what's with the cydoor ads?

[Lamourlady]

is this not a form of spyware/adware?

Quote:

application Adware/Spyware
See in-depth notes below

Type of application DLL
Calls home to: www.rgs1.net (HTTP/80)
www.rgs2.net (HTTP/80)
www.cms1.net (HTTP/80)
www.cms2.net (HTTP/80)
www.bns1.net (HTTP/80)
www.bns2.net (HTTP/80)
Placed on system by: Free Software (KaZaA, iMesh, etc.)
Paid-for Software
Disclosure Handled by Cydoor installer (latest version)
Handled by the host application: leading to a potential finger-pointing loop. (previous versions)

Installs to: C:\WINDOWS\SYSTEM\CD_CLINT.DLL
C:\WINDOWS\SYSTEM\CD_GIF.DLL
C:\WINDOWS\SYSTEM\CD_HTM.DLL
C:\WINDOWS\SYSTEM\CD_HTML.DLL
C:\WINDOWS\SYSTEM\CD_SWF.DLL
Loads via: Other Program
Programs using Cydoor load the DLL at run-time and import functions from it.

Stealth Features All files (including ad cache) buried in System dir.

Hostile Features N/A
Insecure Features Downloads executable code

Privacy Transmits email address (if supplied) to Cydoor only.
Transmits user-supplied demographic information (if supplied) to Cydoor. Shared with others in aggregate.
Transmits advertising metrics (ad displays, clicks, etc.)
Uses cookies
Uses GUID to track users across sessions*
* Depending on version. The current version no longer includes a GUID.


In-Depth Info

Cydoor's CD_CLINT.DLL is a libarary used by Cydoor-sponsored applications:

If the application is intended to be used online (e.g. file sharing client, WWW browser), only CD_CLINT is needed/installed.
If the application is for offline use (e.g. mp3 player, graphic editor), CD_LOAD.EXE is run in the background at all times. It downloads ads whenever a connection is available, for offline use.
In our test installation (version 3.2), Cydoor was clearly disclosed during the installation, before it was actually installed. Upon starting, it connects to rgs1.net [log], presumably to get a list of other ad servers (listed above). The DLL logs into one or more of these servers to exchange data [log]. Ads are then downloaded from these servers and stored in C:\Windows\System\adcache\ for display by the host application(s).
In our test installation, Cydoor's CD_CLINT.DLL downloaded executable code to the test system [log]. While the code (a Visual C++ library, ATL.DLL) was not malicious, the program's ability to silently load executable code presents a potential security vulnerability to the user.

The current version appears to respect the user's privacy and informed consent. Therefore, we consider this version most accurately categorized as "Adware". Older versions could more accurately be considered "Spyware".


Other Versions
Cydoor has cleaned up its act considerably since previous versions of its software. Previous versions left it up to the host application's vendor to disclose (or not) that Cydoor ad components were being installed, leading to a finger-pointing loop in cases where the software was not disclosed. Additionally, previous versions used a GUID to track individual users across multiple sessions. This has been removed from the current version, as verified by our tests and information on the Cydoor website. Cydoor's components now come with an uninstall feature that was not present in earlier versions.

If you have older Cydoor components installed, we recommend you either remove the software or (if you use software which requires Cydoor) download the Cydoor file update.

Earlier versions of Cydoor CD_LOAD were similar to the TSADBOT ad-trojan. It is a seperate, always-loading component that digs itself into your Windows Registry (so as to load always on start-up) and refuses to uninstall. It connects to the Internet and downloads ads, transferring data (including a GUID unique to your computer) whether the associated app is running or not. As with TSADBOT, running the installer immediately infects you with the CyDoor trojan, even if the associated application is never installed (you cancel the installation, don't install the software, and/or reject the license agreement). Privacy Power explains:

"If installation of software embedded with Cydoor is terminated by not agreeing with the EULA, Cydoor software may install itself without the software host. This has been personally noted during a rejected installation of MP3 Tag Studio (version 1.6.1) by Magnus Brading Software. If host software containing Cydoor has been fully installed and then uninstalled, the Cydoor component will not be uninstalled."
Imesh, the popular file-sharing client, installs Cydoor spyware. (Guest)
Technical Info
CD_CLINT.DLL exports five functions:

int ServiceShow - places the banner window on the program
int ServiceClose - closes the banner window
void ChannelWrite - used in 2-way communication
void ChannelRead - used in 2-way communication
void DescWrite - sends back information about the user
(Actually, it exports many more, but you're not supposed to know about them.) ServiceShow and ServiceClose return 1 if the operation was successful, and 0 if not. Programs are supposed to refuse operation if the call returns 0.

Removal Procedure:
(Also courtesy of Privacy Power)

1.Delete the following files (usually found in C:\WINDOWS\SYSTEM\):

CD_CLINT.DLL
CD_GIF.DLL
CD_HTM.DLL
CD_SWF.DLL
CD_LOAD.EXE

2.Delete the ADCACHE folder and its contents (usually found under C:\WINDOWS\SYSTEM\).

3.Remove Cydoor and Cydoor Services from the Windows Registry. The following Cydoor keys were added in my Windows 98 Registry and are shown for reference only:

HKEY_CURRENT_USER\Software\Cydoor\
HKEY_CURRENT_USER\Software\Cydoor Services\
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run\ Cydoor=CD_Load.exe

doesn't sound harmful, but i still don't like unwanted stuff on my computer. and i don't like the idea of not being able to use my fav program, unless i accept the adware/spyware.
that just sucks.
it seems to state that it was fully disclosed before installing.
hmmmmmmm.
but if u uninstall the software it comes on, well that doesn't mean that the cydoor is uninstalled......seems to stay on your computer.
just for kicks..........anyone ever had it disclosed to them?
and do u think it's good business?

[Lamourlady]

Quote:

Originally posted by Stoner
Calm down.

Remove kazaa.

Remove spyware by running ad-aware (www.lavasoftusa.com)

Get kazaa lite (www.kazaalite.com www.k-lite.com www.refosearch.tk)

Be happy. Spyware gone. cd_clint.dll is now a fake file that does nothing but claim its ok so the program runs.


Or remove the crap manually from kazaa and get the fake file from www.cexx.org Spyware condom dll

lol.
i'm calm. just wonderin' why zeropaid would actually advertise it here on their forums, seeing as it is a pretty abhorred thing.
and although i've read all of what i posted, i was just curious as to other people's experiences and thoughts on this "adware/spyware", as it states that it was disclosed before installation.
to me the disclosure would more than likely be the small print and if u disagree with their agreement, just because of the "spyware/adware"........u may not get to use this software program.......blackmail ring a bell?
btw, i don't use kazaa.
and yes, i use ad-aware......lol.
but thanks for the advice, as it may help someone else!

[Lamourlady]

Quote:

Originally posted by Stoner
Its posted becasue we've all accepted that you have to rip spyware out of p2p apps.

Its like... a given. lol

maybe to some.
i've always chosen apps WITHOUT it.
but have lately come across a lot of it, only because i've been unhappy with some of the latest upgrades, and have wondered around looking for one that pleases me.

[Lamourlady]

omg.......lmao.......i just noticed that this forum is "sponsered by cydoor"....

can u say........DOH!!!!!!!!!!!!!

[Azo-999]

Yes - Cydoor (and BDE) seems to be the little green men from mars - discussed a much, seldomly seen. Quite a harmless ones - if they would do too much harm to Your computer or Your privacy, The adware-software producers would simply take 'em off (and put some nicer pack instead of those - as many have done...)
It's nice to see how warm it is in Spain or outside my window(s), without moving away from my PC. When U Save helps in other ways. All these little spies do us a favor - and same time sends our privacy to be seen by the big organizations. You get flying banners pumping out of nowhere telling You to play at our on-line casino or just enlarge Your penis. Whats wrong with this...???
YES - I was kiddin' again - I really don't like 'em at all. I have enough SW-understanding to get them out without uninstalling e.g. KaZaA. So as a result, I have a full KaZaA being happy with no spyware - and CNET's happy by my download and KaZaA sw-engineers are happy thinking at their accounts, that one more spywarez is installed and full-functioning somewhere out there. Who's buzzing who?
CD_Clint.dll is replaced with a fine dummy, cydoor's settings at HKCU/cydoor are all set to 999999, CD_???? all other DLLs are just deleted, running Spybot - Search & Destroy 1.0 and Ad-Aware and Trojan Remover daily etc...

