Hello Everyone: In our computers there are Hidden Files that microsoft stores there and does not let you know about it, Take a look at this site and let me know if anyone has Deleted these Hidden Files and (i have 20 of them on my pc)and if they had any trouble afterwards? Here is the site>> http://netsecurity.about.com/library/weekly/aa020402a.htm Tom

Great Link, thanks!!


I wrote something in these forums about the Index.dat files once.
But some "coder" was certain I was wrong. ( I knew that wasn't the case ,since I was reading Microsoft's own coding documentation, but let him/her babbel anyway http://www.PCGuide.com/ubb/smile.gif )


That site should fill the few remaining holes I have let on this subject.


Cool http://www.PCGuide.com/ubb/biggrin.gif

thanks tom- just got done reading all of it and the additional provided links!

who'd a thunk it??

good ole microshaft

http://www.PCGuide.com/ubb/wink.gif

------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/3.html)

[This message has been edited by sea69 (edited 03-05-2002).]

I thought you Guys would like that one, your welcome!

Hi tom,

We've been talking about the infamous index.dat file for quite a while. Check out these threads.

THREAD 1 (http://www.pcguide.com/ubb/Forum15/HTML/000030.html)
THREAD 2 (http://www.pcguide.com/ubb/Forum8/HTML/000070.html)
THREAD 3 (http://www.pcguide.com/ubb/Forum9/HTML/000682.html)
THREAD 4 (http://www.pcguide.com/ubb/Forum9/HTML/001036.html)


As you can see, there's some misinformation and funny ideas about all this. The last post in the last thread has the link for "Spider". That's what I use to delete the contents of index.dat.


------------------
Peace and Love, brothers and sisters. Peace and Love



[This message has been edited by Steve (edited 03-05-2002).]

It's almost surreal looking at that first link and seeing "neophyte geek" next to your name, Steve. I'm (easily) amused. http://www.PCGuide.com/ubb/smile.gif

Thanks for bringing this back up, Tom. If I've seen information on this before, I haven't given it the attention it merits.

------------------
Some mistakes are too much fun to make only once.

Steve, I was looking at spider last night but i did not know which one i should download for XP do you know? >> This program allows you to exploit the 'bug' and scan your PCsto find all the URLs stored in these hidden files. Choos wiselywhich version you want:

Spider v1.16 (350 KB; Win32; ZIP)
This is the newest beta-version which supports removal of the URLs! Check it out!
Spider v1.04 (185 KB; Win32; Self-Extracting EXE)
This is the original version.
Spider v1.04 Sourcecode
Sorry, the source-code has been removed. No I did not get any money from Microsoft for doing this. I removed it because of the fear of commerical exploitation. Thanks Tom

Hi Tom,

I would suggest trying the newest beta version. It works in NT so I figure it'll work in XP also. I don't run XP so I guess it's up to you to try it and see. We're all counting on you to let us know. http://www.PCGuide.com/ubb/wink.gif

I e-mailed Ward and asked. If I get an answer, I'll be sure to pass on any information.

pentachris, I got a smile out of it myself... http://www.PCGuide.com/ubb/smile.gif

------------------
Peace and Love, brothers and sisters. Peace and Love

Steve, I will do just that, I have 20 of them on my pc and want to get rid of them as soon as possible! Will let you know how Spiderman (i mean) Spider does!

For what it's worth...

Just think of it. Microsoft has gone to the trouble to include in it's operating systems a few files...Index.dat

C:Windows\ApplicationData\Microsoft\InternetExplor er\UserData
C:Windows\TemporaryInternetFiles\Content.IE5
C:Windows\Cookies

These files are hidden. They keep a record of every website you've ever visited. You can't delete these files. If you try, M$ Internet Explorer will recreate them with all entries.

Why do you think this is? This was done on purpose. It wasn't a mistake. What does Uncle Bill have on his mind? I won't subject you to my paranoid imagination. http://www.PCGuide.com/ubb/rolleyes.gif

I come from a police family. I can assure you, we're not the only ones who are aware of this. Full discloser is just a search warrant away! http://www.PCGuide.com/ubb/eek.gif

------------------
Peace and Love, brothers and sisters. Peace and Love

[This message has been edited by Steve (edited 03-05-2002).]

