• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 897
  • Last Modified:

Is my PC infected? cidaemon.exe keeps installing

All of sudden I get a message where my PC runs the installer and starts installing microsoft visio.

I was not attempting to install microsoft visio.

When I checked, I found the process cidaemon.exe was running this installation. I killed the process, but a few minutes later it comes back.

Now I renamed the file into cidaemon.bck, that way it will sleep peacefully, but all of a sudden its running an installation again. It has somehow reproduced itself.  When I check the properties, it still shows the original date and size, nothing seems to have changed.

I downloaded adaware from lavasoft, but when i try to update, it tells it cannot connect to the network, or sometimes it does but comes back and says your updates ate over 200 days old.

the pc seems to run fine, connects to the net and everything is smooth.

something weird is going on in my pc.

I am running windows xp with sp 2. Its an office pc with all the firewall antivirus and stuff.

Please advise, thanks.
1 Solution
"cidaemon.exe is an indexing service which catalogues files on your computer to enable for faster file searches."


But just check to make sure that it is the right file in the correct system location:


To disable windows indexing service:

markov123Author Commented:
It is in the right location.

I have downloaded tweakxp, but could not find the 'disable index' option.

Is it available with the free version?
Disable "Index Service"

The Index Service is a great idea with a really poor implementation. The concept is that every once in a while this service will scan your entire system to build an index, so that when you do searches of your hard drive information can be found quickly. The problem is (a) I don't do that many searches of my hard drive and (b) indexing service really slows things down when it is running. Thus, I highly recommend that it be disabled, unless, of course, you like the feature.

Select "Start", "Settings", "Control Panel", "Administrative Tools" and "Services" to start the "Services" applet. Scroll down to the "Indexing Serivice" service, select the line and right click. Select "Stop" from the menu to stop the service immediately. Once it stops, right-click again and select "Properties". Click on "Startup type" and change it to "Disabled".

Taken from http://www.webhero.org/System/windowsxp_perf.htm

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

btw. you said:
> Now I renamed the file into cidaemon.bck, that way it will sleep peacefully, but all of a sudden its running an installation again

This happens because windows always got a backup copy of "important" system files. So renaming will alarm that mechanism and restore the "missing" file.

markov123Author Commented:
Thanks Tolomir, that info was a life saver, bec my computer was going crazy (and so was I).

I have now disabled Index Service. I have run virus check and it reported no virus. But the installation process does not come back. It seems like the problem is solved.

Now I have two questions.

1. How or why did this happen? Now that I have disabled Index Service, what will happen if I enabled it? What if I really need to enable it?

2. I seem to have problems updating and running Ad-Aware (from lavasoft). It just refuses to update from the web, I get a message saying "Error retrieving updates" Even though the updated file shows today's date, it still says the file is 224 days old. Now the question, is this a related problem, or a totally unrelated incident?

1. The file cidaemon.exe is the index service component. Once you have disabled that service it will not annoy you any longer.
I don't think you will need it, all it provies are fast search results, nothing more. all files are still found but it might take a couple of minutes with the services disabled.

2. I suggest you uninstall that ad-aware stuff and use either spybot search and destroy or the microsoft antispyware beta version.

Both are quite reliable and easy to use:

http://www.safer-networking.org/en/download/   (spybot)

direct download link for microsoft antispyware:

if that is broken (might depend on cookies)  use



Tolomit already provided the solution, but a little addition on it.
1) Unneed. Most people barely use search file anyway, so its more a wasteof CPU time then helpfull

2) Its possible the file has todays date, and its still 224 days old. Why is this? Most probally, AD-aware opens the file for writing.
If a file is opened to write to, the opeingprogram can write data to it. If the update fails however, no data is written to it, but because its opened and closed, it gets a new time stamp on it. Thats why it looks like its created today, even trough it isnt updated.
markov123Author Commented:
Thanks Tolomir, everything is fine now, exept for the adaware, it doeant work, I will try spybot, but am just intrigued as to why it should work in my laptop and not pc?

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now