Friday
2009-01-10, 20:05
The following instructions have been created to help you to get rid of "Comet Cursors" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
tracking
Description:
I couldn't review the privacy statement for 4.0 because I got a 404 (File not found error). According to http://and.doxdesk.com/parasite/CometCursor.html , Comet Systems tracks what websites using Comet Cursors you visit.
Supposed Functionality:
Cursors add-ons for Internet Explorer
Links (be careful!):
Website: http://www.cometcursors.com/
Privacy: http://www.cometsystems.com/privacy/introduction.html
Removal Instructions:
Desktop:
Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
Shortcuts named "Comet Cursor.lnk" and pointing to "<$PROGRAMFILES>\Comet Systems\Platform\Bin\comet.exe".
Shortcuts that include "comet\bin\comet.exe" in the target they point to.
Start Menu:
Please remove the following items from your start menu.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
Items named "Comet Cursor.lnk" and pointing to "<$PROGRAMFILES>\Comet Systems\Platform\Bin\comet.exe".
Items that include "comet\bin\comet.exe" in the target they point to.
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries pointing to "comet\bin\comet.exe".
Entries pointing to "COMETS~1\DM\bin\dmserver.exe /onreboot".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "CC2K".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$SYSDIR>\comet.dll".
The file at "<$PROGRAMFILES>\COMETS~1\DM\bin\dmserver.exe /onreboot".
Make sure you set your file manager to display hidden and system files. If Comet Cursors uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMFILES>\Comet Systems".
The directory at "<$SYSDIR>\Comet".
The directory at "<$PROGRAMFILES>\Comet".
Make sure you set your file manager to display hidden and system files. If Comet Cursors uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "COMETKEY" at "HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\UserKeys\".
Delete the registry key "Comet Systems" at "HKEY_LOCAL_MACHINE\Software\".
A key in HKEY_CLASSES_ROOT\ named "BHO.CSBHO", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CometIEToolbar.CometToolbar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BrowserAppProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometCursor", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BHO1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BinXml", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CS15Cursor", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.FileInfo", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometFrame", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.HttpComm", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.MyBrowser1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.System", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometUIEvents", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.SelfUpdater", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometWindow", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.WindowProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBand.VerticalIEBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBand.HorizontalIEBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.EvHandler", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.CSEngine", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.CSHost", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSCtb.CTB", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSCollection", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSIPDispatch", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSIPPacket", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.ActiveWindow", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.CometBar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.FrameSink", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.CSkinUI", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.WebBrowserSink", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.WindowsHelper", plus associated values.
References to the file "comet.dll" at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\.
References to the file "comet.dll" at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\.
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\".
Delete the registry key "{1678F7E1-C422-11D0-AD7D-00400515CAAA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
Delete the registry key "{96DA5BEE-4ACC-476C-B3EC-54C6730C4293}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IActiveWindow" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IBHO1" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IBrowserAppProxy" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometBar" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometCursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometFrame" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometUIEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometWindow" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICS15Cursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSBHO" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSCollection" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSHost" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSEngine" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSIPDispatch" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSIPPacket" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IEvHandler" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFrameSink" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IHttpComm" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IMyBrowser1" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ISkinUI" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IWebBrowserSink" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IWindowProxy" as its default value data.
Delete the registry key "{1348E05A-21C7-4134-B4A4-3C12234FCA3F}" at "HKEY_CLASSES_ROOT\Interface\".
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IActiveWindowEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IBHOEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICSHostEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICSEngineEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometBarEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometFrameEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometUIEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IHttpCommEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ISkinUIEvents" as its default value data.
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_CLASSES_ROOT\CLSID\".
