Sent Items Logging

*Of Special Note*


Nothing new has been logged in the newly created files over the past seven hours.

this I find very strange.....if a snake was in my os it would log constantly.........

 

NOTE

Blocked all the urls formerly logged....then update every program on the computer...all updates worked fine....therefore, the urls ARE NOT TO UPDATERS..

 

JACK

just a quick THANK YOU for hanging in there with me today.......would have been kinda lonesome here all by myself LOL
Now will leave this to "others".......since I wont be on the net much longer its no real issue in my case.....but did find it rather "odd" that this exploit does exist.
Hope you had a very merry Christmas......


best regards

snowman

 

I was a bit short of time last days to keep up with this thread fully, sorry!.
But somehow I keep on thinking that IEClean can do a good job here.

 

just found this info......I have not tryed any of this as yet

http://www.mdcc.edu/ctd/train/sentfolder.htm

 

I don't have the IEClean Helpfile here (where I am now at the moment), so some link and quote:

http://www.nsclean.com/iedetail.html

IEClean allows you to remove all traces of your newsgroup activities when using either "Internet Mail and News" or "Outlook Express" news reader. By default it only wipes out recordings of the actual messages in the newsgroups you've visited and read messages in (yes, the complete text is stored by MSIE - imagine the wasted disk space). You can also configure IEClean to wipe out several ancillary pieces of newsgroup records if you wish to clean out the subscriptions.

IEClean allows you to clean Internet Mail and News or Outlook Express' trash folder of mail you've trashed. You can also have IEClean remove other email folders if you wish by using the "PRIVACY tab" settings to identify other folders you want cleaned up in addition to the default emptying of just the trash folder. You may also clean up to 10 additional folders anywhere in your system. This can be helpful if you use an external mail/news program, and wish to clean it along with your browser files.

 

Hi Snowman,

The link is related to Outlook and not OE, isn't it ?

Best regards,

 

JACK

oops...had not noticed that......going through the registry for two days has my eyes seeing triple LOL


ok my friend...I think we may be getting somewhere.....please see if you can follow me on this...
I opened outlook express.....went to VIEW TAB.....then CLICKED ON FOLDERS........there upon a window opened showing all the folders......clicked on each folder etc......each SHOWING EMPTY.........ahah!!!
went back to the other aforemention PATH.......an behold..THE FOLDERS WERE NOT EMPTY!!!!!

so..outlook express says the folders are empty but in fact they are NOT ACTUALLY EMPTY..........thanks M$

Furhermore...the information in the folders regarding my os may be......repreat MAY BE....scans I had done on the computer..FE: defrag....virus scan etc........possible you think??

I have no "guess" about the websites an why they are showing in the folders......perhaps they scanned the computer...?? all guesses welcome LOL

I have no guess on why the urls were in the folders...all guesses welcome......

still can not understand why this is happening just certain people and not everyone...my version of outlook express is the newest...fully patched...thanks M$

Yes Jack IECLEAN may be the tool for this job.....I've never used it though........but heard its really good.......
So...this is NOT AN EXPLOIT in the true sense of the word........but yet privacy wise it does reveal much to much...so in that sense...its a security hole...imo
whew...its been a very long day......haven't ate yet..its on the stove now............but at least some light showing on this subject............an now.....is IECLEAN the Only solution or is there other.............

Jack I truely appreciated your help..time and interest......I needed to know what was happening before doing business tomorrow........an now it seem that the information does not leave the computer.......friend I'll sleep tonight without nightmares lol...........

warm regards

snowman

 

Luv2BSecure,

I think I may have done it to you again. Let me clear the air here before we go any further.

The comment about me being annoyed was in no way, shape, or form aimed at you(or anyone else for that matter). I was talking about this issue. I have nothing but the utmost respect for you. I do not post much, so most people probably do not have a feel for who I am, but I have seen your posts many times and I know you know what you are talking about. I am very glad that you have taken an interest in this topic and have tried to help. I take nothing you say lightly, believe me. So if it sounded even slightly that way, please accept my sincere apologies. It was not meant that way.

"I think we may be expecting too much though if we expect to have answers to this mystery here and now from anyone on this board. After all, snow just opened this thread on the 22nd and today is the 25th (Christmas Day )."

Agreed 100%, with apologies to the snowman for leaving him here stranded by himself today. I was enjoying Christmas with the family and have not had a chance to drop by all day.

