SpyBot S & D v0.93 released

Discussion in 'other anti-malware software' started by Paul Wilders, Mar 12, 2002.

Thread Status:
Not open for further replies.
  1. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
  2. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i hope this verstion dosent have comet cursoer
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Re: SpyBot S & D v0.93 released

    mrblaze - I haven't ever found any trace of CC in SpyBotS&D (and a re-scan with AA confirms that just now).

    What are you talking about? Pete

    *If you don't want SBS&D to find and remove CC, go to the 'Excludes' tab and put a checkmark in front of 'Comet Cursor' so that it won't be removed. Is that what you meant?
     
  4. PepiMK

    PepiMK Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    43
    MrBlaze, could you please give me some more details?

    I don't use AdWatch, but many of my users are cross-checking with other software, and I never heard that anyone has detected CometCursors.
    I'm still revising CC, so detection is still not as good as by other software, but I've definitively not included any spy!

    Maybe you could mail me the result lists of Spybot-S&D and AdWatch so I may see what you are talking about?

    (btw: sorry, my english is that bad that I don't understand sentences with more than 7 typos and no commas in it  :rolleyes: )


    Here's a list of what's new in 0.93:
     
  5. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    ok full story
    i have adaware plus and adwatch that came with it.
    Idowenloaded spy bot seach and destroy  not this new verstion but the prviouse verstion.

    I also dowenloaded to other  programs lol lets just say those programs arnt ummm  legit lol.

    any how i install the two programs and no bigy so i thought.

    i also install spy bot seach and destroy and said yes to everything it asked me
    i ran it and it was every thing it said it was and more it even fixed the windows media player exploit which was hell of cool.

    unfoutionitly lol i did it all on my desk top so the short cut wouldnt work when i moved spy bot search and destroy to my documents security folder.

    so i went and browesed to link the short cut to spy bot and acdently reinstalled it by accident big mess and it didnt make a correct short cut on my desk top so i uninstalled it.

    the main spy bot search and destroy  application was there still except it didnt have all the languages dutch french ect typ stuff so i reinstalled it and it didnt ask me all those languages qustions to say yes or no to.

    its default was enghlish i guess which was cool.

    and i ran it tomake sure it worked and it said something like congradgulations sytem clean or something to that effect.

    and i finaly set it up the way i want it lol desk tip icon and main folder in my secuity folder.

    later on that night i guess my dad got on the internet so imidiatly i went to my computer cause im parynoyed any one touching my computer and rightly so he attracts spyware and viruses like candy does kids lol.

    i started adwatch v2.3 and found comet curseor makeing mass intrys every time it was deleted ut would remake itself lol it was funny at first watchig the mass entrys

    then i ran adalware and it did this it relly did remove comet curseor  but now i had to find out where it came from was it my dad that hit a web site with it?

    or was it the two programs that wernt cough legit frome some untrustworthy site lol

    so i ran ad watch  v2.3 my system clean i ran the two not legit programs and nothing they came out clean which was surpriseing lol.

    at this point i was perty sure it was my dad  i left adwatch v2,3 on

    and i ran spybot seach and destroy it gave me the system clean thing and walah as soon as i closed spybot seach and destroy there it was CometCursor  lol i lmao although adalware didnt find the source where CometCursor  came from it is alparent that spybot seach and destroy was unloadig it to my system lol.

    i ran this senario a few times and it did it every time after i cleaned the system lol.

    if you dont belive me look at the buttom i think some one ether put it in the priogram or some one made a comet curseor infection towards spy bot and its creator much like ants had a targeted viruse problem by some hacker that targeted that paticuler software.

    Started registry scan
    ======================
    Aureate key:HKEY_LOCAL_MACHINE\software\radiate\
    (Ignored)
    CometCursor key:Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM\comet.dll


    Started deep registry scan
    ===========================
    CometCursor key:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\moduleusage\C:/WINDOWS/SYSTEM/comet.dll


    Registry scan result:
    Suspicious keys found :3


    Started folder scan
    ====================
    Now processing drive (C), 0 remaining.
    Aureate folder:C:\WINDOWS\Application Data\Software\Radiate
    (Ignored)
    Finished examining drive(C), 3151 Folders total so far

    Folder scan result:
    Folders processed:3151
    Suspicious folders found:1


    Started file scan
    ==================
    CometCursor file:C:\WINDOWS\SYSTEM\comet.dll

    File scan result:
    Suspicious files found:1



    Scan complete
    ==============
    Suspicious modules found:0
    Suspicious keys found :3
    Suspicious folders found:1
    Suspicious files found:1
    =========================
    Spyware components ignored:2
    Spyware components found total:3


    Removing selected components:
    ==============================
    Deleting:CometCursor,3,file,2,,C:\WINDOWS\SYSTEM\comet.dll,
    Deleting:CometCursor,1,HKEY_LOCAL_MACHINE,2,Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/comet.dll,,
    Initializing:CometCursor,2,HKEY_LOCAL_MACHINE,2,Software\Microsoft\Windows\CurrentVersion\SharedDLLs,C:\WINDOWS\SYSTEM\comet.dll,

    Task completed on10:56:27 AM
    Done.
     
  6. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    by the way i love your software it does stuff that adalware is missing lots of cool extras keep up the good work maybe your program was infected by my computer could be a new verstion of comet curseor where it attatchs itself to a program to hide itself makeing it imposiable to detect.

    until you run the infected program and close it i dont know iseriousely doubt you put it there.
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    SpyBot S & D v0.93 released
    =( ok i dowenloaded it.
    first blaze did a viruse scan with updated defs.
    then i did adalware for spy ware.
    then trojan check with two anto trojan programs
    then looked for worms.
    used internet sweeper to clean out cokies.

    evrything came out clean.

    i turn on adwatch everything ok till..............................
    installed SpyBot S & D v0.93 released on instilation this happend.

    Lavasoft Ad-watch v2.3
    logfile generated on Tuesday,March,12,2002 11:00AM
    Referencefile loaded.
    Referencefile version-stamp : 142-24.11.2001
    Ignorelist (2 items) loaded ok.

    11:01:16 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:18 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:20 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:22 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:23 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:25 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:27 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}
     
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    11:01:30 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:31 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:33 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:34 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:36 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:37 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:39 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:40 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:42 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:43 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:45 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:46 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}
     
  9. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    11:01:48 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:49 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:51 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:52 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:54 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:56 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:57 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}

    11:01:59 AM Warning! COMETCURSOR Key detected: HKEY_CLASSES_ROOT\clsid\{1678f7e1-c422-11d0-ad7d-00400515caaa}
     
  10. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    Scan initialized on 12/30/2001 10:52:28 AM.
    (AAW release 5.6 Plus, referencefile 142-24.11.2001)
    =====================================================
     Threads:1
       ProcID:4291232307
       ParentProcID:4290931815
       BasePriority:Normal

    Memory scan result:
    Total modules found:31
    Suspicious modules found:0


    Started registry scan
    ======================
    Aureate key:HKEY_LOCAL_MACHINE\software\radiate\
    (Ignored)
    CometCursor key:Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\SYSTEM\comet.dll


    Started deep registry scan
    ===========================
    CometCursor key:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\moduleusage\C:/WINDOWS/SYSTEM/comet.dll


    Registry scan result:
    Suspicious keys found :3


    Started folder scan
    ====================
    Now processing drive (C), 0 remaining.
    Aureate folder:C:\WINDOWS\Application Data\Software\Radiate
    (Ignored)
    Finished examining drive(C), 3151 Folders total so far

    Folder scan result:
    Folders processed:3151
    Suspicious folders found:1


    Started file scan
    ==================
    CometCursor file:C:\WINDOWS\SYSTEM\comet.dll

    File scan result:
    Suspicious files found:1



    Scan complete
    ==============
    Suspicious modules found:0
    Suspicious keys found :3
    Suspicious folders found:1
    Suspicious files found:1
    =========================
    Spyware components ignored:2
    Spyware components found total:3


    Removing selected components:
    ==============================
    Deleting:CometCursor,3,file,2,,C:\WINDOWS\SYSTEM\comet.dll,
    Deleting:CometCursor,1,HKEY_LOCAL_MACHINE,2,Software\microsoft\windows\currentversion\moduleusage\C:/WINDOWS/SYSTEM/comet.dll,,
    Initializing:CometCursor,2,HKEY_LOCAL_MACHINE,2,Software\Microsoft\Windows\CurrentVersion\SharedDLLs,C:\WINDOWS\SYSTEM\comet.dll,

    Task completed on10:56:27 AM
    Done.

    snif snif the program you made looks so cool i love it and it even found stuff that i never heard of and offerd to fix it but why comet curseor and what is comet curseor and what does it do ?

    spy search in destroy infecteted with coet curseor pleas fix this software to kick ase to be infected=( i want to keep it so bad cause the new program you made looks so good but i dont want the spyware snif snif=(
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    a paul if you reading this i think i deserve a extra star to my title for finding it wink eye lol
     
  12. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Hmm. Eat my words time, I guess! :)

    Got back over here on the W98SE computer (the only one that has the 'Preview' on it still), d/l'ed the latest version of AA (my bad) and this is what I got:

    Gator file:C:\WINDOWS\Downloaded Program Files\IEGator.inf
       FileSize : 0 kb
       FileCreation time : 01/09/2002 4:47:52 PM
       Last accessed : 03/12/2002
       Build :
       OS : No executable

    Gator file:C:\Program Files\spybotsd.preview\Spybot - Search & Destroy 0.93 preview\Recovery\Gator1\IEGator.dll
       FileSize : 220 kb
       FileCreation time : 03/11/2002 2:03:29 PM
       Last accessed : 03/12/2002
       Build : 3.0.6.1
       OS : No executable
       Description:Gator installer plugin for Internet Explorer
       Version: 3.0.6.1
       ProductName:GAIN

    Gator file:C:\Program Files\spybotsd.preview\Spybot - Search & Destroy 0.93 preview\Recovery\Gator2\GatorPlugin.log

    So the question now is: what to do about it? False positive by AA? Applies only to the 'Preview' version? Let AA remove it? Un-install the 'Preview' version and forget it? I cna let AA try to remove it and see if it cripples the 'Preview' version, if you like. Pete
       FileSize : 2 kb
       FileCreation time : 03/11/2002 2:03:29 PM
       Last accessed : 03/12/2002
       Build :
       OS : No executable
     
  13. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay, I let AA remove all the keys it found on the old computer, shut it down and re-started it, ran the 'Preview' version again (which still worked,BTW), then ran AA again and this time it came out clean.

    Way over my head here with this. Pete

    mrblaze - Are you saying you don't know what Comet Cursor is? If you have it and don't want it, it can be found in Add/Remove Programs (unless it's something new).

    You DO have 'Enable Install on Demand' UN-checked in your browser settings, correct? It will be constantly re-installed by various websites automatically if you don't have your settings correctly set. Pete
     
  14. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    i have no form of commet curseor i have adalware and adwatch v2.3 fully updated

    i belive gator is  or might be unrelated you might have had that from a prviouse share ware application  or program that uses it.

    what you need is adware fully updarted refrences  and youll see it lol.

    also if you have adwatch v2.3 you can see the whole thing happend it funny when you first see it lol.

    first uninstall spy bot search and destroy then clean out your system make sure its all good.

    then get adalware and update its refrences run it and make sure your system clean .

    no spy ware good.

    now reinstall spy bot search and destroy  now run adalware algain walah comet curseor lol.

    if you have adwatch fully updated v2.3  have it on  and  go get a bag of popcorn and soda  sit dowen have adwatch display on your desk top now install spy bot search and destroy (''LETS GET READY TO RUMMMMMMMMMBBBBBBLLLLEEE")you can watch  an infinit number of comet curseors  picking a fight with adwatch going back and forth adwatch delets it and it reapers lol back and forth  back and forth dukeing it out  ITS PERTY COOL LOL.

    Hey i cant help it im a security junky ask paul and fan j im always here trying to get all the new toys first lol.

    blaze makes a wl with finghere wilders for life baby.

    lol oh ps this form of comet curseor does not show up in add and remove nor reg cleaner its trying to be sneaky lol.

    also it does it after you run spy bot search and destroy after the program is closed lol.

    perty nifty i might say makesits source inposiable to find except if you have adwatch on you know then as you close it where it came from.
     
  15. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    now its time for blazes conspiracy theory lol.

    i belive  there are people makeing share ware applications that if you use to make something like a utlity it has spy ware in it.

    for example i use a share ware aplication to make a trojan detector  the share ware program is a unpacker to install soft ware now the aplication i made with it has spyware in it.

    companys are secretly puting spyware in  [rograms that make utlitys so when you distupet it every one gets spy ware.

    those dirty mofos lol.

    thats it for another parnoyed blaze theory lol.
     
  16. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I have run further AA (latest program version and reflist) scans on both the old (W98SE) and this (WinMe) computer, both with SBS&D not running and running - and I'm not getting any further hits from AA on anything, either the 'Preview' or the latest version of SBS&D (v0.93).

    I don't have or use AdWatch, so my first thought would be a malfunction in that rather than SBS&D.

    It could very well be false-alarming on what SBS&D uses to detect Comet Cursor. Pete
     
  17. PepiMK

    PepiMK Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    43
    First the easy part, spy1:
    Gator file:C:\Program Files\spybotsd.preview\Spybot - Search & Destroy 0.93 preview\Recovery\Gator1\IEGator.dll
    See the part 'Recovery' in the path? When Spybot-S&D removes Gator, it makes a backup of the files it deletes. So AA was correct, this is a Gator file, but it's no longer of any harm. Anyway, once you see that your system runs safely without Gator, you can simple go the the 'Recovery' page inside Spybot-S&D and purge those recoveries. I'm thinking of making those backups optional, or at least a checkbox in the settings to choose wether to create backups or not.

    @MrBlaze: thanks for all that details! My theory would be: there has been a minor change to CC since Lavasoft wrote their detection, so AA detects this CLSID key, but not the dll that creates it. Without removing the dll, the key will be recreated each time the dll tries to access it.
    Spybot-S&D's detection of CC is still in revision, take a look at the beta forum to see when I've finished it.

    Gotta go, will be bacl later, hopefully with some bugfixes ;)
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    why it only show up when i install spy bot search and destroy.

    ok ill go look you know name of .dll so i can locate it and delet it but it only shows up when i install or use spy bot.
     
  19. PepiMK

    PepiMK Registered Member

    Joined:
    Mar 6, 2002
    Posts:
    43
  20. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    lol im sorry i didnt mean to sound like i was complaining i  do love your program just was wondering why comet curseor shows up on install.

    sorry dont take it personal i have a great deal of respect for you could never put together a program as yours.

    but thx for listining it shows you care.
     
  21. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    I love the new spy bot search and destroy the newest one you made and i love its simplicity.

    but even your latest verstion seems to be makeing a false key of comet curseor that dosent exsist a false alarm for those with adalware.

    i would put a small warning with spybot search and destroy that those with adalware will recive a false warning of comet curseor and to just ighnore it and go ahead and remove it with adalware.

    other then that this software is comeing out real good heres what it done for me so far.


    Alexa: Interface (Registry Key)
     HKEY_CLASSES_ROOT\Interface\{E6E17E8C-DF38-11CF-8E74-00A0C90F26F8}

    Alexa: Interface (Registry Key)
     HKEY_CLASSES_ROOT\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}

    Radiate: Global settings (Registry Key)
     HKEY_LOCAL_MACHINE\Software\Radiate

    Common Dialogs: history (374 files) (Registry Key)
     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

    Internet Explorer: browser cache (1 files) (Directory)
     C:\WINDOWS\Temporary Internet Files\Content.IE5

    Internet Explorer: cookies (4 cookies) (Directory)
     C:\WINDOWS\Cookies

    Internet Explorer: Last used directory (C:\WINDOWS\Desktop\) (Registry Value)
     HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Save Directory

    Log: Activity (OEWABLog.txt) (Backup file)
     C:\WINDOWS\OEWABLog.txt

    Log: Install (wmsetup.log) (Backup file)
     C:\WINDOWS\wmsetup.log

    Log: Install (setupapi.log) (Backup file)
     C:\WINDOWS\setupapi.log

    Log: Install (Directx.log) (Backup file)
     C:\WINDOWS\Directx.log

    Log: Install (Active Setup Log.txt) (Backup file)
     C:\WINDOWS\Active Setup Log.txt

    MS Media Player: Recent file list (9 files) (Registry Key)
     HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\RecentFileList

    MS Media Player: Recent open directory (C:\WINDOWS\Desktop\Go!Zilla Downloads) (Registry Value)
     HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir

    MS Office 9.0: Recently used files (45 files) (Directory)
     C:\WINDOWS\Application Data\Microsoft\Office\Recent

    MS Paint: Recent file list (4 files) (Registry Key)
     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

    MS Wordpad: Recent file list (4 files) (Registry Key)
     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List

    Windows Explorer: program run history (1 entries) (Registry Key)
     HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

    Windows Explorer: recently opened files (644 links) (Directory)
     C:\WINDOWS\Recent
     
  22. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    it finds alot of cool stuff and kills it
     
  23. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hello to the forum!

    My name is Tracy and I am John Little's wife.  All of this fascinates me very much. In fact, it was computer security that initially brought us together; that's a long story. In "real life" I am an English teacher.

    I wanted to write today because I have read posts from Mr. Blaze and have seen a couple of responses that mention his spelling and other problems with the written word. Well, I just wanted to write and tell Mr. Blaze to KEEP ON WRITING! I happen to admire very much someone who has difficulty writing for one reason or the other (disability, poor education, etc.) and doesn't let their weakness stop them from writing. It takes a very strong and courageous person to not shrink away when the spelling and grammatical errors are pointed out. John and I have both noticed that Mr. Blaze just keeps on keepin' on!

    That's all. I only wanted to thank Mr. Blaze for posting and tell him of my admiration for continuing to post - despite the notes that seem to make fun of his writing skills. Not knowing your situation, nobody should ever make fun of such a thing. Here, the content is what counts and you seem to have a good grasp on many of these topics.

    best wishes,
    Tracy Little
     
  24. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Welcome Tracy, that was a nice ray of sunshine in an otherwise cloudy time. I am one of MRBLAZE's biggest fans also. Read his post about the virus maker,  it will explain everything.

    http://www.security-pro.co.uk/yabb/YaBB.pl?board=tenforward;action=display;num=1015638087

    my favorite thread.
     
Loading...
Thread Status:
Not open for further replies.