|
|
|
Solution: It sounds like your motherboard's bus speed is set
incorrectly. You see, you probably bought and Athlon
XP 3200+ that runs on a 400MHz bus (which is actually a double-pumped 200Mhz
bus). For the motherboard to recognize the CPU as a 3200+, the CPU has to run
at 2.2GHz, or 2,200MHz. The CPU reaches that speed only if the motherboard is
set to an 11 multiplier and with a 200MHz bus. So, 11x200=2200. If your
motherboard's frontside bus is set to run at
166MHz, the CPU would boot at 1833MHz. It's no coincidence that this is the
same speed at an Athlon XP 2200+. To correct this,
reboot your machine and go into the BIOS by hitting Symptom: My optical drive has suddenly slowed to a crawl reading discs, and it refuses to read some discs. Solution: Optical drives usually don't expire gradually; most
simply stop working without so much as a death
rattle. It's much more likely you drive's lens has accumulated a layer of
dust. Symptom: I just bought a new PC, and now my PocketPC refuses to connect via the USB port. Solution: This is a common issue. You'll have to buy a new PocketPC. Just kidding. This problem occurs if you plug your PocketPC in before installing ActiveSync. Check the Device Manager by right-clicking My Computer, selecting Properties, clicking the Hardware tab, and then selecting Device Manager. If you see an Unknown Device entry, delete it by right-clicking it and selecting Uninstall. Restart you PC, install your PocketPCs drivers from the manufacturer's disc, and plug it in again. PC AUDIO AND MP3S Symptom: I'm only getting sound out of one speaker. Solution: This usually happens when the mini-jack coming out of your speakers us not fully plugged into the soundcard input slot. Reversed polarity of a speaker can cause some of the weirdness as well, so make sure the positive terminal on the actual speaker is connected to the positive terminal on the subwoofer (or wherever the speakers connect to the amplifier), and vice versa for the negative terminals. One final possibility: Pet owners should routinely check speaker cables for teeth marks and replace the cables when Mr. Bigglesworth eats through the outer layer. Symptom: The remote control for my PC speakers suddenly stopped working the other day. I installed new batteries but it still won't work. Is it dead? Solution: Probably not. It sounds more like a sleeping remote. To wake it up, simply remove the batteries and press every button on the remote in a sequential order. Then just replace the batteries and your remote should work again. Symptom: Sometimes I'll rip a worn CD, only to find later that some tracks have skips in them. Solution: This is a common problem, and can be easily fixed. Go to www.exactaudiocopy.de (don't worry-the site is in English). We've brayed about Exact Audio Copy before, and here's why: When Exact Audio Copy rips audio it double-checks that data for accuracy, and if it detects any discrepancies between the original and the rip, it will extract the data again and again until it has determined that the result precisely matches what's on the disc. If the error correction is unable to compensate for a flaw in the disc and the data is irretrievable, Exact Audio Copy will let you know, sparing you from unpleasant surprises later. Oh, and did we mention Exact Audio Copy is free? Life is good. Symptom: My Creative Labs Jukebox Zen Xtra keeps crashing. Is it broken? Solution: If a single bit in an MP3 file is out of place or errant for any reason, it can make many MP3 players lock up or crash. You'll know this is the case if your player crashes on the same track every time. If so, you'll have to remove or re-encode the track. If an errant track is not the problem-you'll know this is the case because it won't crash on the same song/s-you may be able to rehabilitate your player be reformatting the drive. You'll find instructions at the Creative Labs web site. Go to Support, click Portable Audio, and select "Troubleshooting the Nomad Jukebox 3 as a Standalone Unit" (also known as Solution ID #7392). Reformatting will delete the contents of your player, of course, so make sure you have all your music backed up before you go for it. Symptom: I can burn audio CDs and listen to them on my PC, but my portable CD player and car stereo can't recognize them. Solution: Commercial CDs are literally stamped from extruded masters, creating pits and lands that CD players have been designed to read. Burned CD, however, create darkened areas that mimic the pits and lands of commercial CDs. As you've noticed, not all players-especially older ones-can deal with these kinds of discs. But all is not lost. Your best bet is to burn at a slower speed, 4x or below. This creates slightly more prominent differences between the burned and non-burned areas. If you have a Plextor burner, though, you have an even better option. The bundled Plex Tools includes VariRec, which allows you to subtly alter the burning strength of your optical drives laser. By experimenting with various discs and burning strengths, you will almost certainly find the right combination for your CD player. VariRec is supported by both Nero and Easy CD Creator. We've used it to make audio CDs playable on otherwise uncooperative boom boxes. PC BUILDING TROUBLESHOOTING Solution: Random crashes are always hard to diagnose, so let's cover all the bases. The first area to check is your drivers. Make sure you have the latest drivers for all your hardware, especially the motherboard chipset drivers. You should also make sure you've downloaded all Windows Updates. Next, consider your power supply. If you're running a midsize 300-watt PSU, and upgraded to a late model Pentium 4 CPU or Athlon FX, or are just running several hard drives and PCI add-in cards, you should upgrade your power supply to a 400 watt or thereabouts model. Inadequate power to your components can cause the entire system to lock up at worst, or just cause certain components to malfunction or stop working. The final consideration is cooling. Ideally, you should have a decent size fan in the lower front of your case sucking in cool air from the ouside, and a large exhaust fan above your AGP card pull air out of the case. Symptom: I'm building a new PC and have the motherboard mounted inside the case. When I push the AGP card all the way down in the slot, the end of the metal tab on the slot cover hits the bottom of the case, preventing me from inserting the AGP edge connector all the way. Solution: Even though every ATX motherboard and ATX case should be exactly the same dimensions, there are still small variances that can create problems when transplanting your hardware into a new environment. It's fairly common for the videocard to not quite fit, and when this happens the solution is to simply bend the end of the metal slot cover away from the board ever so slightly. This will afford it the extra millimeter or so of clearance the card needs to fit all the way down into the slot. But be careful! WIRELESS (WiFi) NETWORKING TROUBLESHOOTING Symptom: My wireless laptop will not connect to my wireless router. It can't even see it! Solution: Usually Wi-Fi connection
problems are the result of configuration errors, incompatible firmware, or
interference with another router. It's easy to fix firmware issues-all you
need to do is download the latest firmware for your wireless router
manufacturer's web site. If you've installed the firmware update and still
can't connect, your next step is to temporarily disable WEP or WPA. If you
can connect to the router when security is disabled, check all your WEP
settings. You need to use exactly the same key on your router and any
machines that connect to it wirelessly. Also make sure the Authentication
Type on each of the PCs matches the setting on the router. Troubleshooting
interference issues is more complex. First, you should move your router off
of the default channel. Most routers shipped today are set at channel 6 be
default, and the sheer traffic can create a lot of interference. You should
also uncheck the field that says, "Automatically connect to
non-preferred networks"-there is no advantage to the feature and it can
cause your computer to behave erratically if you're in the proximity of the
other networks. If you're still having problems connecting, there may be a
hardware problem on your laptop. Check Device Manager and make sure there
isn't an exclamation point beside your Wi-Fi card.
You should also try connection to another router that you know works
properly. Finally, try connecting to your network using the same settings,
but a different brand of Wi-Fi card. Symptom: My broadband connection feels like it's downloading really slow. Solution: Sadly, there isn't much you can do to improve your
broadband connection's performance without spending more money to upgrade
your existing service. Sure, there are a whole lot of products out there that
claim to "improve your broadband speed" but we don't know of
anything that actually works. Symptom: I can't see the other computers on my home network from my laptop. What can I do to make it work right? Solution: First, you need to make sure that each computer you want to connect to belongs to the same workgroup. Open the Start Menu and right-click My Computer. Go to Properties, then Computer Name. If your workgroup name doesn't match, you can change it by clicking the Change button. Some versions of Windows only show the computers that actually have shared folders or printers, so make sure you have at least one folder shared on every computer you're trying to connect to. The next step is to disable your firewall. By default, most firewalls block the ports used by Windows networking, keeping even legitimate users-like you-from connecting to your machine. If all your machines use the same workgroup and your firewalls are disabled, and you're using a wireless router, your problem could be the router. If your wired machines can all see each other, but a wired machine can't see a wireless machine, it's almost certainly the router's fault. Barring a firmware update that fixes the problem, there's no easy way top connect your machines if this is the case. Check with your router manufacturer for a newer version of the firmware. If that doesn't work, you may need to get newer hardware. Here's one last tip: You can try to connect to your computer's specific IP address instead of its name. To find the IP address, go to the Network Connections control panel, right-click your network card, and select Status. The IP address is on the Support tab. Once you have the IP, you can go back to your other computer and put //IP.address.here/ into Explorer. If you have shared folders on the PC you're trying to connect to, they should pop up immediately. HARD DRIVE TROUBLESHOOTING Symptom: I just got a new Serial ATA hard drive, but when I try to load the image of my current drive onto it, the drive-imaging software doesn't recognize my new hard drive. Solution: This is a problem that has vexed us as well, and it comes down to the fact that most drive-imaging software programs don't recognize Serial ATA controllers and therefore won't let you image the drives connected to it. We've tested practically every imaging program on the market in the Lab, and the only one that successfully moved an image to a SATA drive and made it bootable was Symantec's (formerly Powerquest) Drive Image 2002. Symptom: I just plugged in a brand-new hard drive but it's not showing up in Windows XP. Solution: All brand-new hard drives are sold unformatted and thus don't show up in Windows until they've gone through the formatting process. To get up and running, connect the drive, boot your PC, and at the Windows desktop right-click the My Computer icon and select Manage. Click Disk Management in the left-hand tree, and every drive connected to your system will show up. Simply right-click your new drive and select New Partition. Then follow the steps to get your drive up and running. Symptom: My system crashed, and when I rebooted, my RAID array was no longer working properly. Solution: RAID arrays can stop functioning for several reasons, but it's usually a case of a cable coming loose or something in the BIOS being reset. Serial ATA cables easily come out of their drives, so check them first. If everything is connected properly, you should also check to make sure that the ports your array is plugged into are set to "RAID" rather then "IDE." Because these ports often double as either standard IDE ports or RAID ports, they must be set in the BIOS to one or the other. Be sure to check here first if your array suddenly disappears. WINDOWS XP TROUBLESHOOTING Symptom: My computer is acting odd. Loads of windows open all the time, and I'm getting a bunch of popup windows that don't look like Internet Explorer windows. Solution: Your problem is most likely caused be incoming
Messenger service messages. In a networked corporate environment, Messenger
is used to send time sensitive messages about server outages, and software
updates, but there's really no reason to leave Messenger running at home. To
disable it, go to Start, Control Panel, Administrative Tools, and then
Services. Scroll down to Messenger, right-click it, and select Properties.
Change the Setup Type to Disabled and then press OK. Symptom: A couple of days ago, my computer began behaving very oddly. The disk runs a lot, even when I'm not using the computer, and my browser home page is reset to a site I've never been to before. Solution: This sounds like a classic case of spyware infection. There are two apps we recommend for combating spyware: Spybot Search & Destroy and Ad-Aware. You can download Spybot from www.safer-networking.org and get Ad-Aware from www.lavasoft.de. Both applications scan your hard drive for potential spyware and will hep you reomove it if detected. We recommend using both apps, because sometimes one application will detect a new spyware program that the other won't. If one of the applications detects spyware on your PC, it will either automatically remove it, or give you instructions that allow you to remove it. Symptom: My e-mail frequently stops working-it often stalls when receiving and sending. And no matter how many times I change the e-mail settings, it reverts to "localhost." Solution: There's an outside change the problem could be a virus, but the most likely culprit is your antivirus program or your spam filtering program. These apps work by situating themselves between your mail program and your e-mail server, then taking a look at every piece of mail you receive. But if one of these programs crashes or needs input from you, it will hold up the e-mail download and your mail program will think the connection has died. If this happens, just restart your antivirus program and spam filtering program and try downloading messages again. Symptom: I keep losing menu options in Microsoft Word. Solution: Our bet is that you really like to use em-dashes. The default keyboard shortcut for an em-dash is Ctrl+Alt+the numpad Dash, but people often mistakenly press Ctrl+Alt+ the Dash on the primary keyboard, which is the default keyboard shortcut for "Remove item from the menu." After you call up that shortcut, your cursor will change to bold minus sign and the next menu or shortcut you click will disappear from Word. The solution? Don't use so many em-dashes! Alternately, you can remap the em-dash shortcut to something a little more convenient. Go to Tools, Customize, Commands, and then click the Keyboard button. Then, under Categories, scroll down to Common Symbols and click Em-dash in the right pane. Change the hotkey to whatever you'd like. We like Ctrl+M. To get back the menu items that you've lost, go to Tools, Customize, Commands, and drag the elusive commands back into place. Symptom: I keep accidentally e-mailing my friend at her old address because the program created a shortcut for me. Solution: This is an easy fix. When you're typing the name into your To: field, scroll up and down until you get to the one you want to delete. When it's highlighted press the Delete key and it will be gone forever! Symptom: I get a ton of spam every day. Solution: There are a couple of really
good, free anti-spam utilities available today-SpamPal
(www.spampal.org) and Popfile
(popfile.sourceforge.net). They use slightly different approaches, but each
can reduce your spam intake by up to 99 percent. SpamPal
analyzes every e-mail you receive and compares the path it took across the
Internet with the servers and IP addresses of known spammers. It's very
effective right out of the box, but if you frequently receive e-mail from
countries where spam is known to originate, such as |
Jon Starr
01-01-2002,
08:46 AM
*Please read the below info, it
may be long but if at the end you still think it was not 100% worthy of your
time, I will be very much more than amazed*
If you use ANY method that is supplied by windows to clear your history, you
will see your history disapear....but Windows is
lying to you, your history has NOT disapeared, far
from it, windows keeps detailed logs about you without your knowledge or
consent.
The following document literaly staggered me when I
read it, I use a program called UltraWipe (highly recomended) to clear history etc, it uses a Gutmann wipeing procedure to
ensure data can never be recovered (for reasons to detailed to go into here, PM
me if you want to know, erasing a file using any normal windows method can
allow recovery of the file you 'deleted' for up to the entire operational life
of your computer using simple methods!) but whenever I used Ultrawipe
I always saw a lot of 'Index.dat' files that it
couldn't remove, I thought nothing of this, because what use is an index if the
files no longer exist? , but in fact they are much more than index's they are
in fact comprehensive logs, and with the info below (I was NEVER able to access
them without the tricks I learnt from the document below, and I had tried
previously) I was able to look inside them, I was simply stunned, they
contained a log of every website I had ever visted
and my Email!
I suggest you read the below information then act on it, you will be amazed on
how much info windows has secretly stored on you, and the findfast
logs also showed the insides of some files I has securely shreded
and never expected to see again!
*FILE BEGINS*
Microsoft's Really Hidden Files: A New Look At Forensics (v2.6)
By The Riddler
November 3, 2001
(v2.0 finished May 16, 2001; v1.0 finished June 11, 2000)
Written with Windows 9x in mind, but not limited to.
DISCLAIMER:
I will not be liable for any damage or lost information, whether due to
reader's error, or any other reason.
SUMMARY:
There are folders on your computer that Microsoft has tried hard to keep
secret. Within these folders you will find two major things: Microsoft
Internet Explorer has not been clearing your browsing history after you have
instructed it to do so, and Microsoft's Outlook Express has not been deleting
your e-mail correspondence after you've erased them from your Deleted Items
bin. (This also includes all incoming and outgoing file attachments.) And
believe me, that's not even the half of it.
When I say these files are hidden well, I really mean it. If you don't have
any knowledge of DOS then don't plan on finding these files on your own. I
say this because these files/folders won't be displayed in Windows Explorer at
all -- only DOS. (Even after you have enabled Windows
Explorer to "show all
files.") And to top it off, the only way to find them in DOS is if
you knew
the exact location of them. Basically, what I'm saying is if you didn't know
the files existed then the chances of you running across them is slim to
slimmer.
It's interesting to note that Microsoft does not explain this behavior
adequately at all. Just try searching on microsoft.com.
FORWARD:
I know there are some people out there that are already aware of some of the
things I mention. I also know that most people are not. The purpose of this
tutorial is teach people what is really going on with
Microsoft's products and
how to take control of their privacy again. This tutorial was written by me,
so if you see a mistake somewhere then it is my mistake, and I apologize.
Thanks for reading.
INDEX:
1) DEFINITIONS
1.1) Ancronyms
2) SEEING IS BELEIVING
3) HOW TO ERASE THE FILES ASAP
3.1) If You Have Ever Used Microsoft Internet Explorer
3.2) Clearing Your Registry
3.3) Slack files
3.4) Keeping Microsoft's Products
4) STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES (For the savvy.)
5) HOW MICROSOFT DOES IT
6) +S MEANS [S]ECRET NOT [S]YSTEM.
7) A LOOK AT OUTLOOK
8) THE TRUTH ABOUT FIND FAST
8.1) Removing Find Fast
9) CONTACT INFORMATION AND PGP BLOCKS
9.1) Recommended reading
10) SPECIAL THANKS
11) REFERENCES
Coming in version 3.0:
ù pstores.exe
ù Related Windows Tricks.
ù Looking back on the NSA-Key.
ù Researching the [Microsoft Update] button.
ù Why the temp folders aren't intended to be temporary
at all.
ù What's with Outlook Express's .dbx
database files?
ù Win2K support.
1.0. DEFINITIONS
I) A "really hidden" file/folder is one that cannot be seen in
Windows
Explorer after enabling it to "show all files," and cannot be seen in
MS-DOS
after receiving a proper directory listing from root.
a) There is at least one loophole to enable Windows Explorer to see them.
b) There is at least one loophole to enable MS-DOS to see them.
II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones,
such as your "MSDOS.SYS" or "Sysbckup"
folder.
III) Distinguishes from certain "other" intended hidden files, such
as a file
with a name with high ascii
characters (eg, "Yëï¨o").
(Interesting to note that Microsoft has disabled the "Find: Files or
Folders"
from searching through one of these folders.)
1.1. ANCRONYMS
DOS = Disk Operating System aka MS-DOS
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System
FYI = For Your Information
2. SEEING IS BELEIVING
No. Enabling Windows Explorer to "show all files" does not show the
files in
mention. No. DOS does not list the files after receiving a proper directory
listing from root. And yes. Microsoft intentionally disabled the
"Find"
utility from searching through one of the folders.
Oh, but that's not all.
Just from one of these files I would be able to tell you which web sites you
previously visited, what types of things you search for in search engines, and
probably gather your ethnicity, religion, and sexual preference. Needless to
say one can build quite a profile on you from these files. It has the
potential to expose and humiliate -- putting your marriage, friendship, and
corporation at risk. Here's one good example of the forensic capabilities..
"I've been reading your article as I have a problem with an employee of
mine.
He has been using the works pc for the internet and using it to chat and look
at porn sites. He was then deleting the cookies and history in order to cover
his tracks. A friend of mine pointed me in the direction of this site and
your article. I have found it to be incredibly useful,..."
--Concerned Boss, 8/24/01
One more thing. They contain your browsing history at ALL times. Even after
you have instructed Microsoft Internet Explorer to clear your history/cache.
And so the saying goes, "seeing is believing..."
To see for yourself simply do as you would normally do to clear your browsing
history. Go to Internet Options under your Control Panel. Click on the
[Clear History] and [Delete Files] buttons. (Make sure to include all offline
content.)
So, has your browsing history been cleared? One would think so...
Skipping the to chase here. These are the names and
locations of the "really
hidden files:"
c:\windows\history\history.ie5\index.dat
c:\windows\tempor~1\content.ie5\index.dat
If you have upgraded MSIE several times, they might have alternative names of
mm256.dat and mm2048.dat, and may also be located here:
c:\windows\tempor~1\
c:\windows\history\
Not to mention the other alternative locations under:
c:\windows\profiles\%user%\...
c:\windows\application data\...
c:\windows\local settings\...
c:\windows\temp\...
c:\temp\...
FYI, there are a couple other index.dat files that
get hidden as well, but
they are seemingly not very important.
3.0. HOW TO ERASE THE FILES ASAP
Step by step information on how to erase these files as soon as possible.
This section is recommended for the non-savvy. Further explanation can be
found in Section 4.0. Please note that following these next steps will erase
all your internet cache and cookies files. If you use the offline content
feature with MSIE, it will remove this as well. It will not erase your
bookmarks.
3.1. IF YOU HAVE EVER USED MICROSOFT INTERNET EXPLORER
1) Shut your computer down, and turn it back on.
2) While your computer is booting keep pressing the [F8] key until you are
given an option screen.
3) Choose "Command Prompt Only." This will take you to real DOS mode.
ME
users must use a bootdisk to get into real DOS mode.
4) When your computer is done booting, you will have a C:\> followed by
a
blinking cursor. Type in this hitting enter after each
line (sans
parenthesis):
C:\WINDOWS\SMARTDRV (Loads smartdrive to speed things
up.)
CD\
DELTREE/Y TEMP (This line removes temporary files.)
CD WINDOWS
DELTREE/Y COOKIES (This line removes cookies.)
DELTREE/Y TEMP (This removes temporary files.)
DELTREE/Y HISTORY (This line removes your browsing history.)
DELTREE/Y TEMPOR~1 (This line removes your internet cache.)
(If this last line doesn't work then type this:)
CD\WINDOWS\APPLIC~1
DELTREE/Y TEMPOR~1
(If this doesn't work then type this:)
CD\WINDOWS\LOCALS~1
DELTREE/Y TEMPOR~1
(If this still does not work, and you are sure you are using MSIE 5.x, then
feel free to e-mail me. If you have profiles turned on, then it is likely
located under \windows\profiles\%user%\, while older versions of MSIE keep
them under \windows\content\.)
This last one will take a ridiculous amount of time to process. The reason it
takes so incredibly long is because there is a TON of useless cache stored
on your HD.
5) Immediately stop using Microsoft Internet Explorer and go with any of the
alternative browsers out there. Netscape 4.7x from
netscape.net, mozilla from
mozilla.org, or opera from opera.com.
FYI, Windows re-creates the index.dat files
automatically when you reboot your
machine so don't be surprised when you see them again. They should at least
be cleared of your browsing history.
3.2. CLEARING YOUR REGISTRY
It was once believed that the registry is the central
database of Windows that
stores and maintains the OS configuration information. Well, this is wrong.
Apparently it also maintains a bunch of other information that has absolutely
nothing to do with the configuration. I won't get into the other stuff but
for one, your Typed URLs are stored in the registry.
HKEY_USERS/Default/Software/Microsoft/Internet Explorer/TypedURLs/
HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/TypedURLs/
These "Typed URLs" come from MSIE's autocomplete feature. It records all URLs
that you've typed in manually in order to save you some time filling out the
address field. By typing "ama" the autocomplete feature might bring up
"amazon.com" for you. Although, I find it annoying, some people prefer
this
feature. One thing is for sure however -- it's an obvious privacy risk. You
wouldn't want a guest to type "ama" and
have it autocomplete to
"amaturemudwrestlers.com" now would you?
You can clear your Typed URLs out of your registry by doing going to your
Control Panel > Internet Options > Content >
[AutoComplete] > and finally
[Clear Forms]. If you feel the AutoComplete feature is a privacy risk, then
uncheck the appropriate boxes here.
FYI, this section has nothing to do with "really hidden files." It
was added
so people can completely clear their browsing history before having to ditch
Microsoft Internet Explorer.
3.3. SLACK FILES
As you may already know, deleting files only deletes the references to them.
They are in fact still sitting there on your HD and can still be recovered by
a very motivated person.
ù BCWipe is a nice program
that will clear these files. (www.bcwipe.com).
ù For you DOS buffs, there's a freeware file wiper on simtel.net that I use.
(www.simtel.net/pub/dl/45631.shtml).
ù If you are using PGP then there is a "Freespace Wipe" option under PGPtools.
ù The newer versions of Norton Utilities has a nice filewiping utility.
ù You might want to check out Evidence Eliminator's 30
day trial. This is
probably the best program as far as your privacy goes.
(www.evidence-eliminator.com)
3.4. KEEPING MICROSOFT'S PRODUCTS
If your work environment forces you to use Microsoft Internet Explorer then I
strongly recommend that you talk your boss into checking out one of these
programs:
ù PurgeIE (www.aandrc.com/purgeie)
ù Cache and Cookie Cleaner for IE (www.webroot.com/washie.htm)
ù Anonymizer Window Washer (www.anonymizer.com/anonwash)
These programs automate the process for you, and is far better then having to
ad 'deltree/y' lines to your autoexec.
AND if your work environment forces you to use Outlook or Outlook Express then
you should get in the habit of compacting your
mailboxes.
You can do this by going to File > Folder
> Compact All if you
have Outlook
Express.
or
Tools > Options >
Other tab > [Auto Archive] if you have
Outlook. Make sure
to set things up here.
4.0. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES
This next section is intended for the savvy user.
The most important files to be paying attention to are your "index.dat" files.
These are database files that reference your history, cache and cookies. The
first thing you should know is that the index.dat
files is that they don't
exist in less you know they do. They second thing you should know about them
is that some will *not* get cleared after deleting your history and cache.
The result:
A log of your browsing history hidden away on your computer after you thought
you cleared it.
To view these files, follow these steps:
In MSIE 5.x, you can skip this first step by opening MSIE and going to Tools
>
Internet Options > [Settings] > [View Files]. Now write down the names of
your alphanumeric folders on a piece of paper. If you can't see any
alphanumeric folders then start with step 1 here:
1) First, drop to a DOS box and type this at prompt (in all lower-case) to
bring up Windows Explorer under the correct directory...
c:\windows\explorer /e,c:\windows\tempor~1\content.ie5\
You see all those alphanumeric names listed under "content.ie5?" (left-hand
side.) That's Microsoft's idea of making this project as hard as possible.
Actually, these are your alphanumeric folders that was
created to keep your
cache. Write these names down on a piece of paper. (They should look
something like this: 6YQ2GSWF, QRM7KL3F, U7YHQKI4, 7YMZ516U, etc...) If you
click on any of the alphanumeric folders then nothing will be displayed. Not
because there aren't any files here, but because Windows Explorer has lied to
you. If you want to view the contents of these alphanumeric folders you will
have to do so in DOS. (Actually, this is not always true. *Sometimes*
Windows Explorer will display the contents of the alphanumeric folders -- but
mostly it won't. I can't explain this.)
2) Then you must restart in MS-DOS mode. (Start > Shutdown > Restart in
MS-DOS mode. ME users use a bootdisk.)
Note that you must restart to DOS because windows has
locked down some of the
files and they can only be accessed in real DOS mode.
3) Type this in at prompt:
CD\WINDOWS\TEMPOR~1\CONTENT.IE5
CD %alphanumeric%
(replace the "%alphanumeric%" with the first name that you just wrote
down)
DIR/P
The cache files you are now looking at are directly responsible for the
mysterious erosion of HD space you may have been noticing. One thing
particularly interesting is the ability to view some your old e-mail if you
happen to have a hotmail account. (Oddly, I've only been able to retreive
hotmail e-mail, and not e-mail from my other web-based e-mail accounts. Send
me your experiences with this.) To see them for yourself you must first copy
them into another directory and THEN open them with your browser. Don't ask
me why this works.
A note about these files: These are your cache files that help speed up
your internet browsing. It is quite normal to use this cache system, as every
major browser does. On the other hand. It isn't normal
for some cache files
to be left behind after you have instructed your browser to erase it.
5) Type this in:
CD\WINDOWS\TEMPOR~1\CONTENT.IE5
EDIT /75 INDEX.DAT
You will be brought to a blue screen with a bunch of binary.
6) Press and hold the [Page Down] button until you start seeing lists of URLs.
These are all the sites that you've ever visited as well as a brief
description of each. You'll notice it records everything you've searched for
in a search engine in plain text, in addition to the URL.
7) When you get done searching around you can go to File > Exit. If you don't
have mouse support in DOS then use the [ALT] and [Arrow] keys.
8) Next you'll probably want to erase these files by typing this:
C:\WINDOWS\SMARTDRV
CD\WINDOWS
DELTREE/Y TEMPOR~1
(replace "cd\windows" with the location of
your TIF folder if different.)
This will take a seriously long time to process. Even with smartdrive
loaded.
9) Then check out the contents of your History folder by typing this:
CD\WINDOWS\HISTORY\HISTORY.IE5
EDIT /75 INDEX.DAT
You will be brought to a blue screen with more binary.
10) Press and hold the [Page Down] button until you start seeing lists of URLS
again.
This is another database of the sites you've visited.
11) And if you're still with me type this:
CD\WINDOWS\HISTORY
12) If you see any mmXXXX.dat files here then check
them out (and delete
them.) Then...
