[Dshield] Fw: Microsoft's Super Hidden Files

Karen karenj at worldlynx.net
Thu Oct 24 02:43:12 GMT 2002


Microsoft's Super Hidden FilesDoes anyone on dshield use Microsoft?  Just in case, I'm forwarding this post from a friend of mine.
 
Karen

P.S.  Over the last two weeks or so, I think I've gotten over a hundred Zone Alarm alerts, most unusual for me.  Many from China, and Korea, and some of the strangest (using Neo Trace) seem to come from off shore (east coast) USA, and if I remember correctly they were registered to China or Korea, too!  Weird.  


http://netsecurity.about.com/library/weekly/aa020402a.htm





--------------------------------------------------------------------------------


        About > Computing & Technology > Internet/Network Security 
                
       Internet/Network Security 
     
                
           
         
           Search   
              in this topicon Abouton the Webin Products   
       with Apply Now Your Guide to one of hundreds of sites     
     
      Home · Articles · Forums · Chat · Classifieds · Newsletters     
                         
       Subjects 
                 
                     
                         
                          BUYER'S GUIDE 
                       
                         Before You Buy
                         Top Picks
                             
                               ·  Top Personal Firewalls 
                               ·  Top Firewall Appliances 
                               ·  Top Encryption Products 
                         Product Reviews
                       
                       
                       
                          ESSENTIALS 
                       


                  Biometrics
                  Cyberterrorism
                  Encryption Policy
                  Encryption Refs
                  Encryption Apps
                  General FAQs
                  General Security
                  Hacker Community
                  Hacking Reference
                  Hacker Tools
                  Hacking History
                  Linux Firewalls
                  Linux Security
                  Mac Security
                  Mac Security Apps
                  Newsgroups
                  NT Security Issues
                  NT Firewalls
                  Privacy Issues
                  Script Languages
                  Social Engineering
                  Steganography-Info
                  Stegano Apps Win
                  Unix Security
                  Unix Security Apps
                  Viruses
                  Windows Firewalls
                  Windows Software
                  Windows Security
                  WinXP Security

                  Subject Library 

                  All articles on this topic
                 
                 
           
           
              
                  Stay up-to-date!
                  Subscribe to our newsletter. 
                      

                  Advertising 
                  > Free Credit Report
                  > Free Psychics 
                 


           
      Microsoft's Super Hidden Files 
                 
            There are some files that defy detection on your computer
            This article started out to be about another topic, but when I discovered the information about these super hidden Microsoft files, I had to write about it. I suppose that many of you already know about these files but this was the first I heard about it and I figured that if I didn't know about them, many of you didn't either.

            Hidden on your computer are some files that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged. The file names and locations depend on what version of Internet Explorer you have. If you are running IE version 4.0 or above, the file name is "index.dat". If you are running or have ever run IE prior to version 4.0 there are two files. One is named Mm256.dat and the other is Mm2048.dat. Microsoft has not supplied an adequate explanation as to what these files are for or why they have been hidden so well.

            According to Microsoft, these files are used to cache visited Web sites to help speed up the loading of Web pages in Internet Explorer. Obviously this cannot be the case because when you clear the Temporary Internet Files the "index.dat" files remain behind and continue to grow. If you delete or clear the Temporary Internet Files, there is absolutely no need to index the URL cache because those files no longer exist.

            On a Windows 9x computer these files are located in the following locations:

            \WINDOWS\Cookies\index.dat
            \WINDOWS\History\index.dat
            \WINDOWS\Temporary Internet Files\index.dat
            \WINDOWS\Cookies\index.dat
            \WINDOWS\History\index.dat
            \WINDOWS\Temporary Internet Files\index.dat

            As I stated earlier, these files can be very hard to find. If you are in Windows, even with "Show hidden files and folders" enabled, these files are not visible and cannot be found if you do a search for these files. The reason that these files are so invisible is that they are not just hidden, they have been designated as "system" files. System files and folders are treated differently in DOS and Windows and are effectively cloaked from casual searches.

            I am currently running Windows XP Pro and since there is no underlying DOS core, these rules do not apply and therefore with "Show hidden files and folders" enabled, I can do a search on these files and find them with no trouble. In Windows XP there are several "index.dat" files in these locations:

            \Documents and Settings\Default User\Cookies\index.dat
            \Documents and Settings\Default User\Local Settings\History\History.IE5\index.dat
            \Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat
            \Documents and Settings\Default User.WINDOWS\Cookies\index.dat
            \Documents and Settings\Default User.WINDOWS\Local Settings\History\History.IE5\index.dat
            \Documents and Settings\Default User.WINDOWS\Local Settings\Temporary Internet Files\Content.IE5\index.dat
            \Documents and Settings\Bill\Application Data\Microsoft\Office\Recent\index.dat
            \Documents and Settings\Bill\Cookies\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012001123120020101\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012002010720020114\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012002011420020121\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012002012120020128\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012002012820020129\index.dat
            \Documents and Settings\Bill\Local Settings\History\History.IE5\MSHist012002012920020130\index.dat
            \Documents and Settings\Bill\Local Settings\Temporary Internet Files\Content.IE5\index.dat
            \Documents and Settings\Bill\UserData\index.dat

            There is a very detailed explanation of these files and how Microsoft has managed to hide them so well by a person who calls himself "The Riddler". He goes into great detail and provides a lot of information on these super hidden files.

            If having these files makes you feel paranoid (and who wouldn't) there is a good little program called "Spider" that can find these files and delete them for you. There is also another good program called PurgeIE that can find and delete these files. Spider is freeware, PurgeIE is shareware and can be registered for $14.95.

            Previous Features
           



      Email this page!

      
           

           


           
      
                          
     
         
     Explore More on the About Network!
                 
                        Related Sites 
                        Antivirus Software
                        Computer Networking
                        Electronic Commerce
                        Focus on Linux
                        Focus on Windows
                       
                 
           Awful Apnea 
                        Sleep Disorders Guide Florence Cardinal lists the symptoms and treatments for obstructive sleep apnea.
                       
                  France for Lovers 
                        Honeymoons Guide Susan Breslow Sardone helps you plan a romantic trip to France.
                       
                  Around the World 
                        Adventure Films Guide Fred Topel talks with the director of "Around the World in 80 Days."
                       
                 
           Search About 
                           
                          Explore more...Arts    & EntertainmentAutomotiveCitysearch Cities    & TownsComputing    & TechnologyEducationFood & DrinkHealth & FitnessHistoryHobbies & GamesHomework HelpHouse & HomeIndustryJobs & CareersMagazinesMoneyNews & IssuesParenting & FamilyPeople    & RelationshipsReligion    & SpiritualityShopping & StyleSmall BusinessSports    & RecreationTeensTravel About International:About AustraliaAbout CanadaAbout IndiaAbout IrelandAbout UKAbout Japan 
                 
           
             
      
        
     About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
      Copyright  © 2002 About, Inc. About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.  

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20021023/5717a268/attachment.htm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20021023/5717a268/netsecurity.about.com_library_weekly_aa020402a.htm


More information about the list mailing list