Beruflich Dokumente
Kultur Dokumente
tttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttttt
ttttttttttttttttttttttt
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyuiiiiiiiiiiiiiiiiyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp
pppppp
From http://fuckmicrosoft.com/
Long and interesting read - makes you wonder what else they hide about you on yo
ur PC?
Read the disclaimer though - I nearly deleted everything on my computer by mista
ke.
(Try looking through User.Dat files as well using notepad as well - search for i
ncriminating words using the find command - Cant just delete these references th
ough)
Microsoft's Really Hidden Files v2.0
by The Riddler
May 16, 2001
(v1.0 written on June 11, 2000)
DISCLAIMER:
I will not be liable for any damage or lost information, whether due to reader's
error, or any other reason.
SUMMARY:
There are folders on your computer that Microsoft has tried hard to keep secret.
Within these folders you will find two (major) things: Microsoft Internet Explo
rer has been logging all of the sites you have ever visited -- even after you've
cleared your cache, and Microsoft's Outlook and Outlook Express has been loggin
g ALL of your e-mail correspondence -- even after you've erased them from your t
rashbin. (This also includes all incoming and outgoing e-mail attachments.) And
believe me, that's not even the half of it.
When I say that these files are hidden well, I really mean it. If you don't have
any knowledge of DOS, then don't plan on finding these files on your own. I say
this because some of these files will only be found in DOS while some of these
folders can only be found in Windows Explorer. Additionally, there are some fold
ers that will not be displayed by neither DOS nor Explorer -- but can only be fo
und using a workaround. Basically what I am saying is if you didn't know these f
iles existed then the chances of you running across them is slim to slimmer.
To give you an example of how sneaky this is, there are three hidden folders tha
t may contain your name, address, phone, all the sites you've visited, every sin
gle e-mail you've sent/received, every attachment you've ever sent/received, eve
rything you've searched for in a search engine, every filename you've downloaded
, names of documents containing "sensitive" information, copies of all your cook
ies, full readable e-mail from your hotmail account, your PGP keys, and more.
Funny that Microsoft would make no mention of this on microsoft.com.
FORWARD:
I know there are some people out there that are already aware of some of the thi
ngs I mention. I also know that most people are not. The purpose of this tutoria
l is teach people what is really going on with Microsoft's products and how to t
ake control of their privacy again.
Thanks for reading.
INDEX
1. DEFINITIONS AND ACRONYMS
2. WHY YOU SHOULD ERASE THESE FILES
3. HOW TO ERASE THE FILES ASAP (Recommended for the non-savvy.)
3.1) If You Own Microsoft Internet Explorer
3.2) Clearing Your Registry
3.3) If You Own Outlook Express
3.4) Slack files
3.5) Keeping Microsoft Internet Explorer (Not recommended at all.)
4. STEP-BY-STEP GUIDE THROUGH YOUR HIDDEN FILES (For the savvy.)
5. A LOOK AT OUTLOOK
6. HOW MICROSOFT DOES IT
7. +S MEANS [S]ECRET NOT [S]YSTEM
8. THE TRUTH ABOUT FIND FAST
8.1) Removing Find Fast
9. HOW HARD MICROSOFT TRIED TO KEEP PEOPLE FROM FINDING ABOUT IT
10. FINAL NOTE AND CONTACT INFORMATION
10.1) Recommended reading
11. SPECIAL THANKS
12. REFERENCES
Coming Very Soon:
mailbox.pst
pstores
Related Windows Tricks.
Reflection of why they use alphanumeric folders (9J3X7QZF4.)
Everything you didn't want to know about Find Fast.
The NSA-Key.
The [Microsoft Update] button.
Why the temp folders aren't intended to be temporary at all.
What's in those .dbx files?
-------------------------------------------------------------------------------1. DEFINITIONS AND ACRONYMS
Well, the best definition I have been able to come up with is the following:
I) A "really hidden" file/folder is one that cannot be seen in Windows Explorer
after enabling it to view all files, cannot be seen in MS-DOS after receiving a
directory listing, and cannot be searched through using the "Find" utility.
a) There is at least one workaround to enabling Explorer to see them.
b) There is at least one workaround to enabling MS-DOS to see them.
c) There is at least one workaround to enabling the "Find" utility to search thr
ough them.
d) They are hidden intentionally.
II) Distinguishes "really hidden" file/folders from just plain +h[idden] ones, s
uch as your "MSDOS.SYS" or "Sysbckup" folder.
III) Distinguishes from certain "other" intended hidden files, such as a file wi
th a name of " x."
DOS = Disk Operating System
MSIE = Microsoft Internet Explorer
TIF = Temporary Internet Files (folder)
HD = Hard Drive
OS = Operating System
DELTREE/Y CONTENT.IE5
(If this still does not work, and you are sure you are using MSIE5, then please
e-mail me. Finding the location of these is a mission, and I'd certainly like to
know where else MSIE likes to hide its cache. I believe older versions of MSIE
keep them under "c:\windows\content\".)
5) This will take a ridiculous amount of time to process. The longer it takes, t
he more records Microsoft had stored about you. When it gets done erasing that f
older, then type this:
CD\
DELTREE/Y TEMP
DELTREE/Y WIN386.SWP
CD WINDOWS
DELTREE/Y COOKIES
DELTREE/Y TEMP
DELTRE/Y WIN386.SWP
DELTREE/Y HISTORY
Warning, this conveniently does not erase any e-mail correspondence. To double c
heck drop back to your DOS prompt and type this:
dir *.mbx /s/p
dir *.mbx /s/p/ah
The files you are looking for are:
INBOX.MBX
OUTBOX.MBX
SENTIT~1.MBX
DELETE~1.MBX
DRAFTS.MBX
If these files come up they will be listed in either of these folders:
C:\Windows\Application Data\Microsoft\Outlook Express\Mail\
C:\Program Files\internet mail and news\%USER%\mail\
(If the .mbx files are located anywhere else then you probably don't want to del
ete them since they aren't from outlook. If they are from outlook, however, then
please e-mail me.)
Now type either of the following (depending on the location of your .mbx files).
Remember, this will erase all your e-mail correspondence so backup what you wan
t to keep by printing them out or forwarding them to another box. Hopefully by n
ow you have already set up Eudora or Pegasus Mail.
CD\WINDOWS\APPLIC~1\MICROS~1\OUTLOO~1
DELTREE/Y MAIL
or
CD\PROGRA~1\INTERN~1\%USER%
(replace "%user%" with the proper name.)
DELTREE/Y MAIL
--------------------------------------------------------------------------------
Retrieving your personal information from these cookies is a snap. For example i
f you've ever shopped at Amazon.com then there's access to your name and e-mail.
If you're a user on Hollywood.com then there's your city, state, and zip. MP3.c
om keeps some goodies as well.
Feel free to check out all your alphanumeric folders, before going on to the nex
t step.
5) Type this in:
CD\WINDOWS\TEMPOR~1\CONTENT.IE5
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
You will be brought to a blue screen with a bunch of binary.
6) Press and hold the [Page Down] button until you start seeing lists of URLs. T
hese are all the sites that you've ever visited as well as a brief description o
f each. You'll notice it records everything you've searched for in a search engi
ne in plain text, in addition to the URL.
7) When you get done searching around you can go to "File" > "Exit."
8) Next you'll probably want to erase these files by typing this:
DELTREE/Y C:\WINDOWS\TEMPOR~1\
(replace "c:\windows\tempor~1\" with the location of your TIF folder if differen
t.)
This will take a seriously long time to process. Then go check out your History.
9) Type this:
CD\WINDOWS\HISTORY\HISTORY.IE5
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
You will be brought to a blue screen with more binary.
10) Press and hold the [Page Down] button until you start seeing lists of URLS a
gain.
This is another recording of the sites you've visited. There also may be some ot
her things in here. E-mail me if you find anything interesting. I will share wit
h you a snippet of what I found in my index.dat file.
Client UrlCache
MMF Ver 5.2@
@3yi
O :+0
0
'
}* 5.t
xt
59
MS6C:\%
\\DAVE'S
HD.TXT
\MSIE5.
