Adware.Cydoor is an adware program that displays advertisements. When Adware.Cydoor is executed, it performs the following actions:
- May create some of the following files:
Note: %System% is a variable. The adware component locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
- May create some of the following registry keys:
Other programs usually install Adware.Cydoor. It does not add a registry value to launch itself at startup. Instead, it allows the program that installed it to launch it as the program itself is started. Then, the program uses Adware.Cydoor to download and display advertisements.
The Cd_load.exe file is only installed when the program that installed Adware.Cydoor does not require an Internet connection to function. This file is only used to check for the active Internet connections. The file, Cd_clint.dll, contains all the functionality.
When Adware.Cydoor is launched after installation, it will contact the server www.rgs[?].net (in which [?] is a number between 1 – 4) on port 80. However, it is not limited to this server. This adware can receive a list of other servers from this initial server and connect to them instead. These servers are advertisement servers, and it is from these servers that cydoor retrieves the advertisements.