C-dilla Removal

Posted on 2004-04-08
Medium Priority
Last Modified: 2012-05-04
I recently bought a used computer. When I took it out of the box, I found several older-version software CDs and, over a period of a couple of months, installed 6 or 8 of them on my newer machine. They're all uninstalled now and have been passed on in the box when I resold the older one. However, I do have a memento -- the C-dilla trojan.

Hardly anybody really knows anything useful about C-dilla and there is no fix available for it. It's supposed to be in Add/Remove Programs, but it's not. There is supposed to be an uninstall for it at Intuit, but it's been removed, besides, there are so many different versions, I might never hit the right one. Spybot is supposed to remove it, but it doesn't. I've been to many forums and done tons of searching -- I get hardly any response at all.

Listed below are what I've found on my system:

1) C-Dilla  -- Non-Plug and Play Driver (enabled).

2) CDANTSRV.EXE -- C:\WINDOWS\system32\drivers.

3) CDANT.SYS -- C:\WINDOWS\system32\drivers.

4) CDILLA16.EXE -- C:\Windows.

5) F:DRIVE -- Mysterious 16-bit, 46.9MB partition that contains a folder called TEST, It tests the modem, bios, etc for something, probably illegal software. I didn't load this partition, nor did Windows or eMachines, but guess what sometimes loads a partition when it is installed -- yep, C-dilla.

6) 34 entries in the registry (there could be more that I can't find).

I'd like to avoid formatting at this time so I've made a full data backup, backed up the Registry, and set a new restore point. All I know to do is to start deleting, and take anything I can't delete to the DOS prompt to continue trying. I'm not sure, however, of the order in which the files (including the driver in Device Manager and the Registry entries) should be deleted. Also, should I do any reboots during this process?  
Question by:larryfretwell

Expert Comment

ID: 10793210
You should be able to remove the files when in safe mode.

I believe that Ad-aware (ww.lavasoft.com) and Search and Destroy (http://www.safer-networking.org/) get rid of this.

Expert Comment

ID: 10793308
try to delete and remove only the C-dilla related files through maual removal , it should only effect the app files that was installed with, in that way appz will be disabled.

this should help you out..

Author Comment

ID: 10795516
benclelland, malir -- I clicked the link you gave me and searched for C-dilla. Here's what I found:

"Release 4 of Spybot-S&D 1.1 (December 28, 2002). Release 4 improves the removal of C-Dilla (installed as device driver)."

I realize it's old, but that's not the point. I've used Spybot for over 2 years and I guess it's possible that it killed the functioning of the software, but didn't clear all of the files and the driver. Norton SystemWorks notified me that "my partition had been deleted; did I want to put it back?" At the time I thought Windows or eMachines had included it, so I said yes, put it back. Now I'm thinking Spybot might have deleted it. The software has apparently been disabled to some extent because Spybot no longer detects it and I run it twice a week. Pest Patrol has discontinued its detection and removal of C-dilla, but it might have disabled it prior to the discontinuation.

After a new restore point and registry backup, I'm going to find out what will delete... I'll let you guys know what comes of it.  

Accepted Solution

skyflash_de earned 2000 total points
ID: 11704006

Erm..... C-Dilla is not a trojan.

Yes, someone may have named their trojan C-Dilla, but it ALSO is a legit tool for licensing of applications, for example it is used by 3D studio.

If it is a normal application, its no wonder that no spyware remover removes it. :P
If you remove C-Dilla, the applications will not work anymore that it was used to license.

But, C-Dilla doesnt install on its own, you probably installed it yourself while installing some of the "backup" CDs you found.

Its really easy to uninstall it, just use the uninstaller. And if you deleted the uninstaller, just delete the folder and let RegCleaner run and its all gone.
LVL 27

Expert Comment

ID: 15727276
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: skyflash_de{http:#11704006}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

EE Cleanup Volunteer

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

It's not just another paperwork submission. Serious planning and rigour to managing the whole thought processes need to be put in place. The intent is not on drilling into the details, but to share tips in getting the first thing right to kick-start…
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question