Solved

C-dilla Removal

Posted on 2004-04-08
6
1,780 Views
Last Modified: 2012-05-04
I recently bought a used computer. When I took it out of the box, I found several older-version software CDs and, over a period of a couple of months, installed 6 or 8 of them on my newer machine. They're all uninstalled now and have been passed on in the box when I resold the older one. However, I do have a memento -- the C-dilla trojan.

Hardly anybody really knows anything useful about C-dilla and there is no fix available for it. It's supposed to be in Add/Remove Programs, but it's not. There is supposed to be an uninstall for it at Intuit, but it's been removed, besides, there are so many different versions, I might never hit the right one. Spybot is supposed to remove it, but it doesn't. I've been to many forums and done tons of searching -- I get hardly any response at all.

Listed below are what I've found on my system:

1) C-Dilla  -- Non-Plug and Play Driver (enabled).

2) CDANTSRV.EXE -- C:\WINDOWS\system32\drivers.

3) CDANT.SYS -- C:\WINDOWS\system32\drivers.

4) CDILLA16.EXE -- C:\Windows.

5) F:DRIVE -- Mysterious 16-bit, 46.9MB partition that contains a folder called TEST, It tests the modem, bios, etc for something, probably illegal software. I didn't load this partition, nor did Windows or eMachines, but guess what sometimes loads a partition when it is installed -- yep, C-dilla.

6) 34 entries in the registry (there could be more that I can't find).

I'd like to avoid formatting at this time so I've made a full data backup, backed up the Registry, and set a new restore point. All I know to do is to start deleting, and take anything I can't delete to the DOS prompt to continue trying. I'm not sure, however, of the order in which the files (including the driver in Device Manager and the Registry entries) should be deleted. Also, should I do any reboots during this process?  
0
Comment
Question by:larryfretwell
6 Comments
 

Expert Comment

by:benclelland
ID: 10793210
You should be able to remove the files when in safe mode.

I believe that Ad-aware (ww.lavasoft.com) and Search and Destroy (http://www.safer-networking.org/) get rid of this.
0
 

Expert Comment

by:malir
ID: 10793308
try to delete and remove only the C-dilla related files through maual removal , it should only effect the app files that was installed with, in that way appz will be disabled.

this should help you out..
http://www.pestpatrol.com/PestInfo/c/c-dilla.asp
0
 

Author Comment

by:larryfretwell
ID: 10795516
benclelland, malir -- I clicked the link you gave me and searched for C-dilla. Here's what I found:

"Release 4 of Spybot-S&D 1.1 (December 28, 2002). Release 4 improves the removal of C-Dilla (installed as device driver)."

I realize it's old, but that's not the point. I've used Spybot for over 2 years and I guess it's possible that it killed the functioning of the software, but didn't clear all of the files and the driver. Norton SystemWorks notified me that "my partition had been deleted; did I want to put it back?" At the time I thought Windows or eMachines had included it, so I said yes, put it back. Now I'm thinking Spybot might have deleted it. The software has apparently been disabled to some extent because Spybot no longer detects it and I run it twice a week. Pest Patrol has discontinued its detection and removal of C-dilla, but it might have disabled it prior to the discontinuation.

After a new restore point and registry backup, I'm going to find out what will delete... I'll let you guys know what comes of it.  
0
 
LVL 1

Accepted Solution

by:
skyflash_de earned 500 total points
ID: 11704006

Erm..... C-Dilla is not a trojan.

Yes, someone may have named their trojan C-Dilla, but it ALSO is a legit tool for licensing of applications, for example it is used by 3D studio.

If it is a normal application, its no wonder that no spyware remover removes it. :P
If you remove C-Dilla, the applications will not work anymore that it was used to license.

But, C-Dilla doesnt install on its own, you probably installed it yourself while installing some of the "backup" CDs you found.

Its really easy to uninstall it, just use the uninstaller. And if you deleted the uninstaller, just delete the folder and let RegCleaner run and its all gone.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 15727276
No comment has been added to this question in more than 21 days, so it is now classified as abandoned..
I will leave the following recommendation for this question in the Cleanup topic area:
Accept: skyflash_de{http:#11704006}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Tolomir
EE Cleanup Volunteer
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now