Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Prefetch


  • Please log in to reply
10 replies to this topic

#1 thatman

thatman

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 03 June 2004 - 08:18 AM

Prefetch on windows XP

How to change the value
This requiers the user to edit the Registry

HKEY-LOCAL-MACHINE \ system\ CurrentControlSet \ Control \ Session Manager \ Memory Management \ PrefetchParameters key

Now you are ready to change the DWORD value

In the right hand window look for the EnablePrefetcher when you have located the key

Double click EnablePrefetcher a box will appear with a highlighted value

Options avaible are as follows

0 Disable Prefetch

1 To only work with applications

2 To only monitor and speed up the system boot

3 Prefetch working with options 1 & 2

Only works with the number keys above your qwerty keys

Not the keypad.

All the best from
Thatman

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 AM

Posted 03 June 2004 - 09:23 AM

Just so people know what the Windows Prefetch is:

Windows XP comes with a built in service/component that will allows programs to load quicker by fetching and storing into memory commonly used files. Because these files are stored in memory, or the cache, the programs that uses these cached files are loaded quicker. It is called the prefetch because these programs are fetched or loaded before the applications that use them are launched.

#3 thatman

thatman
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 03 June 2004 - 12:55 PM

Hi Grinler

I am in full agreement with your comments, but with every good idea you also have the downside too.
Microsoft created the Prefetch and PageFile to help improve system performance but the reality is a normal user if they turned off prefetch would they notice any difference in the speed off operation we are talking mili sec.

But with the new breed off viruses trojuns spyware ECT, thy are now using memory resident programs, spyware is reading the pagefiles ads files and many more hidden files on a users PC.
The same can be said about system restore this too was to help users if thy fell in difficulties. The bad boys are using that as a means to stay on the users PC.

This type off topic is endless many people will have there own views as to the right and wrong way.

This is where the Forums come in to their own the ability to have your say.

All the best
thatman

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,582 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:12:49 AM

Posted 03 June 2004 - 11:07 PM

Hello thatman,
I hope you don't taske offense but I don't see where any of the things you mention are much of anything to worry about. And I especially find this statement inaccurate:

The same can be said about system restore this too was to help users if thy fell in difficulties. The bad boys are using that as a means to stay on the users PC.


It is my belief that the bad boys are not using System Restore as a tool. They may be aware of it being a side benefit to their purposes, but it would do them no good to have their executables inactive and locked down in System Volume Information just on the off chance that some one will activate a restore point and reinstall.

Restore points are just backups--if you back up an infected system by another means, say Ghost, the results are the same. If you restore a dirty backup then your system will be dirty. It's not System Restore's fault or Ghost's--they are working as designed. People just need to be aware that their backups could be dirty.

The problem with System Restore is that it is on every OS that carries it and makes Restore Points for every 24 hours of use by default so most people are unaware that they are making dirty backups. So, yeah, the bad boys are probably aware of that but they they know enough tricks (and are getting better at it all the time) to protect their files from removal--they aren't "using" System Restore. Too many people have come to the belief that it is being used to hide malware that is actually causing problems--but it can't in System Restore because it is zipped up and locked down.

I don't see Prefetch as much to worry about either. It's just another location that malicious files could be in--the trick with malware is finding and deleting the executable(s)--with the exception of system files that have been altered. And since Prefetch by default only contains links to other executables--I just don''t think there is any thing special about this location.

But thanks for the tip. :thumbsup:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#5 sardonyx

sardonyx

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:49 AM

Posted 16 June 2004 - 10:48 PM

i think it's also best to use win related tweaking utilities to prefetch your windows. however, the end user or the admin still knows the best whether he will use win prefetch in his system

#6 thatman

thatman
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 20 June 2004 - 09:31 PM

Hello thatman,
I hope you don't taske offense but I don't see where any of the things you mention are much of anything to worry about.  And I especially find this statement inaccurate:

The same can be said about system restore this too was to help users if thy fell in difficulties. The bad boys are using that as a means to stay on the users PC.

It is my belief that the bad boys are not using System Restore as a tool. They may be aware of it being a side benefit to their purposes, but it would do them no good to have their executables inactive and locked down in System Volume Information just on the off chance that some one will activate a restore point and reinstall.

Restore points are just backups--if you back up an infected system by another means, say Ghost, the results are the same. If you restore a dirty backup then your system will be dirty. It's not System Restore's fault or Ghost's--they are working as designed. People just need to be aware that their backups could be dirty.

The problem with System Restore is that it is on every OS that carries it and makes Restore Points for every 24 hours of use by default so most people are unaware that they are making dirty backups. So, yeah, the bad boys are probably aware of that but they they know enough tricks (and are getting better at it all the time) to protect their files from removal--they aren't "using" System Restore. Too many people have come to the belief that it is being used to hide malware that is actually causing problems--but it can't in System Restore because it is zipped up and locked down.

I don't see Prefetch as much to worry about either. It's just another location that malicious files could be in--the trick with malware is finding and deleting the executable(s)--with the exception of system files that have been altered. And since Prefetch by default only contains links to other executables--I just don''t think there is any thing special about this location.

But thanks for the tip. :thumbsup:

Hi to all
Sorry for the delay in returning the reply
My isp has been one of many that have been attacked mils of spam mail and viruses
My web connection has been so slow it was a waste of time trying to get on the web.
E-mail not working most days
It now appears that they may have things under control

No i have not taken offense to your opinion.

But remember the new bread of malware is getting very clever they now attack the
spyware removal software virus software and firewalls.
I will leave it at this point its very late and i need to sleep now.
Time in the UK is 03:23 MORNING

TTFN
THATMAN

#7 thatman

thatman
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 23 June 2004 - 01:29 PM

Hi
Every time i come on site this welcome is on my screen.

Welcome back thatman! (If you are not thatman, please click Here.)

Can some one explain please

thank you

:thumbsup: :flowers:

#8 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 AM

Posted 23 June 2004 - 01:54 PM

The board will log you on with your cookies automatically. If more than one person uses this site from the same computer, it is a notification as to who they are logged in as . That way if they are logged in as someone else from the same computer, they can log out and relog in as the proper person. I stole the idea from how amazon does it :thumbsup:

#9 thatman

thatman
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 24 June 2004 - 02:07 AM

Thanks Grinler

Strange I am the only user on my computer

I use firefox 9 stopped using ie explorer
completely removed messenger 4.7 from computer.

software used
Firewall zone alarm pro 5.0.594.43

Ad-aware plus 181

Pestpatrol

ProcessGuard v 2.0

ewido SecuritySuite

Hijack

titan200400.exe

A.V.G PRO

WILL HAVE TO LOOK ON COMPUTER FOR UNWELCOME GUEST

#10 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:49 AM

Posted 24 June 2004 - 04:34 PM

No this is by design. Regardless if someone else is using the computer it will still say your name at the top like that. You can disregard the message

#11 thatman

thatman
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:06:49 AM

Posted 28 June 2004 - 02:06 PM

Hi Grinler

Thank you for your reply I checked my system it was clean no harm done
I understand what you are referring to now.

Just to say that i like your site and will put the word out to my friends
I hope to make new friends on this site to.

Still have problems with my e-mail and connection my ISP are now getting to grips
with the attacks and have promised improvements to block the scum.


Thank you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users