C:\
Did you note the "C:\" and "\\DAVE'S HD\MSIE5.TXT"?
"Dave" is the fictitious name that I use on my computer. "Dave's HD" is the name
of my root folder on my LAN. "MSIE5.TXT" is the name of a text file that I've b
een saving on my computer. It contains research from THIS project that I've been
working on. Mostly URLs and notes.
Do you see anything wrong with this picture? It took notice on a file on my HD,
folks. MY HARD DRIVE. Not only that, but it is saving it in a folder that cannot
be seen by neither DOS nor Windows Explorer. Is it a coincidence that this file
was related to the research of this tutorial?
Obviously, my first suspicion was that Microsoft was scanning my HD and logging
any "sensitive" information. In this case, my msie5.txt probably had something i
n it that Microsoft didn't like. To read more about my findings read "THE TRUTH
ABOUT FIND FAST" in section 8.0.
1) If you're still with me, type this:
CD\WINDOWS\HISTORY
2) check out the mmXXX.dat files (and delete them), then type:
CD\WINDOWS\HISTORY\HISTORY.IE5
CD MSHIST~1
EDIT /75 INDEX.DAT (or "EDIT /16 index.dat")
More URLs from your internet history. Note there are probably other mshist~x fol
ders here. 3) You can repeat these steps for every occurrence of the mshistxxxxx
xxx file.
4) By now you'll probably want to type in this:
CD WINDOWS
DELTREE/Y HISTORY
This is about it as far as I know. You may also want to take a look at your *.mb
x files if you own Outlook. (dir *.mbx/s) More detailed information is covered i
n the next chapter.
zed the desktop.ini file to make these files invisible. Invisible to Windows Exp
lorer, invisible to DOS, and even invisible to the "Find" Utility (so you wouldn
't be able to perform searches in these folders!)
Here are a couple examples:
Found in the c:\windows\temporary internet files\desktop.ini and the c:\windows\
temporary internet files\content.ie5\desktop.ini contains this text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
Found in the c:\windows\history\desktop.ini and the c:\windows\history\history.i
e5\desktop.ini contains this text:
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
The UICLSID line cloaks the folder in both DOS and Explorer. The CLSID line disa
bles the "FIND" utility from searching through the folder. Additionally, it give
s a folder the appearance of the "History" folder. (You'll know what I mean if y
ou fiddle with them enough.)
Erasing these desktop.ini files will give DOS and Windows Explorer proper viewin
g functionality once again. The problem with erasing them is windows will recons
truct them on your next bootup. The workaround is to edit the desktop.ini files
and remove everything except for the [.ShellClassInfo]. This will trick windows
into thinking they have still covered their tracks, so they won't think to recon
struct them again.
By the way, if you erase these keys from your Registry it will not un-hide these
folders. Still, I'm sure somebody could play with this enough to figure out a w
ay to completely disable Microsoft from ever hiding files on your computer again
.
ts a brick wall. Not only does this mean Microsoft has taken extra precautions t
o keep people from finding these files, but it defeats the whole purpose of the
"/s" switch in the first place. Nice one.
In case you didn't understand, here's a small experiment that will show you what
I mean.
Since the content.ie5 and history.ie5 subfolders are both located within a +s[ys
tem] folder, we will run the experinment with them. The proper command to locate
them should be this:
CD\
DIR *.IE5 /s/as
The problem is that you will receive a "No files found" error message.
This proves that all subfolders/files that are located within a system folder wi
ll not be listed. But believe me, it's there.
Now, the really interesting thing is that you (luckily) can get around this bric
k wall. That is, once you are in the system folder, then the brick wall no longe
r has an effect on the directory listings. For example:
CD\WINDOWS\TEMPOR~1
DIR *.IE5 /as
1 folder(s) found.
Oh good, now you can see them. (But only after you knew the exact location.) In
other words, if you didn't know the folders existed then finding them would be a
lmost impossible.
tion that it is related to the Find Fast program. However, if you re-read that q
uote, it doesn't mention anything about finding words "within" a document, but o
nly the document itself. Here are some more quotes from Microsoft:
"The Find Fast Indexer tool tracks the location on the hard disk of all Microsof
t Word for Windows documents by default. When one of these files is moved, the F
ind Faster Indexer tool updates its index."
"Indexes are used to make file searches faster in Office programs."
"The Find Fast Indexer is installed on your computer when you install Microsoft
Office 97. Find Fast builds an index to speed up finding documents from the Open
dialog box in Microsoft Office programs."
I wasn't able to find one single shred of evidence that it helped you "search" f
aster. Yet, Microsoft insisted on calling the program "Find Fast." THEN they dec
ided to add the Find Fast icon next to the [Search Document], as if Find Fast ha
d anything to do with searching the document.
So now do you think you know the truth?
What would you say if I told you that Find Fast was scanning and indexing every
single file on your hard drive? Did you know that in Office 95, the Find Fast In
dexer had an "exclusion" list comprised of .exe, .swp, .dll and other extensions
, but the feature was eliminated? If you were a programmer, would you program Fi
nd Fast to index every single file, or just the ones with Office extensions?
Here are some other interesting facts:
Find Fast automatically loads on every boot (because it added to your Startup fo
lder.)
If you have ever had problems with scandisk (restarting due to "disk writes."),
it is because Find Fast was indexing your hard drive in the background.
Now here is a good example of the lengths Microsoft has gone through to keep peo
ple from finding out Find Fast indexes their hard drives. (Always good to have a
n alibi.) And I quote:
"When you specify the type of documents to index in the Create Index dialog box,
Find Fast includes the document types that are listed in the following table.
Doc Type File Name Extension
Microsoft Office files All the Microsoft Excel, Microsoft Web documents PowerPo
int, Microsoft Project, and Microsoft Word document types listed in this table.
Microsoft Binder (.odb, .obt) and Microsoft Access (.mdb) files. Note that in .m
db files, only document properties are indexed.
Microsoft Excel workbooks .xl* files
Microsoft PowerPoint files .ppt (presentation), .pot (template), .pps (auto-run
ning presentation) files
Microsoft Project files .mpp, .mpw, .mpt, .mpx, .mpd files
Microsoft Word documents .doc (document), .dot (template), .ht* (Hypertext Mark
up Language document), .txt (text file), .rtf (Rich Text Format) files
All files *.* files
Did you get that last part? If you were a wealthy man and you decided to buy eve
ry single car in the car lot, would you
a) Say, "I'll take the red ones, the blue ones, the silver ones, the white ones,
the champagne ones, and all of them," or
Drop to DOS
CD\
DIR FF*.* /AH
edit /75 %ff%
Notice the incredible amount of disk accesses to your "really hidden" "Temporary
Internet Files" folder? What is the obsession that Find Fast has with these hid
den folders, anyway?
-------------------------------------------------------------------------------9. HOW HARD MICROSOFT TRIED TO KEEP PEOPLE FROM FINDING ABOUT IT
In case the desktop.ini file wasn't enough proof. ("Whoops, we didn't know the d
esktop.ini file would turn folders invisible?") And in case you thought disablin
g DOS's "/s" switch for system folders was just a "bug." And in case you thought
Microsoft disabled the Find utility from searching through the folders just to
save you time (uh huh) -- then feel free to check out this thread on the Hackers
.com BBS.
-------------------------------------------------------------------------------12. REFERENCES
http://support.microsoft.com/support/kb/articles/Q137/1/13.asp
http://support.microsoft.com/support/kb/articles/Q136/3/86.asp
http://support.microsoft.com/support/kb/articles/Q169/5/31.ASP
http://support.microsoft.com/support/kb/articles/Q141/0/12.asp
http://support.microsoft.com/support/kb/articles/Q205/2/89.ASP
http://support.microsoft.com/support/kb/articles/Q166/3/02.ASP
http://www.insecure.org/sploits/Internet.explorer.web.usage.logs.html
http://www.parascope.com/cgi-bin/psforum.pl/topic=matrix&disc=514&mmark=all
http://www.hackers.com/bulletin/
http://slashdot.org/articles/00/05/11/173257.shtml
http://peacefire.org/