Wow. I can still hardly believe this stuff.....
Have you ever come across super-hidden files?
Use Windows, and it marks files 'Hidden' and 'System'. Tyros run without
being able to see these, or monkey with them, which is best all round
probably.
But us power users like to know what's out there. So we go into Windows
Explorer and turn on every selectable Viewing option in Tools/Folder
Options/View - Hidden, System, File Extensions, etc.
But there are *still* files that are deliberately hidden from you by (in
my case, certainly) Windows XP.
I'm not talking Hidden, I'm not even talking System; some web references
call these 'super-hidden' (in which case I'd be talking about
super-duper-hidden, but I want to avoid the escalation).
And are these critical system files? Nope - just the results of you
surfing the web. Now why would Microsoft want these hidden away? And I
guess they're deleted when I ask IE6 to delete my temporary internet
files, aren't they? Guess again. A few *copies* get scrapped when you do
that, but that's all.
How did I find all this? Well, NAV reported a trojan in C:\Documents and
Settings\Roy\Local Settings\Temporary Internet Files\Content.IE5\
ETO36DM5\id8525[1[].cab
And NAV couldn't deactivate it, nor delete it, and so suggested that I
did this myself.
But I I couldn't even see it: in Windows Explorer, drilling down to
C:\Documents and Settings\Roy\Local Settings\Temporary Internet Files
was as far as I could go. WE just showed me a few files in there, that
IE6 might well have cached when I was surfing. But no sign of the
referenced file there. And no sign whatever of any further *folders*
within.
Truly weird.... try the 'net. Googling for 'super-hidden files' found a
few references to 'System' files, but then turned up a link to a real
gem:
http://membrane.com/security/secure/Microsoft_Is_Unscrupulous.html
Unbelievable! Armed with that knowledge, I tried a 'Properties' on the
folder that WE was telling me held only a few left-over files found by
IE6. It showed me there were *90mB*, in *14 folders*, inside it.
Tut, tut. WinXP was telling me porkies....
Using the techniques in the article, I was able to see inside the folder
at last, and did indeed drill my way down to the offending trojan, a
home-page replacer called swporta. Which was indeed packed up in the
reported .exe, in the reported location, in a cab file with a
replacement home page, and other stuff....
I've never had my home page hijacked, so I don't think it ever
activated, and Winzip reports parts of the cab corrupt... all other
stored web activity (and was there ever stored web activity in those
folders!) for the date on the cab was harmless, but it proves I was
using the net that day. Assuming the date of the cab *was* the download
date - I think it was...
So, a secret history of everything you ever did on the net, not deleted
by IE6 when you ask it to delete your temporary internet files, taking
up 90 mB of your disk space, and acting as a perfect virus haven...
....thanks a bunch Micro$oft....
If you have WinXP, or, I think Windows2000, navigate to your equivalent
of C:\Documents and Settings\Roy\Local Settings\Temporary Internet Files
(Roy is my username) and see what the contents look like.
Then right-click 'Properties' for the Temporary Internet Files folder.
What does that report the contents as? You'd be surprised......
Want to see them? Manually add /Content.IE5 to the end of the path in
WE's Address bar, and press Go. Looky there......
What's going on here? I think we should be told....
--
Roy Brown 'Have nothing in your houses that you do not know to be
Kelmscott Ltd useful, or believe to be beautiful' Wm Morris
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
