The Really Hidden Files...

[prodikal]

thank`s for the info tim axe but couldnt u just tweek the file`s in your registery so they wont store stuff just a thought

[LoggOff]

like lench says, copy it, but if you wanna do your dirtys then copy the files before they are used, then copy the clean ones back after there dirty. sure it shouts out that you did it cause it says you havent accesed that resource at all (like get them right off a fresh install) but in todays society lack of evidence isnt evidence.......... oh well

also if you use a 3rd party partitioner itll get rid of them probly (install linux, it dosnt use M$ to format anything and even goes over the MBR as well)

[R3zn0r]

Bill gates sucks, its obvious that they are recording our doing and so on, Why? for marketing of course, they'll check out where we go and sell on the info, you know what them coporate bastards are like...

[RadG]

Originally posted here by hellbringer87
haha well they probably have access to all our Hotmail and MSN accounts...they might read those...

They wouldn't want to read all of the spam that gets sent to those accounts. Unless they are the ones that sign us up for e-mail lists on pornography and the such.

[darkes]

The approach I use on my PC at home to remove IE history & index files is to run this bat file from time to time.

del "C:\windows\tempor~1\content.ie5\index.dat"
del "C:\windows\history\history.ie5\index.dat"
deltree "C:\windows\tempor~1\content.ie5"
deltree "C:\windows\history\history.ie5"
deltree "C:\windows\temp" /y
md "C:\windows\temp"

I’m sure this could be improved, but it seems to do the basics !

This has to be run in safe mode or under "MS-DOS mode". As my PC at home still runs Windows98 I have an icon on the desktop which executes this batch file, but with the option checked to make it run in MS-DOS mode. So the PC reboots, runs the batch file, and reboots again at the end to restart Windows.

If you are worried about your email folders, just find the originals (*.dbx for Outlook express for example, and browse them using notepad etc. to see what they contain.) If there is nothing you want to keep then you can delete the inbox & deleted items folders, as they will be recreated when you restart your email software.

All the index.dat files get recreated at boot time, but I'm still not sure where some of the data comes from.

[Zadok0552]

I just want to give everyone some PRELIMINARY info. I decided to post now because there COULD be some problems with the recommendations in the download file:

I draw your attention to:

"3.5. KEEPING MICROSOFT'S PRODUCTS"
And then "If you insist on using Microsoft Internet Explorer then I strongly recommend
that you check out at least one of these programs:
PurgeIE (www.aandrc.com/purgeie)"


I was familiar with the other recommended programs, but not PurgeIE. I downloaded PurgIE from the above link. I use PestPatrol, which is a program like ad-aware (http://pestpatrol.com ). PestPatrol also supposedly finds trojans and keyloggers. I say SUPPOSEDLY because I don't 100% trust anything anymore.

However, here's the log info from Pestpatrol:

--------------------------------log begins----------------------------------------------------------

Pest Detected in c:\Program Files\PurgeIE\unins000.exe
Pest: WinSpy
Category: Key Logger
Description: From the doc: 'Want to find out what activities have done on your computer ? With @WinSpy, You can find out exactly what others have done on your computer , including what web sites they have been, what text, images, movies they have seen. and also what files they opened/saved, what kind of search they have done and what they ran at the start menu. Double click the displayed item will directly open or link to the file or the URL stored on your computer.' Commercial product from http://www.monitoring-spy-sof
Author: AceSoft
Release Date: 7/17/2002
User Action: deleted


Pest:
Category: Key Logger
Description: From the doc: 'Want to find out what activities have done on your computer ? With @WinSpy, You can find out exactly what others have done on your computer , including what web sites they have been, what text, images, movies they have seen. and also what files they opened/saved, what kind of search they have done and what they ran at the start menu. Double click the displayed item will directly open or link to the file or the URL stored on your computer.' Commercial product from http://www.monitoring-spy-sof
Author: AceSoft
Release Date: 7/17/2002
User Action: deleted

---------------------------------------------------log ends--------------------------------------------------

I don't want to raise an alarm here, I just think that if you are going to use a cookie and/or url eraser, then until I - or someone else here - can investigate and followup, then use one of the other programs.

[Zadok0552]

Followup:

I contacted the creator of PurgeIE. He has received another inquiry regarding this keylogger alert that I mentioned in my preceding post. He has double-checked the executables in the download archive files and they seem OK. This may very well be false positive, but we'll see.

Also, I have contacted PestPatrol's help desk and should get an answer within the next 24 hours.

I thought that a forum like this would be a good place to get help in tracking this type of thing down.

Thanks to all who can help.

[slarty]

Conspiracy theory or what? Of course no such log exists.

True, Windows modifes a lot of stuff all the time

It logs cookies (of course, otherwise what would be the point). It uses a cache (to speed things up). True, some URLs do sometimes creep into one or two other places, but it's not deliberate logging:

a) Even the logistics of gathering logging from everyone's PCs would be mind-boggling
b) If "they" wanted to log all the web pages you visited, they would bug your ISP as it's much easier and more reliable (like "they" can do here in the UK)
c) Even M$ aren't that stupid.

Perhaps you've recieved a knock on the head, or been abduced by aliens lately?

[darkes]

Originally posted here by slarty
Conspiracy theory or what? Of course no such log exists.

True, Windows modifes a lot of stuff all the time

It logs cookies (of course, otherwise what would be the point). It uses a cache (to speed things up). True, some URLs do sometimes creep into one or two other places, but it's not deliberate logging:

a) Even the logistics of gathering logging from everyone's PCs would be mind-boggling
b) If "they" wanted to log all the web pages you visited, they would bug your ISP as it's much easier and more reliable (like "they" can do here in the UK)
c) Even M$ aren't that stupid.

Perhaps you've recieved a knock on the head, or been abduced by aliens lately?

Agree with your comments, except it does seem a bit odd that some of these files cannot be seen from Windows. For example if you do a search for index.dat (using Start/Find), then it will show you some of them, but not others. Of course, if you try and delete any of them, it won't work, as Windows is actively using them.

The main reason I run my bat file from time to time is to tidy up my HDD.
In IE, if you have history set to 0 days, and delete temporary files on exit, it does remove these files if IE shuts down normally (although the index.dat files are not updated - they still contain pointers to things that no longer exist, which includes the name of any URL you visited). However, if IE crashes for any reason, then the history/temporay cache files for your last session are left on your HDD, and will never be removed unless you manually delete them.
Cookies are a slightly different issue, as with IE6/Netscape and/or various third party products, you can choose whether or not to accept cookies on a site by site basis.

[Noia]

Originally posted here by spirit909
whats really wierd is that even after you format -- they still stay there --

btw i have known this for around 2years so its old new..

the original guy that found it was a hacker - on a hacker forum

Um, I dono about AFTER a format, it might just be a 'virtual' file created by the Bios to stop the 0 file's problem... (Comp's can handel 0's most of the time)

- Noia