Hello!
Why doesn't Symantec detect Cursor Mania ? It can be successfully installed very easily with no warning . What disturbs me more is the fact that Download Insight marks it as SAFE.
Check for it in Google.
I have submitted the file to Symantec Security Response - the installer . Please , check it
Track #13720554
[edit: Clarified subject.]
3GUSER wrote:Hello!
Why doesn't Symantec detect Cursor Mania ? It can be successfully installed very easily with no warning . What disturbs me more is the fact that Download Insight marks it as SAFE.
Check for it in Google.
I have submitted the file to Symantec Security Response - the installer . Please , check it
Track #13720554
[edit: Clarified subject.]
Message Edited by shannons on 11-21-2009 03:37 AM
We're just volunteers here and not in position to check anything with Symantec Security Response. How long ago did you submit it? There are two checks: an automatic one using software; and an in-depth one by a human team. If this is malware, it will take longer, both to validate and to develop a signature for.
New malware come along using the same name and basic behavior as previous versions (I guess you could think of it as updates) changing only enough of the code to be unrecognizable to signature-detection filters.
More surprising is that it didn't get detected heuristically. I am guessing that you actually installed Cursor Mania on your machine and had an up-to-date NIS or NAV product on your machine at the same time? Am I right that this is what happened?
Hello mijcar !
I appreciate your response.
I posted the track number because I know that Symantec employees do visit the forum from time to time.
Cursor Mania is well known old adware - MyWebSearch , just Google it and you'll see.
More surprising is that it didn't get detected heuristically. I am guessing that you actually installed Cursor Mania on your machine and had an up-to-date NIS or NAV product on your machine at the same time? Am I right that this is what happened?
I've got Norton 2010 on my computer and I downloaded the install file on my computer - it is not detected . Visiting the site it tries to install itself , still not detected . I haven't installed it on my own computers but on Wednesday I installed Norton IS 2010 on a client's computer who had installed Cursor Mania. A full scan says nothing found (except from cookies) . No reaction from SONAR2 . I had to manually uninstall it and clean leftovers with MBAM.
I am just asking because it is like an adware but most AV vendors detect this as a riskware
It might not be a virus or typical trojan but it should be known. Just type "Cursor Mania" in Google and you'll see.
Hello!
Why doesn't Symantec detect Cursor Mania ? It can be successfully installed very easily with no warning . What disturbs me more is the fact that Download Insight marks it as SAFE.
Check for it in Google.
I have submitted the file to Symantec Security Response - the installer . Please , check it
Track #13720554
[edit: Clarified subject.]
3GUSER wrote:Hello mijcar !
I appreciate your response.
I posted the track number because I know that Symantec employees do visit the forum from time to time.
Cursor Mania is well known old adware - MyWebSearch , just Google it and you'll see.
More surprising is that it didn't get detected heuristically. I am guessing that you actually installed Cursor Mania on your machine and had an up-to-date NIS or NAV product on your machine at the same time? Am I right that this is what happened?
I've got Norton 2010 on my computer and I downloaded the install file on my computer - it is not detected . Visiting the site it tries to install itself , still not detected . I haven't installed it on my own computers but on Wednesday I installed Norton IS 2010 on a client's computer who had installed Cursor Mania. A full scan says nothing found (except from cookies) . No reaction from SONAR2 . I had to manually uninstall it and clean leftovers with MBAM.
I am just asking because it is like an adware but most AV vendors detect this as a riskware
It might not be a virus or typical trojan but it should be known. Just type "Cursor Mania" in Google and you'll see.
Message Edited by 3GUSER on 11-21-2009 08:20 AM
Hi, 3G,
I have encountered Cursor Mania in the past. My memory is that it was a pain-and-a-half to remove.
If nothing else, it should be in the category of unwanted nuisanceware.
There is, of course, the possibility that NAV would detect it if it started "misbehaving"; but that once installed, it would not be detected by a subsequent installation of NAV. I simply don't know.
Yes, staffers do constantly browse here, so there is a chance some will read your post and also a chance (smaller) that one will respond to it. 
Hi! All,
Pardon the interruption. I have research the malware Cursor Mania and have found only two security programs that have any success of detecting and cleaning the malware. The two programs are Ad-Aware and MalwareBytes Antimalware; I have noted that the poster used MalwareBytes to clean the infection of a client's system. I have used both programs and each one found and cleaned the Cursor Mania malware off of the system; the only catch is that the malware was detected in different areas on the system. A more sophisticated version can hijack the user's browser and change the home page to the My Web Search site. Isn't it nice that malware can be a browser hijacker and a nuisance.
IIt installs a toolbar often , changes the search engine , changes the homepage . No , I don’t think it is difficult to remove , quite the contrary - it is very easy to me. But the problem is that it is not detected after NIS 2010 installation
3GUSER wrote:
IIt installs a toolbar often , changes the search engine , changes the homepage . No , I don't think it is difficult to remove , quite the contrary - it is very easy to me. But the problem is that it is not detected after NIS 2010 installation
The behavior described is more than nuisanceware; it is malware behavior. 3G, you are right that Norton should be detecting it. My guess is that this is a new variant with different coding and that Symantec will be releasing signatures for it soon <fingers crossed>. However, the behavior of modifying browsers is so typical of malware that I am surprised NIS2010 heuristics wouldn't come up with anything.
I would be interested in a report of the Norton response when Norton is on the machine first and then Cursor Mania is installed. But I can't ask anyone to put themselves in the line of fire like that.
Oh , OK , I’ll run it and will report back
3GUSER wrote:
Oh , OK , I'll run it and will report back
Auugh! Are you sure?
I'd at least give Symantec sufficient time to analyze the sample you sent them.
Here I am - back .
Installed it and then it was a complete disaster. It installs itself as :
- a service
- two BHOs
- changes search engine
- changes home page
- redirects other searches
- installs a My Web Search toolbar
Additionally , it displays fake pop-ups with misleading information. It also installs a Trojan Vundo.
MBAM removed 236 traces (files and registry entires) of this crap.
The onliest good is that now Download Insight reports this yellow . A few days ago it was green SAFE.
The worst was that I decided to run System Restore (to a manual restore point I created just before launching the malware) . At first I couldn't . Then I disabled NAV's tamper protection and AutoProtect , ran System Restore . It was a successful one but NAV reported itself corrupted and ran an aumatic fix - total re-update of itself and auto-enabling all protections. All is fine now.
Although it is easy to remove , Symantec must change their attitude to cursormania.com and detect this file .
