Index.Dat File

Discussion in 'privacy general' started by zarzenz, Jun 23, 2002.

Thread Status:
Not open for further replies.
  1. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    I am currently in the process of trying various programs ...window washer ...internet sweeper ...spider etc. to find out the easiest way of deleting the index.dat file.

    However, one thing is starting to puzzle me. I keep reading that the index.dat file should be found in the cookies, temp int files and history folders. But even with my system set to show hidden files, I only see it in the cookies folder.

    Is this correct or should I also see it in the other folders.
     
  2. controler

    controler Guest

    I am using Windows XP at present and I have my set to display contents of system folders AND show hidden files and folders.
    Then doing a search of my computer using more advanced options
    and having search system folders, search hidden files and folders
    and search sub folders, I get 25 references to Index.Dat found in various places.
    I have sent a few to
    www.fuckmicrosoft.com

    remove the spaces from the four letter word.

    edit Forum Admin: link altered. please don't circumvent - seems obvious enough ;)
     
  3. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,098
    The index.dat file is conveniently hidden on many versions of windows, even when you have hidden files set to be shown.

    Below I have written about two methods you may use to discover this file - the second method is more useful, in my case, but you may find the first method easier to perform.

    [hr]

    You can, however, locate these files if you know the DIRECT path to them.

    Example for History folder: C:\....\History\History.IE5\index.dat

    Browse to that location in Windows Explorer, and you will get a box asking if you want to open or save that file.

    The Temporary Internet Files index.dat file can also be found under:
    (ex.) C:\....\Temporary Internet Files\Content.IE5\index.dat

    [hr]

    NOTE: The following method is only recommended if you know what you are doing.

    TWEAK:

    There is an even easier method to making the directory structure of your Temporary Internet Files folder visible (and, thus, you will now be able to see the index.dat file too!)

    1.) Browse to your temporary internet files folder.
    2.) Look at the path in Windows explorer...add a "\desktop.ini" to the path name to open a special hidden file.1
    3.) Make sure to open this file in Notepad.
    4.) Save a backup copy to a folder on your desktop (or anywhere else for that matter) but make sure to change the ending to .txt.
    5.) Close Notepad, and follow the steps above to open the file again.
    6.) Now, delete the line that says the following:
    It may be slightly different, but there should be only one UICLSID.
    7.) Save the file and close all Windows Explorer windows.
    8.) Browse to your Temporary Internet Files folder again, and voila! You now can see your index.dat file, and all the weird folders that Internet Explorer actually stores file in.

    You can follow the same method for your History folder, but instead delete the line that looks like this:
    WARNING: Using this method for the History folder will remove its functionality from within Internet Explorer. (You will see all of the folders, etc.) Saving a backup of the desktop.ini file is HIGHLY recommended. (Remember to rename the extension)

    [hr]

    Hope this helps!

    -javacool

    [hr]

    Footnotes:
    1The desktop.ini file is used in many "customized" folders in Windows to change their appearance, functionality, etc. It is hidden by default, and the only way to access it is to use a direct path.
     
  4. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    Thanks guys for that. I should have added I'm using WinME. This clears the situation for me. Now I know that what I see is ok and its just a case of these files being 'extra hidden' within the windows system.

    The info to find them may well prove to be very useful but for now I will just continue to try out these cleanup programs in the knowledge that all is as it should be.

    Btw...I've just found this program called PurgeIE that looks very good for clearing all the tracks away.

    http://aandrc.com/purgeie/

    Its got a nice feel to it and a very good help section which is most useful whilst I am on this learning curve.
     
  5. helpin

    helpin Guest

    Just as long as you remember that IEPurge doesn't really purge anything. It deletes it, no different from hitting the delete key. There is no filewiping at all in the program.
     
  6. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    Hi helpin,

    Well... you have now raised a very important point. When you say just delete am I correct in thinking that this just removes the file from being 'visible' whilst looking at these various folders, and this means that they could still be viewed with the right drive recovery software. Just like any deleted file is still intact on the drive but simply marked as available for overwriting. And when you say wiped... is this what is meant by bleaching and in this case the actual file is immeadiately overwritten with random data after deletion.

    To be honest... my main requirement is simple deletion at the moment whilst I learn more about this subject but I think its important to have a full understanding of whats involved here and for that I thank you for bringing this to my attention.

    BTW... I really like PurgeIE... and it is very effective at deleting those pesky index.dat files with its little batch program running in DOS at startup in emergency mode, very nice and so easy to get used to. Also getting to like Internet Sweeper more as I play with it but wont say anymore about that here as its got its own board for posts about it. So still evaluating but got a better idea of what I want now.
     
  7. cshell

    cshell Registered Member

    Joined:
    Jun 28, 2002
    Posts:
    23
    Location:
    Missouri
    Dumb question I know. What is the security risk with
    index.dat file? After reading the post I looked at it
    in the cookies folder. It seems to me to be a general
    index of the few cookies, I allow to remain on my PC.
     
  8. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    Hi cshell,

    I'm new to all this but if I've understood it correctly then there are three index.dat files. The other two are 'extra hidden' in history and temp int files and are capable of holding all the details of sites visited long after you delete the files they are referenced to. If you install the Spider program from here

    http://www.fsm.nl/ward/spider116.zip

    then it can scan your index.dat files and even clean them.

    However because it seems to fail to clean WinME systems after the first sucessful run...I'm now trying out some other programs that can do the same thing.

    Hope I've got this right...maybe some more experienced members could explain in more detail if I've got this wrong.
     
  9. controler

    controler Guest

    Well just make sure whatever program you are using cleans the Temporary internet Folder\Content.IE folders also or do it manualy
    Trying to see if Patrick can do it in SpyBot in the future...
    All your pictures , urls ect stored there too.....
    in the Content.IE Alphanumeric subfolders.
     
  10. cshell

    cshell Registered Member

    Joined:
    Jun 28, 2002
    Posts:
    23
    Location:
    Missouri
    Thanks,

    They certainly are 'extra hidden' . I use Windows ME
    too, and they did not show up after checking the option
    to show hidden files.
     
  11. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,098
    In versions of Windows (98 and up, I believe) certain properties can makes this file, and the underlying directory structure hidden. When you open the Temporary Internet Files folder, you see a long list of files (images, web pages, etc) but the files aren't actually located there. (See my post above for more.)

    -javacool
     
  12. controler

    controler Guest

    Javacool?

    I don't think we are on the same page here LOL

    Believe me the files are there and NOT just shortcuts...

    IN Win XP it is under C:\Documents and settings\Local Settings\Temporory Internet Files\Content.IE\C12NOXIR ect... 4 folders

    In Windows ME it is C:\Windows\Tempory Internet Files\Content.IE\Bla Bla Bla
     
  13. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    4,098
    I'm sorry, I should have specified more clearly.

    What I was aiming for was the files are not actually located under
    C:\Documents and Settings\...\[bTemporary Internet Files[/b] (with nothing following it)
    BUT the hidden subdirectory structure under that.

    I'm sorry for any confusion I may have caused.

    -javacool
     
  14. cshell

    cshell Registered Member

    Joined:
    Jun 28, 2002
    Posts:
    23
    Location:
    Missouri
    I want to thank each one who has replied to my request in any way.
    zarzenz, javacool, controler.

    I want you to know I appreciate your attempt to help me understand
    a little more of this tech stuff.

    I went to Temp Internet files\IE. The index.dat files do not show up.
    I did not check the History folder. My opinion is that if one is not
    showing up the other one won't either.

    PS: This is after checking show hidden files on explorer.

    I use Windows ME. Maybe this will help. When applying the show hidden
    folders, or when clearing that option my screen does some weird things.
    The first time I did this the PC froze. I had to kill the power to the
    PC. The last few times I have applied or cleared this check box the
    screen only did funny things. No freeze up.

    I'm still not sure why the files are a security risk. In my opinion
    no one has addressed this question. Are they phoning home? Are
    they a risk because an unauthorized user of my PC might open them?
    Or are they a risk due to a hacker. I really would like some more input
    on this. I do realize that these files containg info. I do not understand
    why they are a security risk.

    If the Risk is due to a hacker, then I would like to know this. I have a
    lot of credit card info on my PC. I try to keep it at a minimum, but
    some times it can't be avoided. Some Internet shoppers will not order
    on-line. They call. Eventually I have to type their CC number.

    Trying to protect other peoples info is why I'm interested in this topic.
    Also, I'm concerned that there are files that MS have hidden so deeply that
    I can't access them.
     
  15. FanJ

    FanJ Guest

    Quote from the Helpfile of IEClean with respect to the option in IEClean: "Show all file extensions":

    [hr]

    Microsoft LOVES to maintain "hidden" and "super-hidden" files in order to hide MANY of the "inner workings of Windows" ... So MUCH of Windows is completely hidden that viruses, trojan horse remote back doors and other nasties can easily hide from view since you are left unable to determine what the TRUE filename of an email file attachment REALLY is, and when you go to look for files in Windows file explorer, you are not shown what the files REALLY are.

    This function is HIGHLY recommended to be enabled. It will show you the TRUE file extension of any unknown files so that you can determine if they really ARE a media or innocuous filename or if they are a VBS, EXE, PIF, SCR or other executable file and not what they CLAIM to be. This capability alone will show you if a file REALLY IS "mypicture.JPG" or "mypicture.JPG.EXE" which would be a sure sign of a virus or other nasty when you go to download it. IF you let IEClean unhide file extensions, you will see a LOT more files that you never knew existed before, and you will be able to spot suspicious files by the double file extensions which you'll now see and the unexpected ".exe" AFTER the ".MPG" the file CLAIMED to be.

    In addition, selecting this option will reveal a NUMBER of folders and files you never knew were ALREADY on your machine. We cannot emphasize ENOUGH how useful this is in protecting your privacy, and even more importantly your security. However, you will need to get used to seeing longer filenames in all of your displays and furthermore, new folders that had always been sneaked past you that were always part of windows. Checking this option will cause Windows to UNHIDE many files and folders you never saw before and serves to warn you if a file you download is NOT what it appeared to be. The HIDING of "file extensions" is the most grievous security danger IN windows. This option will defeat Microsoft's attempts to hide all nasties.

    IEClean is Copyright 1996-2001 by Privacy Software Corporation
    [hr]
    website:
    www.nsclean.com
     
  16. FanJ

    FanJ Guest

    Quote from the Helpfile of IEClean:

    [hr]

    "XML persistence," otherwise known as "UserData persistence" or "supercookies" were introduced in Internet Explorer 5.0 but didn't work very well. In IE 5.5, this latest privacy risk has not only become functional but threatens to become a very serious privacy risk in the future as more and more sites find this to be an excellent alternative to cookies as far as the magnitude of data that can be stored and the detail of that data.

    "UserData" is designed to allow sites to leave data on your machine which they can then access without any warnings at all. This is something completely different from "cookies." There are no limits on the size of UserData while cookies are generally limited to 2000 bytes or so in size. Microsoft envisions large amounts of data being stored in these areas which is why the hidden structure and location of UserData is built to be as large as the caches (temporary internet files) with four subfolders and an INDEX.DAT file all its own. As of this writing, UserData is just starting to be used and right now, not all that many people have any resident on their system. This will change very quickly now that UserData is now functioning in IE 5.5.

    Selecting this item instructs IEClean to destroy all accumulated UserData in the same manner that IEClean rids you of other intrusions. It will clean out the contents of all subfolders as well as the INDEX.DAT database. Since we see UserData becoming a major future problem, we've also made UserData cleanups an option in the "traybar icon" as well. If you'd like to know more about UserData, do a search on the internet using the word "UserData" as the search parameter. One of the results will be Microsoft's MSDN site. Go have a look.

    IEClean is Copyright 1996-2001 by Privacy Software Corporation
    [hr]
    website:
    www.nsclean.com
     
  17. FanJ

    FanJ Guest

  18. controler

    controler Guest

    This has turned out to be a good discussion.
    About a year or so ago. I found some registry tweaks in Windows ME to show even more. I forwarded them on to the riddler at

    Http://www.F---microsoft.com

    Oops posted that link again LOL
    I just wish I could remember what they were again now
    I had to dig deep to find them and then it was only a matter of changing the value from 1 to 0 or viseversa
    WHich is really the only thing you do when telling WIndows to show
    file extentions, System folders and files and hidden files.
     
  19. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    Guys... this is just the sort of stuff I'm looking for... thanks.

    You raised a good point cshell about what exactly are the implications of all this. Well for me its just the fact that I object to 'stuff' being put on my system in the form of extra hidden files. I know MS will probably say that its all to make web sites load faster if the cache has previous files in there, but when these files are deleted then there is no good reason for the index.dat file to retain them.

    Thats when I see my privacy as comprimised. Files still holding details of previous sites that I thought I'd got rid of. And to me its just the same regardless of the innocence or whatever of the particular site... I just object to this practice.

    But it could also be a serious issue for some people if lets say family members use the same computer for browsing and someone has a piece of software on a floppy that they can use to scan the index data... wow... all sorts of problems there to start with.

    Then what about hackers you ask... yeah... I'm sure if someone got into your system then all this data could be accessed. But that would apply to all areas of you documents in the same way and if you hold credit card details then you would have to take steps to stop this by always using a good firewall etc. But thats another topic altogether and there are loads of guys who could point you in the right direction on that one.
     
  20. cshell

    cshell Registered Member

    Joined:
    Jun 28, 2002
    Posts:
    23
    Location:
    Missouri
    zarzenz,

    I use ZA Pro for a fire wall. No one but me has physical access to my PC.
    So the files are probably not a threat to me. However, if I ever have to have the PC worked on ( Such as sending it to a repair Center ) then those files could be a problem because the repairmen could conceivably extract sensitive info from them.

    What is bugging me at this point is that I can't find them. Checking the show hidden files option, and going to the exact folder locations still does not reveal them. There are 4 catch files under the Temp folder. They also seem to be empty. I am wandering now what might be in them that I can't see.
     
  21. FanJ

    FanJ Guest

  22. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    It is an irritating little problem, isn't it?

    cshell - You may want to go ahead and try the Spider116 route to start with. http://www.winplanet.com/winplanet/reviews/741/2/ .
    (Good info there, BTW, you might want to read all of it). Basically, just run the program and see what it finds, and let us know. I just ran it a few minutes ago, and it reduced the size of the index.dat from 'Size: 48 KB/Size on Disc: 64KB' both to 32 KB.

    I'm not really clear on what you are (or are not) seeing.

    Can you see the index.dat file at all, anywhere?

    If not, have you done a wildcard search? ( *index.dat ) using Start/Search/For Files or Folders/Search for Files or Folders Named: *index.dat 'Look in Local Hard Drives (C::D:)'?

    Interesting note: When I did that Search, above, there were an awful lot of 'index.dat's that came up - but the majority of them were jv16 back-ups! I 'Erased' them. Pete
     
  23. zarzenz

    zarzenz Registered Member

    Joined:
    May 19, 2002
    Posts:
    502
    Location:
    UK
    cshell... I dont know where the credit card info would be held on your system... I would imagine you probably use a particular program that allows such data to be entered to enable whatever your needs are to be done. I have no knowledge of this sort of thing myself.

    However, if you want to have a look at what data is currently being held in the 3 index.dat files then download Spider from here

    Deleted... see edit at bottom of post.

    You can then scan the files to see whats in them... be prepared for an eye opener experience when you do... and then you can run the clean up tool or if you prefer you can exit the program at that point without altering anything on your system. This will allow you 'thinking time' to enable you to decide the best course of action. This is the point in time that I have now passed having tried a few of the programs out there that will automate the clean up process. I only use Spider now to act as my scan tool and am now deciding on which of the clean up programs suit my requirements best.

    Hope this helps... your needs may well be different to mine but it amazed me when I saw what the index.dat files contained.

    Pete... I must have been writing the above as you posted your reply... so didn't mean to double up what you said about Spider. I've deleted my link as yours is better... cheers.
     
  24. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    cshell - On the first page from the link Jan gave, I copied this reg fix link from M.Jannson's site: http://www.markusjansson.net/eng.exe.sig ( direct d/l link ). From Marcus's site: "Index.dat files contain information about websites you have visited, things you have done, cookies you have received, etc. The main purpose, according to Microsoft, is that they speedup browsing by keeping this information nearby. The problem is, that they don’t delete when you clear your temporary internet files! This is because Windows locks those files. They need to be cleared BEFORE it has a chance of doing that. So here's my recipe for it. Please note that this will also delete all your browsing history, since it deletes the content of “history”, “cookies” and “temporary internet files” folders. All of those index.dat files and folders this deletes will be re-created by Windows during the bootup.

    Windows95/98/ ME(English language version) all you need to do is to download and run eng.exe (here is my PGP signature for it), it will guide to the rest. . To remove this tweak, delete xxx.bat and xxx.pif files from C:\ and delete registry value (use regedit) from [KEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "xxx.bat" ".

    So, if you're not happy with the results you get from Spider 1.16, you might want to try that, too. Pete

    Note: After applying the regfix here, the 'Size' of the index.dat (as shown in 'Properties' ) immediately reduced to 16KB - that's as small as you're ever going to see it get.
     
  25. cshell

    cshell Registered Member

    Joined:
    Jun 28, 2002
    Posts:
    23
    Location:
    Missouri
    I want to thank everyone who has posted in this thread, and in particular
    to my questions. You all are a patient and helpful group. Doing the wild
    card search, *index.dat only 2 index.dat files were shown. 1 was in the
    cookies folder, the other was C\Windows\Applications. After downloading and
    scanning with Spider 116 a few more were revealed.

    C:\WINDOWS\Application Data\Microsoft\Internet Explorer\UserData\index.dat
    C:\WINDOWS\Cookies\index.dat
    C:\WINDOWS\History\History.IE5\index.dat
    C:\WINDOWS\History\History.IE5\MSHist012002070120020702\index.dat
    C:\WINDOWS\History\History.IE5\MSHist012002070220020703\index.dat
    C:\WINDOWS\History\History.IE5\MSHist012002062420020701\index.dat
    C:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat

    It will take a while for me to absorb all the helpful information you all
    have provided, but you have put me on the right track, and because I am
    a little slow at this tech stuff I will get it figured out because of the
    information you all have provided.

    Thanks.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.