Just caught my Windows Explorer trying to connect to a site on its own.

WoundedWallet

Platinum Member
Oct 9, 1999
2,325
0
0
I booted to W98 for a change and when I opened Windows Explorer my trusty atguard caught an outbound connection.

A Trojan!!! I exclaimed...

Well it turned out that it was the marketing kind of Trojan. The site that Windows Explorer was trying to connect was host1.net, which I didn't visit.

But after checking whois I found out that host1.net was owned by CometSystems.com which is a company that makes the Comet Cursor.

I don't remember well, but there is a chance that this comet cursor came with some well known program. I just remember this name from somewhere.

So a word to those who have Comet Cursor. It might be calling home behind your back.

Besides several entries on the registry I found two files belonging to the mofo. One is Comet.dll, which I couldn't rename beacuse windows was using it. But I renamed it in the registry anyway.

The other, a little more suspicious, was a real exe file called csuninst.exe.

I didn't try executing this file yet, but I took a look inside and found the names of Corel, Netscape and Microsoft. As well as the mention of a plugin.

I don't know if this "trojan" is already known, I'm too tired to check the list of rogue apps, but I thought it was worth passing along the message for those who care.
 

jor888

Member
Jul 26, 2000
93
0
0
Most new software now have stuff like this they install extra files and when u open ie they just go directly to their website or they make their website ur home page. Some will also put their website in ur favorite list too.
 

lostnthenet

Member
Sep 7, 2000
60
0
0
I have seen that comet cursor thing before. If you go to some web sites, they will have content that needs this plugin. It will normally give you a security warning and you have the option of saying yes or no to install it. You should be able to open that uninstall file and get rid of it. Just be careful when you see a site asking you about a plugin.
 

loogie

Banned
Oct 18, 1999
2,478
0
0
The plugin is for custom mouse cursors on websites. Its one of the stupid things people put on their website bc they think its cool.
 

Wooster

Golden Member
Oct 21, 1999
1,463
0
76
I just happen to cross Comet Cursor web site and installed its plug-in. Realized it always connect to its site for updating the new cursor to download into my system.

I removed it by going into control panel and remove program. It's not a trojan.
 

WoundedWallet

Platinum Member
Oct 9, 1999
2,325
0
0


<< It's not a trojan. >>


In the technical sense of the word, it is a trojan. Just not the kind that delete all your files or transform your machine into a zumbi.

Thanks for pointing out the &quot;uninst&quot; part of that exe Jonny. Since I went to CSUN I was reading it csun-inst :)

I just finished deleting the two files and I'm now fine with it.

But can you imagine if you buy a new toaster and the toaster calls the factory every month to report how many toasts you had that month? Hmmm... isn't there a web toaster around already?
 

Pretender

Banned
Mar 14, 2000
7,192
0
0
It's not a trojan in the fact that it asks you whether you want to install, and doesn't start messing with your computer once it is installed.
 

AMB

Platinum Member
Feb 4, 2000
2,587
0
0
If it is a trojan, it is lucky that I had sense not to insall it in the first place :D
 

Paladinexe

Senior member
Jul 18, 2000
307
0
0
Comet Cursor is spyware for data base profiling. It collects data about your mouse clicks and interests. There is a program that will detect and remove it. Try http://www.lavasoft.de for their adaware program. Another program that only removes Aureate spyware is called Optout.exe. If you really want to enhance your privacy check out Spider.exe which will open your index.dat file and allow you to print or delete the contents. This is where Microsoft locks all your online history.