Just got finished running the steps outlined in the Riddler's article.

Freed up 500MB on my C drive. http://www.PCGuide.com/ubb/cool.gif

[This message has been edited by Ghost_Hacker (edited 03-07-2002).]

Thats Great, I can't wait to complete it myself, I will post back results too! Tom

[This message has been edited by tomtomg59 (edited 03-07-2002).]

500MB! http://www.PCGuide.com/ubb/eek.gif

GH, if you don't mind me askin'...what took up all that space? Cookies? History? Urls? How long did it take to build such a collection of hidden files?

------------------
Peace and Love, brothers and sisters. Peace and Love

Out of curiousity, if the files are deleted in DOS, how does IE recreate them, and from where?

Again out of curiosity, I ran Window Washer last night over the History and Cookie folders.

Upon rebooting, the number of hidden folders had reduced from 4 to 2 and had decreased in size from 64kb down to 16Kb...

------------------
Boo!®

Howdy

Very interesting article thanks

Spider v1.16 Beta work fine on XP Home

buck

------------------
just hav'n fun

Basically as far as I can tell IE/OE look for the file index.dat on startup and if it isn't there they will create a new one.....it is a log file so they kind of just do it blindly, as part of the programming. As to it growing in size, every URL that is in it takes up a few bytes and if it has never been removed, everything that was there, even after deleting the history and cookies, is still logged in the index.dat...

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

tomtom. A really useful link to a really good piece by Riddler. I had been aware of the index.dats for TIFiles and History and had been managing them; the revelations about Outlook/OE and FindFast and the way the inocuous-looking desktop.ini files operate just bowled me over.

Ghost's clearance of 500MB is staggering and goes a long way to understand why it always seemed impossible to retain the small amount of available memory on a 550MB HDD on my old 486; reformatting it was the only way to get my memory back - now I think I understand why. http://www.PCGuide.com/ubb/mad.gif http://www.PCGuide.com/ubb/wink.gif

------------------
Take nice care of yourselves - Paul
"There are old pilots and bold pilots but there are no old bold pilots."

Steve

It was mostly history as my browser doesn't except many cookies. The box in question is my main computer at work. (which does do alot of web surfing) and took over 2 years to gather all that crap. http://www.PCGuide.com/ubb/smile.gif

When I looked in the temporary internet files folder there wasn't much listed, but after following the instrutions on how to get Explorer to see those files. BAM there where over 20 folders in there each with about 4000 "history" files.

EDIT Just did the same steps for my home system. I had 5 cache folders and 5 "history" folders with 192 history files. Before I deleted them I had 121Mb of free space on my "C" drive after I delected them I have 389Mb of freespace.

Yikes!!!!

[This message has been edited by Ghost_Hacker (edited 03-08-2002).]

After going thru the "Riddler" check list, I must say Spider has been doing a pretty good job. But I'm starting to wonder why I have Internet Explorer on my computer at all!

I think it may be time to go back to Netscape or Opera. A friend at the local police station says he would'nt use IE if you paid him. Using a different browser kinda puts the whole issue to rest.

------------------
Peace and Love, brothers and sisters. Peace and Love

The information in the article is also good for another reason. It would help anyone investgating a "hacked" Windows system. The information can help you look for hidden hacker tools and other files left behind by the "bad guys".

Of course that information swings both ways......

GH,

"The information can help you look for hidden hacker tools and other files left behind by the "bad guys"."

Could you elaborate?



------------------
Peace and Love, brothers and sisters. Peace and Love

Why do you have IE on your machine?

Because M$ says that it is an integral part of the OS and it can't be removed........

And I have some nice oceanfront property that I can let you have......real cheap! It is located in Arizona....(this is not a real offer to sell anything, but just an attempt to crack a joke)

IE Eradicator (http://www.98lite.net/ieradicator.html) (but not for 2k sr2 or XP.... http://www.PCGuide.com/ubb/frown.gif

or

98Lite (http://www.98lite.net/98lite.html)

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Read the Riddlers article again. Notice the parts about "desktop.ini" and the system attribute assigned to a folder.Remember that unless you know where the files are you can't see them.

Which in the case of an hack you won't. As long as a Hacker didn't hide a large amount of files on your system, so as not to raise any alarms. He/she could hide a sniffer,keylogger or anything else they wanted too.

