Have I been hacked?
Page 1 of 3 123 LastLast
Results 1 to 10 of 28

Thread: Have I been hacked?

  1. #1
    Member
    Join Date
    May 2006
    Posts
    44

    Have I been hacked?

    Me again, another mystery:

    I have a file called Layout.ini that appeared at 4:06 this am under user Administrator - Administrator is only accessible in my XP through safe mode. The first line is OptimalLayoutFile and it lists pages and pages of exe files...A Google search provides REALLY confusing info, can anyone help?

  2. #2
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    Hi

    Your not being hacked...it's your system doing what is normally called "Prefetch" of files:

    The operating system keeps a log of which files are needed at application start up and which data files are typically used (for example, a certain spreadsheet that is regularly used when Excel is booted). When the app is started, Windows XP looks at this list of files and seeks all of them at once. In so doing, it can consolidate disk seeks optimally and reduce head movement. So rather than thrashing the disk, application launch process now minimizes disk seeks.

    To enhance this process further, Windows XP will moves the files around on your disk during lulls in computing activity. For example, it will reposition all files used in starting up your favorite browser and place them in contiguous blocks on the disk. This way, in just a few disk seeks, the entire application can be loaded. And to reduce head seeks even more, it places these blocks as much as possible on the outermost sectors of the disk, so that the heads have to travel as little as possible.


    Layout.ini is what keeps track of this....
    XP keeps track of files used by every application. After several launches
    of the same application, it has some sense of what files are required.
    Thereafter, it uses an algorithm that says, basically, if a file has not
    been used in the last six launches, it is marked for removal; if a file has
    been used in the last two launches, it's marked for inclusion. Then based
    on these notations, Windows XP determines which files need to be brought
    into the block, and which ones moved out. When this move will take place
    depends on several factors, such as how recently files were moved for this
    application, and when the machine is available? Consistent with the idea
    that disk activity should not interfere with performance, Windows XP won't
    move the application files unless there has been no user-initiated I/O
    activity for 13 minutes. Microsoft presumes this means the user is away
    from the machine. It then begins migrating the files to the optimal place
    on the disk.
    Whatever you do, do not delete this file, can be a pain to recreate....

    Windows

    Info on Prefetch
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  3. #3
    My first guess would be that the system was rebooted at the file modification time. Perhaps the disk was defragged. This file is used by XP's prefetch system to "index" applications and their files.

    www.edbott.com/weblog/archives/000024.html

    and it looks like by default windows updates that layout.ini file every three days. Look at the following link, under Disk Efficiency Optimizations
    www.microsoft.com/whdc/system/sysperf/benchmark.mspx

  4. #4
    Member
    Join Date
    May 2006
    Posts
    44
    Okay, that helps. But why did it occur under Administrator? I've never seen that before and I check daily. Is it an automatic process - not user-initiated?

  5. #5
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    afaik..the Admin account is all powerfull...hence can backup settings from other accounts.

    If it doesnt run as admin it would not have the needed permissions to access all the files and folders, settings on the disk....

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  6. #6
    Member
    Join Date
    May 2006
    Posts
    44
    morganlefay - does it run automatically?

  7. #7
    The ******* Shadow dalek's Avatar
    Join Date
    Sep 2005
    Posts
    1,564
    It will if the Task Scheduler has the setting's set to run at a time specified by the user.

    Task Scheduler

    User Profiles


    Luck
    PC Registered user # 2,336,789,457...

    "When the water reaches the upper level, follow the rats."
    Claude Swanson

  8. #8
    Member
    Join Date
    May 2006
    Posts
    44
    Scheduled Tasks shows only Easy Internet Signup - I'll check all users and come back this pm - by the way - thank you!

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Why on earth is "Easy Internet Signup" a scheduled task?

    Jennifer, scheduled tasks run at the same security level as the administrator... Thus they can do anything they like. If you right click the task you can select properties. Please tell me what it says it runs on this schedule...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    morganlefay - does it run automatically?
    AFAIK....it is part of the way the operating system functions...so it is automatic...created by the system...not sure if it is a configurable option

    I have this file in my c:\windows\prefetch directory....not in my admin profile....but I am also running XP Pro...not home

    Tiger is right....why would easy internet setup be scheduled????

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides