Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Users/PC/AppData/Local/Microsoft/Windows/WebCache Key logging everything I do.


  • Please log in to reply
19 replies to this topic

#1 finnman1

finnman1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2015 - 10:28 AM

 
The Path: Users/PC/AppData/Local/Microsoft/Windows/WebCache has several files, including text files that are somewhat readable. It appears that upon viewing, they show every file you visited on your computer, and most likely, every keystroke. An example is this:.....

V i s i t e d : P C @ f i l e : / / / C : / G a m e s / W o r l d _ o f _ T a n k s / r e s _ m o d s / R T A N . x m l y u 1SPS¡ À F @ Á¸.0’Ð S O 1SPS¡ À F

I just pasted a minute fraction of one of the logs. Why does windows need to keep a file that shows everything I visit on my computer? Is this not a security risk if someone were to steal my laptop?

How do I stop windows from generating these?

Thanks 001.png

 



BC AdBot (Login to Remove)

 


m

#2 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:52 PM

Posted 20 May 2015 - 10:42 AM

I googled WebCache and a page full of discussion about WebCache.  Apparently most of such files within WebCache are created by IE.  I ran across a utility called [removed name] -- however, I do not recommend it!  It is not only a privacy cleaner, it is also a pc cleaner, and neither I or BC recommend any such utilities.


Edited by RolandJS, 20 May 2015 - 10:55 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:52 PM

Posted 20 May 2015 - 10:48 AM

Why does windows need to keep a file that shows everything I visit on my computer?


You know what an "History" is in a web browser, right? The WebCache folder is used for the cache/history of Internet Explorer, you can safely delete it's content if you want. It should normally be deleted by CCleaner. Plus, most of these text files content are encrypted, so good luck trying to understand anything out of it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 finnman1

finnman1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2015 - 11:39 AM

They are encrypted, true.

 

Why is a Web Browser creating logs of EVERYTHING I visit on my computer?

 

Videos, video games, documents, pictures... I don't want a web browser accessing activity logs of sensitive data on my computer.

 

I know you can delete the contents w/ a program, but I want to disable this service altogether.  Is that possible? Does uninstalling I.E. do this?

 

THanks



#5 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:52 PM

Posted 20 May 2015 - 11:42 AM

If you try uninstalling IE, or, crippling it, your next thread will be asking how to reauthenticate, revalidate, your Windows OS.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:52 PM

Posted 20 May 2015 - 11:46 AM

You cannot uninstall Internet Explorer, you can however disable it via the "Turn On and Off Windows Features". Also, are you using Internet Explorer, or another web browser? A lot of programs uses folders and files for "Internet Explorer", like Skype and other web browsers (Temporary Internet Explorer).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 finnman1

finnman1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 May 2015 - 01:06 PM

You cannot uninstall Internet Explorer, you can however disable it via the "Turn On and Off Windows Features". Also, are you using Internet Explorer, or another web browser? A lot of programs uses folders and files for "Internet Explorer", like Skype and other web browsers (Temporary Internet Explorer).

 

I'm using Firefox.  I.E or any program related to the internet does NOT   NEED to see what videos im watching, or which documents i'm reading, or where they are located. That all has nothing to do with the internet. My files.. that is..

 

How do I turn this crap off? I feel it may act as malware, or malware might try to steal this log.

 

THanks



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:52 PM

Posted 20 May 2015 - 01:14 PM

There's little information on what actually disables the folder to gather information, but there's a 7 pages long discussion on SevenForums, with members posting their own solutions. Maybe one of them will suit you.

http://www.sevenforums.com/browsers-mail/311407-ie10-uses-webcachev01-dat-vs-index-dat-files-how-clear-delete.html

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 RolandJS

RolandJS

  • Members
  • 4,429 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:03:52 PM

Posted 20 May 2015 - 01:17 PM

If you can live with the results, you can disable cache in all browsers by merely assigning Zero-bytes or close to Zero-bytes buckets for history, caching, etc.


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#10 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:52 PM

Posted 21 May 2015 - 09:06 AM

It's a hidden folder, of the "protected operating system file" sort, But I've found this folder too. It has some strange text (.log) files in it, they list websites I have never visited, and these are mixed with random unusual characters. Some of the files in it will not open as they are in use by something.


It might be related to the fact that internet explorer's history acts as a sort of history for the entire computer. I, like you, never open internet explorer, I don't touch the program with a barge-pole but find my history in internet explorr records every files on my hard-drive which I have opened that day and every file I have downloaded, it does not however include by browsing history within IE's history as displayed from within IE.

Edited by rp88, 21 May 2015 - 09:06 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:52 PM

Posted 21 May 2015 - 09:32 AM

they list websites I have never visited


I guess that they are logging websites that are linked/included in the websites you visit, like CDNs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Foldingchair

Foldingchair

  • Members
  • 109 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Netherlands
  • Local time:10:52 PM

Posted 21 May 2015 - 09:39 AM

It's a hidden folder, of the "protected operating system file" sort, But I've found this folder too. It has some strange text (.log) files in it, they list websites I have never visited, and these are mixed with random unusual characters. Some of the files in it will not open as they are in use by something.


It might be related to the fact that internet explorer's history acts as a sort of history for the entire computer. I, like you, never open internet explorer, I don't touch the program with a barge-pole but find my history in internet explorr records every files on my hard-drive which I have opened that day and every file I have downloaded, it does not however include by browsing history within IE's history as displayed from within IE.

 

I find that thought really creepy and scary, especially if all that information were to fall into the wrong hands.


"Peace and blessings be upon you all."


#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 21 May 2015 - 09:49 AM

The content of this folder is not encrypted, but encoded.

 

There are tools to decode it, like this one IECacheViewer from Nirsoft: http://www.nirsoft.net/utils/ie_cache_viewer.html

 

The name of the folder says what it is: it is a cache for web sites content. So if you visit a page for the second time, the content (which has not expired) is served from the web cache, making it much faster than downloading again from the Internet.

 

If you don't want your browser to record this, use the private mode. It's called InPrivate for IE.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Quebec, Canada
  • Local time:04:52 PM

Posted 21 May 2015 - 09:50 AM

Didier, does Google Chrome uses the same folder? If so, Incognito Mode would be the mode to use to avoid this?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,620 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:52 PM

Posted 21 May 2015 - 09:58 AM

No Google Chrome and Firefox both use different folders. Google calls it Incognito mode, Mozilla calls it Private mode.

 

Nirsoft has also tools for these browsers (and others like Opera and Safari): http://www.nirsoft.net/web_browser_tools.html


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users