A key in HKEY_CLASSES_ROOT\ named "CometAppUtil.CometUIEvents", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ComUtil.FCParam", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ComUtil.FctCall", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.ContextProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.ContextProxyMgr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.CSRegExp", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.URLContextParser", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBRange.ByteRange", plus associated values.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "URLContextParser Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ByteRange Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ContextProxyMgr Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "CSRegExp Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "Comet Cursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "CometUIEvents Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ContextProxy Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "FCParam Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "FctCall Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFCParam" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometToolbar" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IURLContextParserEventTrigger" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IIEBandEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IURLContextParser" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IHorizontalIEBand" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IByteRangeEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IURLContextParserEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IByteRange" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFctCall" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IContextProxy" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IHorizontalIEBandEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IVerticalIEBand" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IContextProxyEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSRegExp" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IContextProxyMgr" as its default value data.
Delete the registry key "{D14D6786-9B65-11D3-80B6-00500487BDBA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{C09FB84D-B9ED-43EB-AFED-F145C26CB839}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{BFA2C963-FC24-4770-8C19-0D5A1CD58DF9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{BF986691-7F7B-4F94-85E0-20E75350701F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{878ACE1B-8DB0-4D75-9034-504756AD4215}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{7F0F5D9A-84CB-11D4-8137-00500487B1C5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{74232635-A013-49F2-B869-1B1AB932D944}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3F4386E5-2FBE-44A8-81CF-4B792490605F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{07FA131E-2EB2-446F-93D2-9F877320010B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{062EFA78-8BBB-11D3-80D0-00500487B1C5}" at "HKEY_CLASSES_ROOT\TypeLib\".
If Comet Cursors uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer).
Please remove Browser Helpers named "CSBHO".
Look for ActiveX software installed from "files.cc.cometsystems.com".
Look for ActiveX software installed from "files.cometsystems.com".
Please check your bookmarks for links to "cometsystems".
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
tracking
Description:
I couldn't review the privacy statement for 4.0 because I got a 404 (File not found error). According to http://and.doxdesk.com/parasite/CometCursor.html , Comet Systems tracks what websites using Comet Cursors you visit.
Supposed Functionality:
Cursors add-ons for Internet Explorer
Links (be careful!):
Website: http://www.cometcursors.com/
Privacy: http://www.cometsystems.com/privacy/introduction.html
Removal Instructions:
Desktop:
Please remove the following files from your desktop.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
Shortcuts named "Comet Cursor.lnk" and pointing to "<$PROGRAMFILES>\Comet Systems\Platform\Bin\comet.exe".
Shortcuts that include "comet\bin\comet.exe" in the target they point to.
Start Menu:
Please remove the following items from your start menu.
To check where they are pointing to, right-click them and choose "Properties" from the context menu appearing.
Items named "Comet Cursor.lnk" and pointing to "<$PROGRAMFILES>\Comet Systems\Platform\Bin\comet.exe".
Items that include "comet\bin\comet.exe" in the target they point to.
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries pointing to "comet\bin\comet.exe".
Entries pointing to "COMETS~1\DM\bin\dmserver.exe /onreboot".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "CC2K".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$SYSDIR>\comet.dll".
The file at "<$PROGRAMFILES>\COMETS~1\DM\bin\dmserver.exe /onreboot".
Make sure you set your file manager to display hidden and system files. If Comet Cursors uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$PROGRAMFILES>\Comet Systems".
The directory at "<$SYSDIR>\Comet".
The directory at "<$PROGRAMFILES>\Comet".
Make sure you set your file manager to display hidden and system files. If Comet Cursors uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "COMETKEY" at "HKEY_USERS\.DEFAULT\Software\Microsoft\Cryptography\UserKeys\".
Delete the registry key "Comet Systems" at "HKEY_LOCAL_MACHINE\Software\".
A key in HKEY_CLASSES_ROOT\ named "BHO.CSBHO", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CometIEToolbar.CometToolbar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BrowserAppProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometCursor", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BHO1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.BinXml", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CS15Cursor", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.FileInfo", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometFrame", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.HttpComm", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.MyBrowser1", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.System", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometUIEvents", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.SelfUpdater", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.CometWindow", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "Core.WindowProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBand.VerticalIEBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBand.HorizontalIEBand", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.EvHandler", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.CSEngine", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSEng.CSHost", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSCtb.CTB", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSCollection", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSIPDispatch", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSIP.CSIPPacket", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.ActiveWindow", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.CometBar", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.FrameSink", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.CSkinUI", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.WebBrowserSink", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "SkinUI.WindowsHelper", plus associated values.