Hosts-file modified a little :

# localhost: Needs to stay like this to work
127.0.0.1 localhost
# Known Trojan Attacks Localhosted here !!!
127.0.0.1 *:25
127.0.0.1 *.*:25
127.0.0.1 *.*.*:25
127.0.0.1 *:110
127.0.0.1 *.*:110
127.0.0.1 *.*.*:110
127.0.0.1 *:135
127.0.0.1 *.*:135
127.0.0.1 *.*.*:135
127.0.0.1 *:139
127.0.0.1 *.*:139
127.0.0.1 *.*.*:139
127.0.0.1 *:1025
127.0.0.1 *.*:1025
127.0.0.1 *.*.*:1025
127.0.0.1 *:1027
127.0.0.1 *.*:1027
127.0.0.1 *.*.*:1027
127.0.0.1 *:800
127.0.0.1 *.*:800
127.0.0.1 *.*.*:800
127.0.0.1 *:8080
127.0.0.1 *.*:8080
127.0.0.1 *.*.*:8080

and so on...


:sw :sw :sw :sw

[hawkburn]

hey I have found these lately


THIS FORUM IS BROUGH TO YOU BY CYDOOR AT THE TOP OF THE ADWARE/SPYWARE FORUM

This forum sponsored by Cydoor
Advertising Network for P2P Publishers - No Spyware!

And this image at the top of many ZP pages

[TC75580]

Ads don't work on my computer. It just says 'page cannot be displayed'. I have no clue why. I don't have any popup or ad killers. But it sure is nice, whatever it is :upside

[gorphon]

mine does that too, but irregularly, it is strange to say the least. but actually I just watched my last straw break when IE crashed for about the 5th time today for no apparent reason whatsoever.... so now I am back to opera as default, it sure is a lot more stable than IE is, at least for me.

ah, I just remembered! there needs to be a smilie over there to the left with a little light bulb going off above its head.... I would wager that you (as I have) have installed a version of kazaa lite w/ the supertrick in the installation program, I noticed it a few days ago when I was reinstalling all programs on this worthless box o' scrap I have.

[gorphon]

I rather like the idea of Cydoor paying ZP to advertise for them.... I am sure it is Cydoors idea of damage control as if popular public opinion could be swayed so easily.... well, strike that and insert, "as if popular, informed public opinion could be swayed so easily."

so the way I see it, cydoor is helping Zeropaid pay its costs and is therefore helping to inform the P2P community of the- if not maliciousness- then the (yes, gorphon makes up his own words) dastardliness that is spyware/adware in general and cydoor in particular. I mean hell, this is a company that had its foot in the door at the very beginning of all the adware craziness and are now apparently changing its tune, at least on the surface and most likely due to the realization that the pc using public are not all complete morons who think that little flashing banner- you know the one, "you are already a winner!"- is for real.

[TC75580]

Quote:

Originally posted by gorphon
mine does that too, but irregularly, it is strange to say the least. but actually I just watched my last straw break when IE crashed for about the 5th time today for no apparent reason whatsoever.... so now I am back to opera as default, it sure is a lot more stable than IE is, at least for me.

ah, I just remembered! there needs to be a smilie over there to the left with a little light bulb going off above its head.... I would wager that you (as I have) have installed a version of kazaa lite w/ the supertrick in the installation program, I noticed it a few days ago when I was reinstalling all programs on this worthless box o' scrap I have.

I have Kazaa Lite but I can't find supertrick anywhere.