Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I found some internet history under NetworkServices and had a few questions..


  • Please log in to reply
25 replies to this topic

#1 kurtgillis12

kurtgillis12

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 13 March 2016 - 05:38 PM

I was using an index.dat viewing tool when it found C:\Documents and Settings\NetworkService\Local Settings\History\ History.IE5\index.dat

Is the info im finding in this file from another computer that was on a network with my laptop?

I'm sure most off you know index.dat files reveal most of your internet history, serches, urls etc. on older operating systems like xp. When i viewed it, it showed an IP address (which is werid since all local searches dont have the ip listed in the index file) and urls.

My question is, is it posible to see other peoples internet history if you share a network!? My laptop had a corporate life before now where it was on some sort of network so I cant say if the interent searches were done on mine or another. An ip address also is included in the log....I Just find it weird that I would get these files on my laptop, if they are indeed other peoples searches.

If they aren't from another computer, could you explain why they would be in the networkservices file? Perhaps they were searches made WHILE connected to the network?

Thanks guys for any help!

BC AdBot (Login to Remove)

 


#2 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 13 March 2016 - 06:21 PM

"is it possible to see other peoples internet history if you share a network!?"

No and yes.  No as in you can't see it on your machine.  Yes if you can get to their index.dat on their machine.

 

"I cant say if the internet searches were done on mine or another"

On yours

 

"Perhaps they were searches made WHILE connected to the network?"

All searches are done when connected to the network/internet.  You connect to the ISPs network before you get to the internet.

 

So I take it you are running XP and internet explorer 7?


Edited by Wand3r3r, 13 March 2016 - 06:22 PM.


#3 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 13 March 2016 - 08:38 PM

"is it possible to see other peoples internet history if you share a network!?"
No and yes.  No as in you can't see it on your machine.  Yes if you can get to their index.dat on their machine.
 
"I cant say if the internet searches were done on mine or another"
On yours
 
"Perhaps they were searches made WHILE connected to the network?"
All searches are done when connected to the network/internet.  You connect to the ISPs network before you get to the internet.
 
So I take it you are running XP and internet explorer 7?


Yes on xp, not sure about explorer version.

So basically what you're saying is people on a network cant see my index.dats or vice versa? How come there is an index.dat file in network services folder? Is that typical? Do some workplaces run networks that could share all the files on it, and thats why I can see it? Some file transfer protocol type thing?

#4 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 13 March 2016 - 09:19 PM

This is simply the way Windows was designed and works.

What you see in a folder has nothing to do with anything outside of the devices lone internet access.

 

"Do some workplaces run networks that could share all the files on it"

Sharing files isn't what you are seeing in history.

 

You wouldn't see any of this if someone had cleared history.  Clearly it was unimportant to someone.

 

You have a corporate used computer.  As a corp I am sure their device was protected as well as the IT dept could do. You appear concerned.  Specifically what is your concern?


Edited by Wand3r3r, 13 March 2016 - 09:30 PM.


#5 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 13 March 2016 - 11:00 PM

This is simply the way Windows was designed and works.
What you see in a folder has nothing to do with anything outside of the devices lone internet access.
 
"Do some workplaces run networks that could share all the files on it"
Sharing files isn't what you are seeing in history.
 
You wouldn't see any of this if someone had cleared history.  Clearly it was unimportant to someone.
 
You have a corporate used computer.  As a corp I am sure their device was protected as well as the IT dept could do. You appear concerned.  Specifically what is your concern?


I suppose I should be a bit more specific. The laptops corporate life I referrerd to was from my mothers workplace, where she first got thr computer. We both used it a lot during her duration working there (I only used it at home) I suppose my concern is were other people on that network at her workplace able to see myindex.dat files through their own computers? Would the boss or IT guy have access to all the files from a computer on their network somehow? ( Without having the physical computer in their hands?)

Obviously the history contains nothing bad or unlawful, but perhaps slightly embarrassing things I wouldnt want anyone who works there to see ;)



I

Edited by kurtgillis12, 13 March 2016 - 11:03 PM.


#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:17 AM

Posted 14 March 2016 - 08:08 PM

"other people on that network at her workplace able to see myindex.dat files through their own computers"

Most likely no,

 

"IT guy have access to all the files from a computer on their network somehow? ( Without having the physical computer in their hands?)"

 

Most likely yes, really depends on how your employer/IT wants to "lock" down the network and the machines on it. They wont tell you this but the biggest threat is from the employees on the inside, not the outside. Unknowingly installing malware, stealing IP, (intellectual property), destroying data, disgruntled employees etc.

 

Its probably not like they monitored everybody's browsing history, but no doubt they could get browsing history and plenty of other things remotely if they wanted to and had the machines set up to accomplish it.

Goes back to how much your employer/IT wants to lock it down and or monitor there network.

 


How Can I Reduce My Risk to Malware?


#7 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 14 March 2016 - 09:05 PM

Delete

Edited by kurtgillis12, 14 March 2016 - 09:11 PM.


#8 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 14 March 2016 - 09:11 PM

"other people on that network at her workplace able to see myindex.dat files through their own computers"
Most likely no,
 
"IT guy have access to all the files from a computer on their network somehow? ( Without having the physical computer in their hands?)"
 