CD\WINDOWS\HISTORY\HISTORY.IE5
CD MSHIST~1
EDIT /75 INDEX.DAT
More URLs from your internet history. Note, there are
probably other mshist~x
folders here so you can repeat these steps for every occurence
if you please.
13) By now you'll probably want to type in this:
CD\WINDOWS
DELTREE/Y HISTORY
5.0. HOW MICROSOFT DOES IT
How does Microsoft make these folders/files invisible
to DOS?
The only thing Microsoft had to do to make the folders/files invisible to a
directory listing is to set them +s[ystem]. That's it. As soon as the dir/s
command hits a system folder, it renders the command useless (unlike normal
folders.) A more detailed explanation is given in Section 6.
So how does Microsoft make these folders/files invisible to Windows Explorer?
The "desktop.ini" is a standard text file that can be added to any
folder to
customize certain aspects of the folder's behavior. In these cases, Microsoft
utilized the desktop.ini file to make these files invisible. Invisible to
Windows Explorer and even to the "Find: Files or Folders" utility (so
you
wouldn't be able to perform searches in these folders!) All that Microsoft
had to do was create a desktop.ini file with certain CLSID tags and the
folders would disappear like magic.
To show you exactly what's going on:
Found in the c:\windows\temporary internet files\desktop.ini and the
c:\windows\temporary internet files\content.ie5\desktop.ini contains this
text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Found in the c:\windows\history\desktop.ini and the
c:\windows\history\history.ie5\desktop.ini contains this text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
The UICLSID line cloaks the folder in Windows Explorer. The CLSID line
disables the "Find" utility from searching through the folder.
(Additionally,
it gives a folder the appearance of the "History" folder.)
To see for yourself, you can simply erase the desktop.ini files. You'll see
that it will instantly give Windows Explorer proper viewing functionality
again, and the "Find" utility proper searching capabilities again.
Problem
solved right? Actually, no. As it turns out, the
desktop.ini files get
reconstructed every single time you restart your computer. Nice one, Slick.
Luckily there is a loophole which will keep Windows from hiding these folders.
You can manually edit the desktop.ini's
and remove everything except for the
"[.ShellClassInfo]" line. This will trick
windows into thinking they have
still covered their tracks, and wininet won't think
to reconstruct them.
I can't stress how ridiculous it is that Windows actually makes sure the files
are hidden on every single boot. No other files or folders get this kind of
special treatment. So what's the agenda here?
6.0. +S MEANS [S]ECRET NOT [S]YSTEM
Executing the "dir/a/s" command from root *should* be the correct
command to
display all files in all subdirectories in DOS. However, doing so will not
display the index.dat files. This is because when DOS
tries to get a list of
the subdirectories of any +s[ystem]
directory it hits a brick wall. No files
or folders will be listed within any system directory. Not only does this
defeat the whole purpose of the "/s" switch in the first place, but
I'd say it
looks like Microsoft took extra precautions to keep people from finding the
files. Remember. The only thing you need to do to obscure a file in DOS is
to mark the parent directory +s[ystem].
I was told by a few people that this was due to a very old DOS bug that dates
back many years. Fine. I can accept that. A bug it is.
But, would you consider your Temporary Internet Files to be "system
files?"
It would seem that your TIF folder appears to be marked +s[ystem] for no good
reason at all. Just because. Same
with your history folder. You may not
agree, but I tend to think that Microsoft marked the folders as +s[ystem]
solely to hide any directory recursal from DOS.
In case you didn't understand, here's a small experiment that will show you
what I mean...
Since the content.ie5 and history.ie5 subfolders are both located within a
+s[ystem] folder, we will
run the experiment with them. The proper command to
locate them *should* be this:
CD\
DIR *.IE5 /as/s
The problem is that you will receive a "No files found" error
message.
Since we already know there is a content.ie5 subfolder located here, why is
it giving me the "no files found" message?
But there is a way to get around this brick wall. That is, once you are
inside the system directory, then it no longer has an effect on the dir
listings. For example, if you enter the system folder first, and THEN try to
find any +s[ystem]
directories you can see them just fine:
CD\WINDOWS\TEMPOR~1
DIR *.IE5 /as/s
1 folder(s) found.
Now you will get a "1 folder(s) found." message. (But
only after you knew the
exact location.)
In other words, if you didn't know the files existed then finding them would
be almost impossible.
And, by the way. To see the
"bug" in progress...
CD\
DIR *.IE5 /a/s
It will echo "no files found."
Now, just take away the system attributes from the parent directory...
CD\WINDOWS
ATTRIB -
And retry the test...
CD\
DIR *.IE5 /a/s
It will echo "1 folder(s) found."
7.0. A LOOK AT OUTLOOK EXPRESS
Would you think twice about what you said if you knew
it was being recorded?
E-mail correspondence leaves a permanent record of everything you've said --
even after you've told Outlook Express to erase it. You are given a false
sense of security sense you've erased it twice, so surely it must be gone.
The first time Outlook simply moves it to your "Deleted Items"
folder. The
second time you erase it Outlook simply "pretends" it is gone. The
truth is
your messages are still being retained in the database files on your HD.
(As with your e-mail attachments.)
For earlier versions of Outlook Express, they will be located in either of
the following folder:
c:\program files\internet mail and news\%user%\mail\*.mbx
c:\windows\application data\microsoft\outlook\mail\*.mbx
At this point you have two choices.
a) Get in the habit of compacting your folders all the
time.
b) Backup, print-out, or import the data into another e-mail client such as
Eudora and then delete the mbx files (and thus all
your e-mail correspondence)
by typing this:
cd\progra~1\intern~1\%user%\mail
deltree/y mail
or
cd\windows\applic~1\micros~1\outloo~1\
deltree/y mail
*Typing in the above commands will kill all your e-mail correspondence. Do
not follow those steps in less you have already exported your e-mail and
address book!
