Surely you have heard by now that formatting an infected drive in Windows can solve the problem with the virus for good? Matter of fact, some of you have probably even done it successfully (author of this blog included) and can provide testaments that the virus never came back. But formatting doesn’t work always because the virus can write itself onto the portion of the drive that remains unaffected by the process of formatting and it is hard to tell whether the virus is truly gone or not. There’s also the problem in regards to the virus not necessarily showing itself always the same way and taking its time before it reactivates itself. But let’s start from the beginning, about 18 years ago a very suspicious program was discovered that could not be destroyed by the simple process of formatting, it was called CDilla aka [ cdac11ba.exe ].
C-Dilla was originally the name of the copy protection company that got bought by Macrovision in 1999. Macrovision (today known as Xperi, the largest licensing company in the world) later created its own SafeCast Technology (anti-piracy software) which used some of the C-Dilla. Among many others, a company that will later use CDilla in the early 2000’s will be Intuit in its TurboTax 2002 software, one of the most commonly used income tax calculation applications in the United States. What will be revealed later is that CDilla is being installed together with TurboTax 2002 without the user’s permission nor without any notifications. What will make things even worse was that fact that after uninstalling TurboTax 2002, CDilla remained on the computer.
It will be discovered that C-Dilla writes itself onto the Track0 of the HDD since remnants of its code were found in the computer’s registry after the uninstall. Track0 is the area of the HDD at its very beginning where executable code is stored needed to boot the system, so the importance of this finding cannot be overstated. Intuit will find itself on the center of heavy criticism, since many antivirus programs “saw” C-Dilla as malware. Long story short, Intuit will eventually release TurboTax uninstaller which will permanently remove CDilla from the user’s PC together with TurboTax. AuditMyPC will eventually give a verdict that CDilla is not considered spyware because “…the Cdilla does not gather Internet connection information”.
Although today’s Windows and operating systems in general and on the higher security level than Windows 98 or Windows 2000 from that time, it does not mean that they are 100% secure against shenanigans like these. If your computer has been contaminated with the virus and you do not know how to get rid of it simple format might not be enough so make sure to at least use our Active@ KillDisk Freeware that will get you a peace of mind. Since Active@ KillDisk overwrites every sector bit by bit you can be 100% sure that whatever was on your HDD is not coming back .
Software used in the article: