Avoiding mouse cursor viruses

Log-in or register.

How to avoid a cursor virus

Since you are reading this page, you have probably heard that using a custom mouse cursor may infect your computer with malware. While there is a small danger associated with actual cursor files (discussed later), the real danger lays in malicious web sites that pretend to offer custom cursors, but their real agenda is different.

There are 3 simple rules that will protect you from malware disguised as cursors:

  1. Only download cursors from trustworthy sites. When you asses a web site, do not ask its owner whether it is safe - the answer will always be yes and you will learn nothing. Instead ask elsewhere on the web or search for "site name" and "virus", "adware" or "malware" on Google. Be aware that web sites and their owners and policies may change in time - always be alert.
  2. Never run or install anything when downloading cursors. Cursors are data files, not applications. While there may be applications that simplify cursor changing, these are optional and should never be bundled with the actual cursors.
  3. Keep your computer updated. The single known vulnerability related to animated cursors was fixed years ago, but if a new one is discovered and fixed, you want to have the fix as soon as possible.

Concrete dangers associated with mouse cursors

While following the above rules is enough to protect yourself, it never hurts to learn more details. Here they come.

.CUR and .ANI files

First, let's look at the standard Windows cursor files. There are 2 kinds: normal cursors (with .cur extension) and animated cursors (with .ani extension).

These cursor files are data files, similarly as .png or .jpg images or e-books. Data files are usually safe - you can download and copy them around without fear. They can only be dangerous indirectly - when the application that uses the files contains an exploitable security hole. There used to be a security hole in Windows, but it has been fixed years ago. Keeping your Windows updated takes care of this problem.

Let me say a few words about anti-virus software. When the security problem with .ani files in Windows was published years ago, anti-virus manufacturers updated their products to recognize the suspicious .ani files. Some of then did a very sloppy job and valid .ani files were incorrectly flagged as viruses. If your anti-virus software warns you about an .ani file, open it in RealWorld Cursor Editor and re-save it. If the warning does not go away, contact your anti-virus provider and report this "false positive" to them.

.ZIP or .RAR files

.zip or .rar files are compressed archives containing multiple files. Before these files can be used, they must be extracted to a folder. These archives should contain .cur or .ani files and possibly some accompanying files. Focus on the .ani and .cur files, be suspicious about the other files - never run any applications that were extracted together with the cursors. Some archives may contain an .inf file that can help you install and activate the cursor files. Although the .inf file may be very handy, it can also be very dangerous. I would not recommend you to use it if it came from a untrustworthy source.

Other kinds of files

This is where the real danger lays. There are malicious web sites that pretend to offer custom mouse cursors, but instead attempt to install malware or adware on the computers of their unsuspecting visitors.

Fortunately, protecting from these kind of attacks is not hard. Use an updated web browser. Never "run" or "install" anything. Always look for .cur or .ani file (or .zip archives) and "save" them when asked (activate them via Control Panel or a specialized tool). If a web site does not offer you to download .cur or .ani files directly (or indirectly in a .zip file) and instead forces you to install something, leave as quickly as possible.

How trustworthy is a web site?

Assessing the level of trustworthiness of a web site is not trivial. Looks can be deceiving.

Positive factors:

  • Age of a web site.
  • Amount of content.
  • Consistent look and feel of the web site.
  • Owner can be easily contacted.

Negative factors:

  • Too many ads.
  • Promises something that is too good to be true.
  • Searching for the site name and "virus", "adware", "spyware" or "malware" on Google brings too many warnings on more trustworthy sites.

Recent comments

- show all comments
user icon Anonymous on September 20th

this site says not secure on google lol. how am i supposed to believe anything it says. They really should go https://rw.designer.com/cursor-virus

uwu

owo

user icon Anonymous on September 25th

That's because the website doesn't have a certify, any website that doesn't have a certify will be qualified as "Not Safe" for any browser. However, it depends of you, to decide if the website is trustworthy or not.

Back to my opinion to this article, thanks! There are many websites out there that aren't what they actually seem to look. All of them try to get your information ("spyware") and others just want to give you viruses or make you install software that isn't even necessary.

I am very glad that this website is trustworthy and there are no viruses out there.

user icon Anonymous on September 29th

Now Google only has some issues. :-o

user icon Anonymous on November 3rd

The early 2000s vibe form this website is kinda sus but I'm chillin with my Among Us cursor. I've ran multiple AV scans and things are good so far.

user icon Anonymous on November 20th

Hmm.. Yeah the site does seem old style. |-) :-o

user icon Anonymous on November 21st

so .cur is safe?

user icon Anonymous on November 24th

8-) 8-) 8-) 8-) |-) |-) |-) |-) |-) |-) |-) |-) |-) |-) :-D :-D :-D :-D :-D :-D :-D :-( :-( :-( :-( :-( :-) :-) :-) :-) :-) :-) ;-) ;-) ;-) ;-) ;-) ;-) ;-) ;-)

user icon Anonymous on November 25th

is the cursors safe to use?

user icon Anonymous on November 28th

This synthwave cursor is AMAZING so far!!!!!! :-D

user icon Anonymous yesterday

Ok So On Chrome There Is "Custom Cursor" But It Works On Chrome And It's Not Harmful, BUT They Made A Windows 10 Version Can Someone Use A Virtual Machine And See What It Does

Farewell -A Windows User

Ok I Found Out That It's A MSI So It A VIrus

user icon Anonymous
Vista & Win 7 icons
I wish there were...
What about ICL files?