If you have a newer version of Outlook or Outlook Express the databases are
located elsewhere. Look for .dbx and .pst file extensions. These databases
are five times as creepy, and I strongly recommend you take at the files.
Just from my outbox.dbx file I was able to view some
of my old browsing
history, bring up previously-visited websites in html format, and even read
ancient e-mail from my Eudora client (read: EUDORA).
Again, don't take my word for it. See for yourself and THEN tell me what you
think Slick Willy is up to here.
8.0. THE TRUTH ABOUT FIND FAST
Have you ever wondered what that "Find Fast" program was under your
control
panel? Here's a hint: It has absolutely nothing to do with the "Find"
utility located under the [Start] menu. Just to clear up any confusion before
going on, Oblivion adequately explains Find Fast here:
"In any version of Word after 95, choose File Open and you'll get the
Office
App Open dialog. Instead of just a space for the file name, there are text
boxes for file name, files of type, text or property & last modified. These
are search criteria you can use to find one or more files. There is also an
"Advanced" button that opens a dedicated search dialog with more
options.
When you use either of these dialogs to perform a search,
that search process
uses the indexes built by Find Fast."
--Oblivion
But what would you say if I told you that Find Fast was scanning every single
file on your hard drive? Did you know that in Office 95, the Find Fast
Indexer had an "exclusion list" comprised of .exe, .swp, .dll and other
extensions, but the feature was eliminated? If you were a programmer would
you program Find Fast to index every single file, or just the ones with Office
extensions?
FYI, If you have ever had problems with scandisk or
defrag restarting due to
disk writes, it is because Find Fast was indexing your hard drive in the
background. It loads every time you start your computer up.
Now here is a good example of the lengths Microsoft has gone through to keep
people from finding out Find Fast is constantly scanning and indexing their
hard drives. (Always good to have an alibi.) Here's a
snippet taken from
microsoft.com:
"When you specify the type of documents to index in the Create Index
dialog
box, Find Fast includes the document types that are listed in the following
table.
Document type File name extension
------------- -------------------
MS Office and Web Documents All the Microsoft Excel, Microsoft
PowerPoint, Microsoft
Project, and Microsoft Word document types
listed in this table. Microsoft Binder
(.odb, .obt) and Microsoft
Access (.mdb)
files. Note that in .mdb files, only
document properties are indexed.
Word documents .doc (document),
.dot (template), .ht* (Hypertext Markup
Language document), .txt (text file), .rtf
(Rich Text Format) files, Excel workbooks
.xl* files
PowerPoint .ppt (presentation), .pot (template), .pps
(auto-running presentation) files
Microsoft Project files .mpp, .mpw,
.mpt, .mpx, .mpd files
All files *.* files"
Did you get that last part? "All files?" Find Fast indexes Office
Documents,
Web documents, Word Documents, Power Point files, Project files, and (oh I
forgot) EVERY SINGLE other file on your computer.
Actually, the good news is that this isn't necessarily true. In another
statement Microsoft claims that if Find Fast deems the file
"unreadable" then
the file will not be included in the index. For example, your command.com
probably wouldn't get indexed because it doesn't have a lot of plain text --
mostly binary.
But, back to the bad news. Every single file that has
legible text is going
to be included in the Find Fast database. Do you understand the implication
here? ALL TEXT SAVED TO YOUR HARD DRIVE IS INDEXED. The forensic
capabilities are enormous, folks. Don't forget "all text" also means
previously-visited webpages from your cache. See for
yourself...
1) Open up a DOS window and type...
2) CD\
3) DIR FF*.* /AH (This will bring up a list of the find fast databases.)
4) EDIT /75 %ff% (insert %ff% with any of the names that were listed.)
Notice the incredible amount of disk accesses to your cache and history
folders? Why do we need two indexes?
8.1. REMOVING THE FIND FAST PROGRAM
You can remove Find Fast using your Office CD, but I recommend you do it
manually...
1) Reboot your computer in MS-DOS Mode.
2) Delete the findfast.cpl file from
c:\windows\system\.
3) Delete the shortcut (.lnk) under c:\windows\start
menu\programs\startup\.
4) Delete the findfast.exe file from c:\progra~1\micros~1\office\.
5) Important to delete the find fast databases (c:\ff*.*).
6) You can also safely delete FFNT.exe, FFSetup.dll, FFService.dll, and
FFast_bb.dll if you have them.
Feel free to check out the ffastlog.txt (which is the Find Fast error log).
It's a +h[idden] file under
c:\windows\system\.
9. CONTACT INFO AND PGP BLOCKS
This tutorial is being updated all the time. If you
have any useful input, or
if you see a mistake somewhere, then please e-mail me so I can compile it into
future versions. You will be able to find the most recent version of this
tutorial at fuckmicrosoft.com. I am not affiliated with the site.
My e-mail address is located at the end of this note. Please let me know
where you heard about this tutorial in your message. If you have something
important to say to me, then please use encryption. My public key blocks are
located below. Be suspicious if you send me an encrypted message but never
get a reply.
Thanks for reading,
-- The Riddler
theriddler@fuckmicrosoft.com
My 2.6.2 block is no longer valid because my secring
was nuked. When I
created another keyring with another version of PGP,
it read my "SET PGPPATH="
line and copied a new ring over my old one. No backups were made. Moral of
the story: Backup your keys.
My PGP 2.6.3 Block:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3a
Comment: Compatible with PGP 2.6.x
mQCNAzvVzqgAAAEEANT+lnfVk79zr/eYkLHs+euTg/JBSQXmUWB5dMxv4Vvv4Xes
CnaNrv5Udi3hfABKb1tq41N6kPJ/n/Qz/vSW52Z4wg+Q+ZGGoITIJ1p8bDOceb2Q
EsMsY7kzCHqkBF0N53TuVt+ywhVncN+CqecVvhuQ4RXUOVUvru7gGcd76OVxAAUR
tAt0aGUgcmlkZGxlcokAlQMFEDvVzqju4BnHe+jlcQEBC14EAM3Th47aEChB0GAf
5xGlLPQnrj6zyf5uovj12PEFnCOwcEhDDAuq4Ito7Keb22DqwlJDNChIM7xLx8bZ
d9VaMpkirFzgvFmGu5eNGp18rR9EyIVY/tTdWlRcsUL/nw2XNXxw51tHE7M/O1fp
Un4qIcG0CfAQ1QCUfqOwTWbFH/Wy
=muLu
-----END PGP PUBLIC KEY BLOCK-----
My GPG 1.0.6 Block:
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.0.6 (MingW32)
mQGhBDu3TSERBACO0Fx9pjMULe6qLQwOgfvdnQconLOMyftZdp9+ZX6t29ebJ/Z5
qQOJ9ce9Xr6Lj4u+M9VDx1FK5ueoD45bUAy0HAvYDV/HEu2vCRimpbreDky/U88a
XL59Pe8qwnmfUzYc/LnH86VCr4lPmpbz6/adXj44xE6EwkhFcq6BD4isCwCg8zZO
Hk9+KEKOyPHIFWq7TUA/JdUD/jWtNrGZ0tfSAS0WDiBifsBr1HW7n2IMDFX1anqC
DN0ToM5IFWGDkOh1NUvP0RvyrnNuBOP/oWxkPLR0nVvifETF0iG9o+kfitC9NmJn
QP/iw4WhCoHRCc5wqnAAXQC9j8JdodQ8E5VnfnNGkttgWz7mNzBongrIoTdfVdtf
o5NwA/d/lwMhGE0HNXnXOgRBcPjGD0LsR8pFoSP/HJ9Hu3zms2cbQqN2O/f99H2G
s9mXR7uvicu9SbKoTwFkptLVbOQIhvBnw0fTlZGrUsaiw4vzt99PffTKq1FPIpQe
K7HcnUK2+ZSVs5PxGiDckobJEjBssSw9Lg5RSNMy9H7s9jv3tAt0aGUgcmlkZGxl
cohXBBMRAgAXBQI7t00iBQsHCgMEAxUDAgMWAgECF4AACgkQ/bqXDRMV1MxyMgCc
CH2uO/f46JgQ0pspQxi7IBv0yNQAn11ebXHbZGuADwuBun1EnQCJb8VIuQINBDu3
UOAQCADKG2mf/FW3kuSAGoFmIMBm4l6m0O7denwUIpZP2jxeNTLmLW6ntGglHP++
wEQpHjKTJfXoSHZH0euuXVZ9hOVdf1+PuRNy0DzrDDiKX7fdQ6eSbw+heSWc0kOF
AB1j3pcovG4K2+bK66039kQLIT3kNUZgh9DdMZjIFzBg90aQnaEm5LLMkv1FNVZP
YehZm3RRIpLAX5vkJJbUA/VVh/FXDG5f21iAGDHgSdKsLW2JNDAWe6/rY0GV5dgx
C0gsqBn1rxNNDyG+z6nFCQtohL/x5zdTzedLQBjIlao91mSWhBsyxiX8mjhvGO97
o6zVUG5KHBKGmvWMqlyOsGY9VSbDAAMGCADIaFAcE+ADY3ku9Fy0NIlJhbj578YY
xpsE6KvZI1OqbHSoBnN06A3Mpxp4QRBXlr9eRRl+zMTQl1VcVWkahZYNapOqq6L3
wHBmf9psggCBxqQdI9n5zxnlkphb50J7G9UevB/IGzlW2fe7WMWjo2GegIvGHVWr
qeZgyaNf/CyMtihAX3O86rpqakq//nJvQ9MPcp/Brr9KT2NxBlpBm6xWY35IL5FG
dZ2hpHaO1TC6bdmWUPhvzmSVtD9f0AnnJEgVc03vBz7xJrc1IEa1DeRdfFNvkoch
+mNjc+fBAIQrVMCQ33u+yP/DWSdThrhxz1tAGWV7SlwxVyg6JPRQJ+moiEYEGBEC
AAYFAju3UOAACgkQ/bqXDRMV1MwVnACfaGrJRv2lgWHQbQWwv55t2cT+QWEAnA/n
ckswjlC9aNcBkcFl7X1SX8JX
=pFTK
-----END PGP PUBLIC KEY BLOCK-----
9.1. RECOMMENDED READING
http://www.theregister.co.uk/content/4/18002.html
http://www.findarticles.com/m0CGN/3741/55695355/p1/article.jhtml
http://www.mobtown.org/news/archive/msg00492.html
http://194.159.40.109/05069801.htm
http://www.yarbles.demon.co.uk/mssniff.html
http://www.macintouch.com/o98security.html
http://www.theregister.co.uk/content/archive/3079.html
http://www.fsm.nl/ward/
http://slashdot.org
http://www.peacefire.org
http://stopcarnivore.org
http://nomorefakenews.com
http://grc.com/steve.htm#project-x
10. SPECIAL THANKS (and no thanks)
This version I want to give special thanks to Concerned Boss, Oblivion, and
the F-Prot virus scanner.
I also want to take this time to show my dissatisfaction to the
Herald. Although partly flattering, it was more disgusting to see a newspaper
try to take credit for my work.
11. REFERENCES
http://support.microsoft.com/support/kb/articles/Q137/1/13.asp
http://support.microsoft.com/support/kb/articles/Q136/3/86.asp
http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP
http://support.microsoft.com/support/kb/articles/Q141/0/12.asp
http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP
http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP
http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html
http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all
http://www.hackers.com/bulletin/
http://slashdot.org/articles/00/05/11/173257.shtml
http://peacefire.org
COPYRIGHT INFORMATION
This article has been under the protection of copyright laws the moment it was
fixed in a tangible form. In less otherwise agreed, this article may only be
distributed as a whole and without modification. Thank you.
*FILE ENDS*