References to the file "comet.dll" at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\.
References to the file "comet.dll" at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\.
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\".
Delete the registry key "{1678F7E1-C422-11D0-AD7D-00400515CAAA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
Delete the registry key "{96DA5BEE-4ACC-476C-B3EC-54C6730C4293}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\".
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IActiveWindow" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IBHO1" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IBrowserAppProxy" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometBar" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometCursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometFrame" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometUIEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometWindow" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICS15Cursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSBHO" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSCollection" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSHost" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSEngine" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSIPDispatch" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSIPPacket" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IEvHandler" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFrameSink" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IHttpComm" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IMyBrowser1" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ISkinUI" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IWebBrowserSink" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IWindowProxy" as its default value data.
Delete the registry key "{1348E05A-21C7-4134-B4A4-3C12234FCA3F}" at "HKEY_CLASSES_ROOT\Interface\".
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IActiveWindowEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IBHOEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICSHostEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICSEngineEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometBarEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometFrameEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ICometUIEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IHttpCommEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_ISkinUIEvents" as its default value data.
Delete the registry key "{D14D6793-9B65-11D3-80B6-00500487BDBA}" at "HKEY_CLASSES_ROOT\CLSID\".
A key in HKEY_CLASSES_ROOT\ named "CometAppUtil.CometUIEvents", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ComUtil.FCParam", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ComUtil.FctCall", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.ContextProxy", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.ContextProxyMgr", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.CSRegExp", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "ContextParser.URLContextParser", plus associated values.
A key in HKEY_CLASSES_ROOT\ named "CSBRange.ByteRange", plus associated values.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "URLContextParser Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ByteRange Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ContextProxyMgr Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "CSRegExp Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "Comet Cursor" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "CometUIEvents Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "ContextProxy Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "FCParam Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\CLSID\ that has "FctCall Class" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFCParam" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICometToolbar" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IURLContextParserEventTrigger" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IIEBandEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IURLContextParser" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IHorizontalIEBand" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IByteRangeEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IURLContextParserEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IByteRange" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IFctCall" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IContextProxy" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IHorizontalIEBandEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IVerticalIEBand" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "_IContextProxyEvents" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "ICSRegExp" as its default value data.
A key with a likely random name in HKEY_CLASSES_ROOT\Interfaces\ that has "IContextProxyMgr" as its default value data.
Delete the registry key "{D14D6786-9B65-11D3-80B6-00500487BDBA}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{C09FB84D-B9ED-43EB-AFED-F145C26CB839}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{BFA2C963-FC24-4770-8C19-0D5A1CD58DF9}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{BF986691-7F7B-4F94-85E0-20E75350701F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{878ACE1B-8DB0-4D75-9034-504756AD4215}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{7F0F5D9A-84CB-11D4-8137-00500487B1C5}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{74232635-A013-49F2-B869-1B1AB932D944}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{3F4386E5-2FBE-44A8-81CF-4B792490605F}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{07FA131E-2EB2-446F-93D2-9F877320010B}" at "HKEY_CLASSES_ROOT\TypeLib\".
Delete the registry key "{062EFA78-8BBB-11D3-80D0-00500487B1C5}" at "HKEY_CLASSES_ROOT\TypeLib\".
If Comet Cursors uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
The following browser plugins or items can either be removed directly in your browser, or through the help of e.g. Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer).
Please remove Browser Helpers named "CSBHO".
Look for ActiveX software installed from "files.cc.cometsystems.com".
Look for ActiveX software installed from "files.cometsystems.com".
Please check your bookmarks for links to "cometsystems".
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.