disabled it prior to the discontinuation.

After a new restore point and registry backup, I'm going to find out what will delete... I'll let you guys know what comes of it.  
0
 
TolomirAdministratorCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: skyflash_de{http:#11704006}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.