You would need to edit the UICLSID, CLSID information in your desktop.ini files in order to look for those files.

Gee...and I was lookin' for some property.

Thanks for the IEradicator link.

------------------
Peace and Love, brothers and sisters. Peace and Love

GH,

OK. Gotcha. I see what you mean. You'd never know the info was there if you didn't know where to look. It's a good place to plant a file.

Sooo... if you had a copy of the file BEFORE the hack, you could spot the hack when it happens. Do I have it right?

------------------
Peace and Love, brothers and sisters. Peace and Love

There is still one more way of handling these problem files...set up a ramdisk and transfer History, cookies, and Temp Internet files to it, then everytime you power down...POOF gone.

It has a couple of other advantages as well, one that I noticed since having the TIF on a ramdisk, is faster cache reads, another is less fragmentation of the partiton that Windows resides on (be cause the TIF isn't dropping stuff all over the place is my guess)

http://members.aol.com/axcel216/newtip12.htm tells how to do it for 9x systems (except ME...although I have seen references some places to a RAM disk/drive program that will work in ME), and there are ones that will run on NT kernel (Nt, 2Kn and XP (?)) systems....but some of the registry keys/folder locations are different. Not saying that this will be the last word on it, but by not letting them get to the hard drive in the first place seems to be a more reasonable approach to managing them to me... http://www.PCGuide.com/ubb/wink.gif

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Steve

... if you had a copy of the file BEFORE the hack, you could spot the hack when it happens


In most hacking cases...yes, that's sort of what you would do. By running programs like "Tripwire" which are designed to catch just that sort of thing. However someone running Tripwire or who is active in his security isn't going to be caught by any "hiding" ploy. But knowing how it's done can aid in computer forensics and a hacker can use it to add another level of attack to any compromised Windows system. Remember there are a lot of desktop.ini files on your system (or you can simply create one). Any of these ini files can be edited to do what MS does with IE.




[This message has been edited by Ghost_Hacker (edited 03-09-2002).]

Hey G,

Thanks. More bullets for the gun, I guess. I got this one idiot who never tires of messin' with my computer. I'm always lookin' for ways to stay ahead of this guy...Thanks again.

------------------
Peace and Love, brothers and sisters. Peace and Love

Humm my Windows 98 Plus install wasnt 2 months old yet and it cleared a cool 8 MB here.

------------------
Good Programers never die they just don't C well.

I have been using 'spider' for quite a while now, and was amazed at all the url's that it finds. It is a good program but occasionally it fails to remove the url's, I haven't an answer for that, but I use 'cleanup' as well (which cleans different rubbish) & have found that if I use 'cleanup' first, then persistantly start spider 'spider' will eventually re-activate & work ok again.

also I find that it usually takes several attempts (removing a portion at a time) before it clears ALL the url's. does that happen with you all ?

thing is that until I used 'spider' I was not aware of this hidden data, which makes me wonder, how much else is there that we don't know about !
the old bleach advert keeps coming to my mind "cleans 99% of all known germs" not telling you whether or not the 1% is more dangerous than the 99%. and what about the unknown ones ?

another point which maybe someone can remember is the size of index.dat when it is empty,

Doing a 'find' after clearing, mine shows 16 kb in C:\windows\cookies &
32 kb in C:\windows\local settings\temporary internet files
the file in 'history' cannot be found.!
I think that the sizes are correct for an 'empty' file, but does anyone know ?

also I remember seeing that you could add a command to the registry which would delete all these unwanted files upon shut down/boot up, but I didn't get around to trying it, nor remember where I saw it.


------------------
for every question there's an answer. Then a load more questions.
Definition of Upgrade "A means of introducing new bugs to a program to replace the ones that you have eventually found fixes for"

Regards..,
Vic.

Vic The temp-int-files index.dat file is 32kb when empty. (Source = TweakIE 3 help menu). http://www.PCGuide.com/ubb/smile.gif Not sure about the other one. http://www.PCGuide.com/ubb/frown.gif



------------------
Take nice care of yourselves - Paul
"There are old pilots and bold pilots but there are no old bold pilots."

Here's another site where I first found out about these hidden files. Some might find the site name offensive, but the information is good.
http://208.179.142.240/content/ms-hidden-files.shtml

------------------
mike