"Comet Cursor" Spyware Back with a Vengeance !

  QQAA 06:56 25 Dec 2003

Recently, I visited click here and happened to download a screensaver from that website.

Along the way, a pop-up window emerged asking for permission to activate a so-called 'Download Manager' to assist the process. Although slightly concerned, I had allowed it and the resulting built-in progress bar showed quite a handful of contents being downloaded.

Later on, when I used my favourite "Ad-aware" for a routine check on spywares, it reported one trace of the (once-famous) "Comet Cursor" spyware in my harddisk. I removed it of course.

However, my software firewall almost immediately displayed a notice asking for my permission to allow a so-called 'Download Manager' implementation to access the internet.

I thought something was wrong and that "Ad-aware" may not have done a thourough job this time. Therefore, I runned it again several times (with a few system reboots as expected) but somehow "Comet Cursor" was able to 'reactivate' itself, as confirmed by subsequent scans. There are also occasional notices from my firewall regarding 'Download Manager' trying to access the internet from my system.

Frustrated by the persistent failure, I tried two other sypware removal tools : (1) Spybot-Search and Destroy (2) Spy Sweeper.

Spybot has managed to discover a few more traces (about 3) of the Comet Cursor. Spy Sweeper managed to discover even more traces (over 20) of the spyware. Unfortunately, both also failed to remove the spyware permanently and allowed it to re-activate itself after removal from scans.

Has anyone here encountered the same situation or perhaps someone has a better idea on removing the Comet Cursor sypware permanently ?

  howard60 08:44 25 Dec 2003

remove using your ad aware then before you reboot - you could try going to start - run - type in msconfig - go to the startup tab and take the tick out of cometcursor or whatever it is calling itself in there. When yhou restart put a tick in the left box do not show again etc and ok. then it should not come again. Also check it is not in the main startup folder. If all else fails you will either have to edit the registry to remove all traces of it or if you have me or xp use system restore to go back to before you installed it.

  zanwalk 09:45 25 Dec 2003

Just entered 'comet cursor on Google and came up with this site:

click here

Any help?

  QQAA 11:19 25 Dec 2003

I have just used the msconfig command to check out but there are no mention of Comet Cursor (or similar stuffs) there.

I have now also checked the Add/Remove applet in the Control Panel of my Windows XP (as suggested in the Comet Cursor website) and found no mention of Comet Cursor or anything related either. By the way, I am not prepared to install Comet Cursor and uninstall it as adviced by the websit at this point in time.

Perhaps I should wait a couple more days to see if the latest definition from Ad-aware and others could tackle the issue. I hope they would take it as a challenge to do so.

  VoG II 12:28 25 Dec 2003

Some info click here

  bab5 12:37 25 Dec 2003


have you tried turning system restore off and then booting into safe mode and running your anti-spyware programmes ?? might clear it that way.


  Baslla321 12:40 25 Dec 2003

See PCA Thread 'WCMDmgr who is he?' 12/12/03 1044 Its very similar

  Gaz 25 14:27 25 Dec 2003

On my old PC I had that, until I removed it with Adaware.

  QQAA 04:06 26 Dec 2003

On a related inspiration from bab5, I probably can use the System Restore to solve the issue. But I am very reluctant because I would lose some useful tools installed after downloading the screensaver (through the so-called 'Download Manager' of the site) from this screensaver website click here.

Therefore, later I would try exactly as advised by bab5 and reboot into the SAFE mode while turing off the System Restore function of my Windows XP.

By the way, there are no traces of "WCMDmgr" in the registry when I run Regedit. So the earlier 'WCMDmgr who is he?' message thread as initiated by Baslla321 on 12 Dec 03 while being similar in nature, does not help my cause.

Spyware has progressed to become a greater irritation than virus nowadays.

  QQAA 05:03 26 Dec 2003

I have turned off System Restore and runned "Ad-aware" in Safe Mode, which removed a trace of Comet Cursor as expected.

This time, a rescan by "Ad-aware" showed that the said spyware trace has indeed been 'removed' because it returned a ZERO result. Further scannings by "Spybot-Search & Destroy" and then "Spy Sweeper" (also under Safe Mode) proved it.

Thinking the problem might was finally solved, I reboot into Normal Mode and runned a fresh scan in Ad-aware. Unfortunately, the same Comet Cursor spyware trace appeared again. Besides, almost immediately my firewall displayed a message saying that a 'Download Manager' was trying to connect to the internet......

I think I just have to put this issue aside and see if future spyware definitions of "Ad-aware", "Spybot-Search & Destroy", and "Spy Sweeper" would handle the (presumably) new variant of "Comet Cursor" sypware adequately.

Perhaps in the next couple of weeks more people would have encountered this spyware to alert the vendors into developing suitable definitions.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

HTC U12 Plus review: Hands-on

Best Android emulators for Mac

TV & Streaming : comment regarder Roland Garros ?