Prevx secret Persistent Cookie !

Discussion in 'Prevx Releases' started by CloneRanger, Oct 17, 2010.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Well it might not be a secret to some people, but i wonder how many know about it, and it is Persistent. On every boot it's always there !

    As this PPC is placed in, Documents and Settings/LocalService/Cookies it might be missed by some cleaners, but not mine ;)

    pc.gif

    I'm NOT saying anything dodgy is happening, just wondered what it's for, and why it Always gets created on boot ?

    TIA
     
    Last edited: Oct 17, 2010
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    How odd. I just did a search for *prevx*.txt and nothing came up. Secondly, no LocalService folder either. I am on XP.
     
  3. PatG

    PatG Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    579
    Location:
    South Alabama
    Didn't come up on mine either, win7 x64.
     
  4. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hmmm, I don't have this either and am not sure why it would have been saved there. I'd certainly be interested in any feedback from other users or if it comes back after deleting it!
     
  5. Fad

    Fad Registered Member

    Joined:
    Feb 25, 2009
    Posts:
    377
    Location:
    England
    I have one here:
    Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@prevx[1].txt

    will try to remember to check if it reappears on next reboot.

    Edit: It did not reappear on the last reboot.
     
    Last edited: Oct 18, 2010
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ PrevxHelp

    What's it for anyway ?
     
  7. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    Perhaps to identify client (both free and paid) and facilitate communication with servers
     
  8. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I don't have that either. There is no 'Roaming' within AppData.
     
  9. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    I have it right there in exact that path.

    Inside cookie there are 9 lines, first line is : PXRouteCookie , other lines are some numbers.

    Interesting o_O
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I don't even have a Cookies Folder in my path? Win 7 32bit and also not on Win 7 64bit.

    TH

    Capture18-10-2010-9.28.46 AM.jpg
     
  11. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    In folder options ->view tab-> uncheck 'Hide protected operating system files.'

    I have no Prevx cookie in there though.
     
  12. rolarocka

    rolarocka Guest

    i have two cookies there (win7-32bit):

    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies

    system at prevx[1].txt
    username-pc$ at prevx[1].txt

    and prevx is not installed now.
     
    Last edited by a moderator: Oct 18, 2010
  13. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Our web guys think this is created automatically by the network connection althouggh frankly we don't know why. We're looking into preventing this from happening - thank you for the information!
     
  14. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Thanks I thought I had that Unchecked! But I have many and the last is from July!

    TH

    Capture18-10-2010-10.22.08 AM.jpg

    Info from the last Cookie!

    Capture18-10-2010-10.28.41 AM.jpg
     
    Last edited: Oct 18, 2010
  15. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    :argh: :D :D

    __________________
     
  16. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Could anyone let me know if they see a cookie in there recently? I've checked and don't have any cookies here at all but it apparently came from database communication for SafeOnline taking place outside of the normal user process so the underlying OS attached it to the system profile.

    I don't claim to be omniscient or have any control over what the OS does behind the scenes ;) This cookie is not being explicitly written by Prevx, rather, by an underlying process within the OS that is saving cookies when they're sent in-stream.
     
  17. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    :cool: :D :D

    ______________
     
  18. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    Here's mine-
    I have Prevx paid w/ safe online
     

    Attached Files:

  19. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    Your last one is in July like mine!

    TH
     
  20. sparviero

    sparviero Registered Member

    Joined:
    Apr 23, 2009
    Posts:
    88
    No matter the date of creation, if you edit Prevx Cookies you can see:

    1. Cookie is Available to: prevx.com/
    2. Created: 10/18/2010 10:23:08 AM
    3. Expires: 10/17/2011 09:23:00 PM
    4. Lifetime 363 days 2 hours 23 minutes 10 seconds

    If value is hashed using a private key it is part of the cookie standard that
    cookies only be readable by creator, in this case Previx.

    Otherwise any site could look at all of your cookies and use them to track you.
    That can be read by any affiliate of a website advertiser. Doubleclick for example.

    Bad enough that there are cookies from security comp. Security through obscurity.

    Vote for the declaration of the day:

    :cool: :D :D

    ______________
     
  21. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    From Win 7 64bit!

    TH

    Capture18-10-2010-3.33.35 PM.jpg
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    The reason why I said it isn't being explicitly written by Prevx is because... it isn't being explicitly written by Prevx :p These cookies are created not under the browser's normal cookie cache but rather under the system account. The underlying communication libraries are writing these cookies - they don't serve any purpose when in the folder that CloneRanger pointed out as a browser can't read it back.

    However, we do indeed have a normal prevx.com cookie which is written by our website and only contains information internal to our website (i.e. customer support conversation information, MyPrevx information, etc).

    Virtually every security company has cookies (I haven't found one that doesn't). You can easily delete these if wanted, and the ones created under the folder in the thread can be removed without a problem and, as I've said, are not actually read by anything.
     
  23. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    They are logging all PCS to stop terrorism, that,s why there is free version of SOL. I know it since long. :D
     
  24. pabrate

    pabrate Registered Member

    Joined:
    Jan 21, 2010
    Posts:
    685
    Yeah, another shell company used by the CIA :D
    And I was wondering why is upload at max when PC is on idle :D

    Darn it, now I must search all hard drives for files containing prevx in filename and after that to search content in every file for string prevx :cool:
     
  25. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    :eek:

    1 - What CL's would be doing that ?

    2 - How exactly ?

    3 - Why ?

    So what's the purpose of them ?

    *

    Re CIA snooping etc, so that's why i get soooooooo many DOD & other Very dodgy FW probes Every day :D
     
Thread Status:
Not open for further replies.