-
November 8th, 2002, 02:27 AM
#1
Whats this all mean???
My dad printed this out and handed this three page part of a cookie file that he claimed had some trojan-like characteristics and said to me... "See if you can make anything of this."
He told me that it was a cookie file that he thought was putting porn websites into his history folder. (Ya I know what your thinking and it wasn't me ) He also said that once he got rid of it, the problem stopped...
So when I looked at the document he handed me I said to myself "This looks like some sort of binary lingo... but thats only with 1's and 0's...hmmm."
So here's a bit of what it said... about half the first page, maybe you guys might be able to make something of it. I thought that it was somewhat interesting...
family@hg1. hitbox[2]
WE590915MAMNV6
V1Bi (# long lines of random letters)
hg1.hitbox.com/
1024
2287398912
29596453
117357712
29523028
*
FLUSH 1
/
hgl.hitbox.com/
1024
861107712
29523028
117507712
29523028
*
FLUSH 2
/
same thing as FLUSH 1 for 19 of those "FLUSHES" and then it ends... weird.
But ya know, any feedback is greatly appreciated as usual...
--Peace l
The real question is not whether peace can be obtained, but whether or not mankind is mature enough for it...
-
November 8th, 2002, 03:04 AM
#2
I don't know what it means, but you could try going to hitbox.com and seeing what kind of a site it is. If it seems to be a company site or somewhere that you would normally trust, just emailing them the file and asking what it was might get some answers, (i just went there and it said currently closed for updating or something). If however it is a porn site then your dad may be correct.
-
November 8th, 2002, 03:33 AM
#3
Could be alot of things, anything from a website trying to track how you surf their site, to a piece of spyware that you may have unwittingly installed. I suggest you make sure you have the latest AV signatures for whatever product you are trying to use and a good spyware killer (search around the forums, there are tons of posts about them (and with that said, I really don't remember any of the ones mentioned). On first glance though, I would suspect it would be a website either tracking how you visit the site, or trying to track how many times you saw a certain person's advertisements...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
November 8th, 2002, 03:53 AM
#4
It looks kinda like hex.....
Im to sleepy to see if it is or something else....
Hexadecimal is like:
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1a, 1b, 1c, 1d, 1e, 1f, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29,...... and blah blah
Or maybe binary or a mixture of both...
0001, 0010, (ect)
Your much better off if you go to windows explorer then check the temp. internet files for what the time and date the cookie was received and what URL it came from that way you'll atleast know where it came from and when you got it.
-
November 8th, 2002, 04:15 AM
#5
to a piece of spyware that you may have unwittingly installed.
I would agree with this. We block porn sites on our WAN and recently we noticed several computers at different locations were trying to access porn sites. These visits appeared to be automated, attempting to hit a site several times quickly and after not making connection trying another site.
We tested a spyware detection program called Pest Patrol and after using it to clean several machines the porn site access attempts stopped for those PC's. We have since purchased the Enterprise audit version and have finished cleaning the remaining machines that were trying to access the sites.
You can download a trial version of the software and see if it helps with your problem.
http://www.pestpatrol.com/
Some of the more common hijackers that can make connections to porn sites behing your back are:
AllCyberSearch
Cool-XXX
Duolaimi
IStartHere
NetzAny
PassThisOn
RocketSearch
SuperSexPass
UnderageHost
Good luck
John
If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.
-
November 8th, 2002, 04:21 AM
#6
-
November 8th, 2002, 04:44 AM
#7
hit box it a company much like doubleclick. you don't have to surf anywhere in particular to get one of their cookies. they use banners or one pixel transparent gifs (when the webmaster doesn't want to give his visitors a bad impression). the gifs load off of a third party server, in this case hitbox's, they place the cookie. hitbox does 'market research', in other words they survey you without your permission. watch where you go and what you do while your there.
1024
2287398912
29596453
117357712
29523028
i dont know what the flush means its jave script that runs server side but i forgot, but the first 2 lines of the number say when and where you got the cookie, the last 2 lines identify who you are. each instance is another time they got you. these are the worst kind of cookies. put ie6 service pack1 on his machine, it will give you a security warning and in some cases refuse this type of cookie and just tell you it did. these adservers are spread throughout the net. if you register for a newsletter or an account at a site thats in it for the money (most) they can put this number to a name. You've been profiled and can now be targeted for specific types of ads and none of them have to be moral or ethical.
if you have any doubt of this, try installing bugnosis from www.bugnosis.org it free. they're associated with privacy.org. it will make all the "web bugs as they are called, visable and tell you where their coming from. you'll never see the web the same again.
Scorp666 fyi, if you surf to a site that loads a banner from a porn site, your history file will show its address even if you wern't actually there.
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
November 8th, 2002, 05:19 AM
#8
-
November 8th, 2002, 05:49 AM
#9
I would like to clarify that I was not suggesting that the cookie was spyware if anyone got that impression. I was responding to the access to the porn sites which were the mystery. If no one was surfing porn on the PC (or admitting to it) there is no harm in checking to see if there is any software of that type installed on the PC.
If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|