Most likely yes, really depends on how your employer/IT wants to "lock" down the network and the machines on it. They wont tell you this but the biggest threat is from the employees on the inside, not the outside. Unknowingly installing malware, stealing IP, (intellectual property), destroying data, disgruntled employees etc.
 
Its probably not like they monitored everybody's browsing history, but no doubt they could get browsing history and plenty of other things remotely if they wanted to and had the machines set up to accomplish it.
Goes back to how much your employer/IT wants to lock it down and or monitor there network.


So when you say most likely no, are you referring to the slim possibilty of some kind of keylogger or backdoor being installed physically on computers from the network, or something else?

Edited by kurtgillis12, 14 March 2016 - 09:13 PM.


#9 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:17 AM

Posted 15 March 2016 - 04:32 PM

"So when you say most likely no,"

Referring to other employees (Not IT) the likely hood of them being able to see other employees browser history is very slim. Nobody would set up a network like that.

 

Could IT see your browser history?  Again it depends on how much they monitor there computers and network and how capable IT is. IT capabilities and budgets can vary widely from place to place. Could be a very capable crew  or just some guy that fixes the printer.

 


How Can I Reduce My Risk to Malware?


#10 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 15 March 2016 - 09:43 PM

"So when you say most likely no,"
Referring to other employees (Not IT) the likely hood of them being able to see other eser history is very slim. Nobody would set up a network like that.
 
Could IT see your browser history?  Again it depends on how much they monitor there computers and network and how capable IT is. IT capabilities and budgets can vary widely from place to place. Could be a very capable crew  or just some guy that fixes the printer.


If an IT person was monitoring a network for browsing history, Would they only see the browsing done while connected to the companies internet connection? The only way he could see it from my house would be if he installed some kind of program directly onto my system, right?

#11 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 16 March 2016 - 10:10 AM

Is this currently a corp machine or not?  If not you have nothing to worry about.  The corp would have uninstalled monitoring software to get their licenses back for other use.  We only monitor internet traffic through the firewall and log it.  Would never bother digging into a machine forensically which is what you are talking about concerning the dat file.

 

It is a real easy thing to clear history after watching porn.



#12 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 16 March 2016 - 11:58 AM

Is this currently a corp machine or not?  If not you have nothing to worry about.  The corp would have uninstalled monitoring software to get their licenses back for other use.  We only monitor internet traffic through the firewall and log it.  Would never bother digging into a machine forensically which is what you are talking about concerning the dat file.
 
It is a real easy thing to clear history after watching porn.


When we got the computer it was sitting around collecting dust and thought to be not working, so nothing was uninstalled right before we got it. So i suppose it is still technically a corp computer. Is there anywhere I should look on the computer to see If there was a monitoring program? If it was only monitoring through the firewall like you said, would they still see ALL of it like what was done at my house as opposed to at work?

Thanks for the responses guys

#13 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:17 AM

Posted 16 March 2016 - 04:46 PM

I get it, i think. 

Your worried about possible monitoring software still being on the computer now that you have it at home and use it?

You can look in the add/remove programs panel. A legit outfit should use commercially available software that will be listed there. It can be uninstalled as long as you have admin privileges on the machine.

 

You can also post a FRST log if you want, we can take a look at that also to see what is installed and what you may be able to remove since its not in a work environment anymore.

 

Just start at step 6 below to download, install and post the logs if you want:

 

http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 


How Can I Reduce My Risk to Malware?


#14 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:07:17 AM

Posted 16 March 2016 - 05:18 PM

You aren't going thru their firewall so no monitoring there.



#15 kurtgillis12

kurtgillis12
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Local time:02:17 PM

Posted 16 March 2016 - 07:29 PM

I get it, i think. 
Your worried about possible monitoring software still being on the computer now that you have it at home and use it?
You can look in the add/remove programs panel. A legit outfit should use commercially available software that will be listed there. It can be uninstalled as long as you have admin privileges on the machine.
 
You can also post a FRST log if you want, we can take a look at that also to see what is installed and what you may be able to remove since its not in a work environment anymore.
 
Just start at step 6 below to download, install and post the logs if you want:
 
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/


Well, yes and no to that first part..
I would really like to know if there was a monitoring program on it (for reasons stated above) but its not urgent to get rid of it since I wont be using it for much of anything.

I'll take a look at the add/remove programs panel. Perhaps I could list the programs and you could tell me if there is anyhing unusual? (If thats somehing you do, dont feel obligated ;)

So that FST log, is that just to identify malware/trojan backdoors etc? We had problems wih backdoors a while ago. In fact somebody I knew infected me with it.. I was going to make a seperate thread eventually about what was there, but since I never use it I let it slide. I know the trojans werent done by the IT guy to track me though since he tried (and failed ) to get rid of them.

Random question time: I clicked the "Network Locations" and I saw "Title of my Computer, drive ©" or something along those lines listed there with a bunch of other links of servers and etc. That doesnt mean everyone else onthe network had access to drive c on my computer, does it? Seems like a stretch, but thought id ask anyway.

Edited by kurtgillis12, 16 March 2016 - 07:31 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users