- Oct 9, 1999
- 2,325
- 0
- 0
I booted to W98 for a change and when I opened Windows Explorer my trusty atguard caught an outbound connection.
A Trojan!!! I exclaimed...
Well it turned out that it was the marketing kind of Trojan. The site that Windows Explorer was trying to connect was host1.net, which I didn't visit.
But after checking whois I found out that host1.net was owned by CometSystems.com which is a company that makes the Comet Cursor.
I don't remember well, but there is a chance that this comet cursor came with some well known program. I just remember this name from somewhere.
So a word to those who have Comet Cursor. It might be calling home behind your back.
Besides several entries on the registry I found two files belonging to the mofo. One is Comet.dll, which I couldn't rename beacuse windows was using it. But I renamed it in the registry anyway.
The other, a little more suspicious, was a real exe file called csuninst.exe.
I didn't try executing this file yet, but I took a look inside and found the names of Corel, Netscape and Microsoft. As well as the mention of a plugin.
I don't know if this "trojan" is already known, I'm too tired to check the list of rogue apps, but I thought it was worth passing along the message for those who care.
A Trojan!!! I exclaimed...
Well it turned out that it was the marketing kind of Trojan. The site that Windows Explorer was trying to connect was host1.net, which I didn't visit.
But after checking whois I found out that host1.net was owned by CometSystems.com which is a company that makes the Comet Cursor.
I don't remember well, but there is a chance that this comet cursor came with some well known program. I just remember this name from somewhere.
So a word to those who have Comet Cursor. It might be calling home behind your back.
Besides several entries on the registry I found two files belonging to the mofo. One is Comet.dll, which I couldn't rename beacuse windows was using it. But I renamed it in the registry anyway.
The other, a little more suspicious, was a real exe file called csuninst.exe.
I didn't try executing this file yet, but I took a look inside and found the names of Corel, Netscape and Microsoft. As well as the mention of a plugin.
I don't know if this "trojan" is already known, I'm too tired to check the list of rogue apps, but I thought it was worth passing along the message for those who care.