cd_load.exe is part of the CyDoor spyware, installed with, among other programs, popular file sharing client iMesh. It downloads advertisements to your computer, even when the host application is not running - it snoops on your browser history (although it is unknown if it actually transmits it to anyone) and may sometimes try to connect up to 10 times per second, causing a strain on your connection.

Here's how to see if you've got the CyDoor trojan:

1) Open your task manager - on Win9x, you press Ctrl-Alt-Delete; on WinNT or Win2k, you press Ctrl-Alt-Delete and hit "Task Manager". If there is a program called "cd_load" running, you're infected.

2) Search your registry (using regedit). If you find anything that says "CyDoor" or "cd_load.exe", you're infected.

3) Search your hard drive for any files beginning with "cd_". If you find some, and they're in your Windows or Winnt directory (or in a sub-dir) you're infected.

To remove the CyDoor trojan:

1) If cd_load is running in the task manager, terminate it. This can usually be done by selecting it in the list and pressing the end task button.

2) Delete all the registry keys that reference CyDoor or cd_load.exe. Newer versions of CyDoor may also have a registry key beginning with "Rundll32.exe" which references a CyDoor DLL.

3) Delete all the CyDoor files that you can find. They're called cd_clint.dll, cd_gif.dll, cd_sfw.dll and cd_load.exe. The names and numbers of these files may differ depending on what version of CyDoor you're infected with. There might also be a folder called "Adcache" in your Windows or Winnt folder - delete it.

4) Reboot your computer, then check to see that none of the things you removed have re-appeared. If they haven't, you've removed CyDoor successfully.

FYI: The source of this information was Privacy Power - I didn't write (all of) it. I have, however, removed CyDoor using the above info, so I know that it works.

Log in or register to write something here or to contact authors.