Highlighted
jchuck
1 Nickel

cdasrv.exe?

Greetings.  I've had a heck of a time finding any information on a suspicious (albeit only because there's no information on it) executable I've seen running on both an XP32 machine and a Win7x64 machine I have.  It's very possible that it's a piece or portion of something installed via the MFP 2335dn driver/utility set, since the directory and contents on both machines have write timestamps closely associated with the installation of that software I applied to both machines last night,  but I just wanted to make sure.

CDASrv.exe and the "Common Desktop Service" directory in Program Files in both XP and Win7.  There is a startup reference to both I can see when I run msconfig.  The version of the executable is 1.53.0 iirc (I'm at work), but there is not other indicative author information associated with the dll or executable.

I've seen vague references to cdilla (yuck) in some remedial searches online, then then a one off page that's not a dell site, but has information about that version of this file proprtedly provided by dell along with an msiconfig call on how to remove it.

Is this something to be worried about?

Thanks.

0 Kudos
11 Replies
Bugbatter
6 Gallium

Re: cdasrv.exe?

I cannot answer your question unless I know more about the system. Dell is currently not handling malware removal. Do any of your security programs flag this file as malware? I would suggest posting at SpywareHammer and have a volunteer helper take a look at what is running. The help is free, but you will need to register first.


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
jchuck
1 Nickel

Re: cdasrv.exe?

Nothing's being flagged using Security Essentials and up to date on both machines.  I'm still at a personal defcon 2 level after having had to restore the wife's XPS1210 twice in a four month period now due to severe infections.  I suppose I was looking for confirmation one way or the other than this was or was not a Dell installed process, possibly from the 2335dn driver set;  obviously if the Dell utility put it there, then there's nothing to worry about, but all I have to go on is the coincidence that I reinstalled the 2335dn driver software on both machines in a 2 hour window that these files appeared.

Properties of the files:

0 Kudos
ky331
5 Iridium

Re: cdasrv.exe?

just a tangential thought here...  Jchuck said (s)he's "seen vague references to cdilla (yuck) in some remedial searches online..."

When I do a (Yahoo) search for CSASrv.exe , it decided to augment my query:   "We have (also) included cdantsrv.exe results".   And when I then click on some links for cdaNTsrv.exe , I see references to cdilla.  

I could find no "meaningful" results associated with simply cdasrv.exe.

You might want to double check your seaching, to see if that's happening for you.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware


Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM3 Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent.


[I believe computer-users who sandbox (Sandboxie) are acting prudently.]

0 Kudos
Bugbatter
6 Gallium

Re: cdasrv.exe?

If you don't want to post at SpywareHammer, you could have both files analyzed at Virus Total –
 http://www.virustotal.com/

At the top of the page you will see:
Select file>Browse>Send
Just follow the prompts.
The submission will then be tested against many different AV vendors’ scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

There isn't much more I can do from here without getting a more comprehensive picture of everything that is running on that system along with some stats. You would need to post at a forum that reads logs or get help from Dell paid support.


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
jchuck
1 Nickel

Re: cdasrv.exe?

Outstanding.  Thanks so much, Cradz.

I was expecting that this post may eventually show up in search engine results that may help people in the future.  Surprising that there's practically nothing about it at this point.  I'll try to find the search result that pointed in the general direction of cdilla tonight.  "cdantsrv.exe" was certainly the majority of those results, but there was one in particular that referenced the executable that I'm referring to specifically.

I won't get negative about the obscurity or lack of details for the executable, but it would probably be appreciated if someone responsible for the driver and utility exe builds to put some information in there to alleviate any confusion like this.  "Copyright 2010" isn't very helpful to anyone frankly.  

0 Kudos
Cradz
1 Copper

Re: cdasrv.exe?

No problem jchuck. Glad you had this topic as it solved the mystery for me. Smiley Happy

Reposting the "good" part of my previous post so that others understand your response:

I think this is something to do with the 2335dn. I'm an IT Manager and I just ran a search looking for what this was and found your topic. The user happens to have a new 2335dn. The rest of office have older printers and this exe isn't on their machines.

0 Kudos
Bugbatter
6 Gallium

Re: cdasrv.exe?

Glad you got it sorted out.


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos
wdcs
1 Nickel

Re: cdasrv.exe?

got this from another site:

By Alvydas 2012-06-16 12:39:46
Samsung Easy Printer manager file. Came with Samsung printer drivers CD. When I uninstalled item from program files, it dissapeared from registry and .exe file also dissapeared.

 

0 Kudos
Bugbatter
6 Gallium

Re: cdasrv.exe?

Thanks for your input to this outdated topic, but where do you see a connection? More info HERE

Nevertheless, the file seems to be safe: http://f.virscan.org/CDASrv.exe.html


Windows Insider MVP 2016 -

Microsoft MVP - Consumer Security 2006-2016

Social Media and Community Professional

0 Kudos