Results 1 to 9 of 9

Thread: Whats this all mean???

  1. #1
    Senior Member
    Join Date
    Jul 2002
    Posts
    229

    Post Whats this all mean???

    My dad printed this out and handed this three page part of a cookie file that he claimed had some trojan-like characteristics and said to me... "See if you can make anything of this."
    He told me that it was a cookie file that he thought was putting porn websites into his history folder. (Ya I know what your thinking and it wasn't me ) He also said that once he got rid of it, the problem stopped...
    So when I looked at the document he handed me I said to myself "This looks like some sort of binary lingo... but thats only with 1's and 0's...hmmm."
    So here's a bit of what it said... about half the first page, maybe you guys might be able to make something of it. I thought that it was somewhat interesting...

    family@hg1. hitbox[2]
    WE590915MAMNV6
    V1Bi (# long lines of random letters)
    hg1.hitbox.com/
    1024
    2287398912
    29596453
    117357712
    29523028
    *
    FLUSH 1
    /
    hgl.hitbox.com/
    1024
    861107712
    29523028
    117507712
    29523028
    *
    FLUSH 2
    /
    same thing as FLUSH 1 for 19 of those "FLUSHES" and then it ends... weird.

    But ya know, any feedback is greatly appreciated as usual...
    --Peace l
    The real question is not whether peace can be obtained, but whether or not mankind is mature enough for it...

  2. #2
    Senior Member ShippMA's Avatar
    Join Date
    Oct 2002
    Posts
    165
    I don't know what it means, but you could try going to hitbox.com and seeing what kind of a site it is. If it seems to be a company site or somewhere that you would normally trust, just emailing them the file and asking what it was might get some answers, (i just went there and it said currently closed for updating or something). If however it is a porn site then your dad may be correct.
    www.simpleits.co.uk
    www.tazforum.**********.com
    Google is god ....... of the Internet

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Could be alot of things, anything from a website trying to track how you surf their site, to a piece of spyware that you may have unwittingly installed. I suggest you make sure you have the latest AV signatures for whatever product you are trying to use and a good spyware killer (search around the forums, there are tons of posts about them (and with that said, I really don't remember any of the ones mentioned). On first glance though, I would suspect it would be a website either tracking how you visit the site, or trying to track how many times you saw a certain person's advertisements...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Banned
    Join Date
    Jul 2002
    Posts
    877
    It looks kinda like hex.....
    Im to sleepy to see if it is or something else....

    Hexadecimal is like:
    0, 1, 2, 3, 4, 5, 6, 7, 8, 9, a, b, c, d, e, f, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 1a, 1b, 1c, 1d, 1e, 1f, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29,...... and blah blah

    Or maybe binary or a mixture of both...
    0001, 0010, (ect)

    Your much better off if you go to windows explorer then check the temp. internet files for what the time and date the cookie was received and what URL it came from that way you'll atleast know where it came from and when you got it.

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    to a piece of spyware that you may have unwittingly installed.
    I would agree with this. We block porn sites on our WAN and recently we noticed several computers at different locations were trying to access porn sites. These visits appeared to be automated, attempting to hit a site several times quickly and after not making connection trying another site.

    We tested a spyware detection program called Pest Patrol and after using it to clean several machines the porn site access attempts stopped for those PC's. We have since purchased the Enterprise audit version and have finished cleaning the remaining machines that were trying to access the sites.

    You can download a trial version of the software and see if it helps with your problem.

    http://www.pestpatrol.com/

    Some of the more common hijackers that can make connections to porn sites behing your back are:

    AllCyberSearch
    Cool-XXX
    Duolaimi
    IStartHere
    NetzAny
    PassThisOn
    RocketSearch
    SuperSexPass
    UnderageHost

    Good luck
    John
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    A cookie does not execute any program, doesn't force popups to appear all of a sudden on just any website and sure isn't a trojan! I sincerely don't think that cookie has put porn sites in his history folder! If porn sites appeared in his history folder it's cause HE surfed there!

    All a cookie does is store some information on your computer that the sites reads when you surf back on that site. The worst a cookie can do is trace how many times you visited a website, when, where you came from etc... The cookie scare is a bit exagerated in my mind.

    See hitbox is an analytic service, http://www.hitbox.com/, not much to worry about.
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    hit box it a company much like doubleclick. you don't have to surf anywhere in particular to get one of their cookies. they use banners or one pixel transparent gifs (when the webmaster doesn't want to give his visitors a bad impression). the gifs load off of a third party server, in this case hitbox's, they place the cookie. hitbox does 'market research', in other words they survey you without your permission. watch where you go and what you do while your there.

    1024
    2287398912
    29596453
    117357712
    29523028

    i dont know what the flush means its jave script that runs server side but i forgot, but the first 2 lines of the number say when and where you got the cookie, the last 2 lines identify who you are. each instance is another time they got you. these are the worst kind of cookies. put ie6 service pack1 on his machine, it will give you a security warning and in some cases refuse this type of cookie and just tell you it did. these adservers are spread throughout the net. if you register for a newsletter or an account at a site thats in it for the money (most) they can put this number to a name. You've been profiled and can now be targeted for specific types of ads and none of them have to be moral or ethical.

    if you have any doubt of this, try installing bugnosis from www.bugnosis.org it free. they're associated with privacy.org. it will make all the "web bugs as they are called, visable and tell you where their coming from. you'll never see the web the same again.

    Scorp666 fyi, if you surf to a site that loads a banner from a porn site, your history file will show its address even if you wern't actually there.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  8. #8
    Senior Member
    Join Date
    Apr 2002
    Posts
    380
    You are right on the history part Tedob. Still that cookie sure isn't a trojan and saying it is spyware is a stretch in my mind... Mainly what it does is display ads you are more likely to click, there is nothing illegal about that. The best way to avoid ads is to use an ad-stopper.

    There are many available on the net, so far I found that the best one comes with Agnitum Outpost. I very rarely see ads or popups. It kills them based on url and size.
    [shadow]Scorp666, the Infamous Orgasmatron[/shadow]

  9. #9
    Senior Member
    Join Date
    Oct 2002
    Posts
    112
    I would like to clarify that I was not suggesting that the cookie was spyware if anyone got that impression. I was responding to the access to the porn sites which were the mystery. If no one was surfing porn on the PC (or admitting to it) there is no harm in checking to see if there is any software of that type installed on the PC.
    If you receive something that says \'Send this to everyone you know,\' pretend you don\'t know me.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •