Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Spyware/Malware Protection


  • Please log in to reply
2 replies to this topic

#1 Soul Invictus

Soul Invictus

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 09 October 2004 - 08:13 PM

Hello All,

This is my first post here and I was hoping that you could offer some assistance. I have a going concern with my PC. I am a poster at Internet Infidels and I have an issue and a fellow poster at IIDB has a related issue. To respect your server, I have provided the IIDB link to which the OP is Loren Pechtel. I hold the same handle. I was wondering if someone might be willing to address his concern, although I am registering here with respect to my issue, to which I initially piggyback his thread and ask for assistance as well. I found this site via performing a google, so I hope you're the best of the best. Please advise if you have any suggestions for my buddy, and definitely let me know if you have some suggestions for my spyware/malware issue. It seems that I can't keep it from staying off the computer. I don't know why it keeps happening and how to stop it. I thank you in advance.

Regards,

Soul Invictus

Edited by Soul Invictus, 09 October 2004 - 08:17 PM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,612 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:11 AM

Posted 10 October 2004 - 12:33 AM

Well it looks like Loren's problem is different than yours. She wants to do forensics on a comptuer to determine what sites this person is going to in order to scan for offensive sites that install spyware. You just want to get it stopped.

I will address both issues and if you dont mind posting a reply at the other site with a link to here with the info that would be great :thumbsup:


For Loren's issue, if they have access to the machine and they use Internet Explorer, there is an excellent tool to dig around in a history file used by IE. This file is called the index.dat file.

The tool you would use is found here:

http://www.foundstone.com/resources/proddesc/pasco.htm


When a person visits a site with IE, IE updates the following files (This assumes XP. Search for index.dat if using other oses):

This is the history file. If a user wipes their History in Internet Options this will be empty.

C:\Documents and Settings\\Local Settings\History\History.IE5\index.dat

Everytime you visit a site that uses cookies, it records that info in this index.dat. As most sites use cookies these days, there will generally be a record of the visit here. If the user clears their cookies this will be empty.

C:\documents and settings\\cookies\index.dat

IE uses something called temporary internet files that supposedly makes web browsing quicker by loading some of the content locally from stored material on your machine. Everytime it downloads something, whether that is an image, a file, or video, it records it in the index.dat here. Once again if they clear the temp int files, this will be empty.

C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\index.dat

Simply download the program and extract it to the C: drive. Then go to the directory where the index dat is, for example:

C:\documents and settings\\cookies\

and type c:\pasco\bin\pasco index.dat > cookies.txt


Then open excel and open the cookies.txt file with excel. Just press finish when it asks you about importing the text. Now you can sort through the various data.

If you do not have access to the machine, you can use a sniffer like Ethereal if you are on a hubbed network and not a switched network. If that wont work for you, use a keylogger or other tracking program. Just google for one. Lastly, and the most expensive, would be a proxy server.

For most of your needs the pasco tool should be more than enough.


For your spyware issues I always give people these tips on keeping their machine clean. If you have a specific problem, feel free on letting us know. GO to this link for the preventative tips:

How did I get infected and how do I prevent it from happening again?

Hope this helps and was the info you were looking for :flowers:

#3 Soul Invictus

Soul Invictus
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:10:11 AM

Posted 10 October 2004 - 07:49 AM

Well it looks like Loren's problem is different than yours. She wants to do forensics on a comptuer to determine what sites this person is going to in order to scan for offensive sites that install spyware. You just want to get it stopped.

I will address both issues and if you dont mind posting a reply at the other site with a link to here with the info that would be great :thumbsup:

Grinler,

I thank you for your time to post a response. I will note a link accordingly. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users