Exterminate It! Antimalware


Known threats:700,086 Last Update:March 16, 12:51


Dear Jean,

Thank you for your follow-up. I did indeed use the Submit State feature last night and this morning, your team sent me instructions to run an 'update' and then re-run Exterminate It! on the PC. I just finished that process and the new update wiped it out. I ran my regular anti-spy/anti-virus to double-check and it wasn't able to detect it either. I appreciate the support from both you and your team.

Linda D.

File: cdnprot.sys

Location of cdnprot.sys and Associated Malware

Check whether cdnprot.sys is present in the following locations:

cdnprot.sys file locations that are Windows version independent:

  • C:\Windows\System32\drivers\cdnprot.sys

Windows 2000, Windows XP, Windows Server 2003 specific cdnprot.sys file locations:

  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\63\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\2B\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\sz3B\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\ss81\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\1C\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\19\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\48\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\setup\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\59\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\98\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\52\cdnprot.sys
  • C:\Documents And Settings\USER_NAME\Local Settings\Temp\C3\cdnprot.sys

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific cdnprot.sys file locations:

  • C:\Users\USER_NAME\AppData\Local\Temp\63\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\2B\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\sz3B\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\ss81\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\1C\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\19\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\48\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\setup\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\59\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\98\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\52\cdnprot.sys
  • C:\Users\USER_NAME\AppData\Local\Temp\C3\cdnprot.sys

If you find cdnprot.sys file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The cdnprot.sys file is associated with malware only if found in the locations listed above.


Different Variations of cdnprot.sys File^

File SizeFile Md5Last Seen
49567A50C2E4FC48BEB1EDDB67694036CBE20Jan 31, 2010
4228036D71293DAA029237529EA376A381ED7Mar 11, 2012
1568002C2C09FC9AFC4C4B939968D36364F5A2Jan 10, 2010
88542C6027A774F3D2B1521979F65638074AEMar 7, 2010
156800814C143AE1E586E9C1A1AF8CB66C15B8Apr 13, 2010
56191378B11A87F5AD3BB50A19E16FC1BEAD8May 26, 2014
1707524532C5FFB0DC6EB66ED506FFAAC100B5Oct 25, 2010
71402839420CD9E3CEA7E41709F7D55558C51Nov 26, 2010

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove cdnprot.sys^

  1. To enable deleting the cdnprot.sys file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select cdnprot.sys and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of cdnprot.sys and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of cdnprot.sys and Associated Malware.
  6. Notes:

    • The deletion of cdnprot.sys will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of cdnprot.sys will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a cdnprot.sys malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type cdnprot.sys. The name of the first found registry value referencing cdnprot.sys is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to cdnprot.sys, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of cdnprot.sys and Associated Malware.