"But knowing the people on this board, and my own curiosity, there are more than a few people trying to figure this out. One thing is clear, if you have cleaned tracks - it has left some things and they are showing up in strange places. You didn't go to Mike's Spyware site that day but obviously you did at some point and some tracks are (oddly) in OE .dbx files. The "yaBB" references are all to the forum software used here and at Mike's spywareinfoforum.com site as well."

This has me extremely confused. A lot of the info that shows up in these files is not "new". It appears that something keeps track of just about everything that happens on this computer and wierd bits and pieces are showing up in these particular files. At one point, I even found the host file list used by Spyblocker in one of those files. My gut feeling is that this is not a malicious thing at all, but instead, some kind of screwy windows thing. The problem is I do not KNOW that.

"BTW.... In your first post you said the system-made .dbx folders (inbox, sent, draft,delete) were recreated on boot. In your last post, did I understand you to say it did not recreate "delete" when you rebooted? I agree it's all more than interesting - it's very disturbing in fact."

I went back and reread my posts and I cannot find where I said that. I did say that they were recreated after restarting OE in one post. In fact, they do not exist even as I type this, having made a point of not opening OE. System has been rebooted multiple times, since destoying the files.

"Again, I'm sorry if I was confused by you asking about the shredding, etc and thinking you were asking if the method would work. Sometimes when a thread takes off like this one, it's hard to keep track, but I honestly thought I answered your questions except for having the answer to the big question which we may not have for awhile."

Absolutely no reason to apologise, as I hope I made clear at the beginning of this reply. Somewhere on one of the forums that I frequent, I read something about the common use of the English language keeping the U.S., Great Britian, and Australia forever apart. An appropriate comment, perhaps.

Enjoy what is left of the holiday season, everyone, and be safe.

 

Snowman, wanted to extend my apologies to you for leaving you out in the snow by yourself today, and to also say that I appreciate all the research and testing you have been doing trying to get to the bottom of this issue.

Enjoy the holiday season, it is far more important to remember what this time of the year is really about and take the time to reflect on that. Best Wishes and Good Luck.

 

VET

no apology needed my friend.....on Christmas Day people should be with their families......it just happen I was snowbound.....otherwise I would have been long gone too. LOL

Vet...the research continues......its said elsewhere NOT TO DELETE THE FOLDERS forever.......not sure on that......comments welcome.

what I finanally did...was re-create the folders....opened each folder and either did a delete or cut of the contents..........that was several hours ago an as yet there has not been any new information asdded to any of the folders although I expect there will eventually be something in there. UN_CHECK KEEP A COPY IN SENT FOLDER in outlook express........
there appears to be a couple of possible work-arounds that may be easier...........but as JACK suggest IECLEAN may be something to seriously look at.
yes definitely this is a privacy thing in that a clear record is kept..........an it does appear to be a windows issue.
it can be keep within control manually......an yes Lov2B gave good advice on doing a secure wipe.....otherwise all the delted information could be recovered fairly easy
man my eyes burn...lol.......overslept.....sour attitude LOL
need a long hot shower.........

snowman

 

QUESTION:

there appears to be the option to have outlook express save the contents of these folders in another folder of the users choice.........

just as a matter of enlightenment........is it possible to create one folder say on the desktop or elsewhere that could quickly be encrypted or deleted an have that stored information sent to that folder...............it would be nice to be awear of every possible option in this matter. by doing it this way a person could secure delete the contents.......without going through the other steps previously mention in this thread......it would also be quicker to securely delete.....instead of wiping the entire un-used c drive..........

 

* so far....running puter extensively no new info logged**



A couple of thoughts:


a couple or so years ago a young lady came up with a way to clean the index.dat files on a winME each time it booted without the user having to do anything....once the file was created in my computer...........would it be possible to do this in this case.......but for all os's ?


my concern here is that its natural for me to forget.....heck I did not even know those files existed......an if someone came up with something devoted strickly to this issue that worked auto.........problem resolved!

consider for a moment...if IECLEAN can clean these folders........I don't know that it can....but if it can......then M$ could have plugged this during production.....as to why that was not done.......your guess is as good as mine.

when stored records are kept in a manner such as this thats bad news..........anyone can just open those folders an gain access to very private information...perhaps not in the case of everyone but if just one person loses such information it could be awful.......imo this is worse than any keylogger out there......any joe/jane can gain access.....can this be done over the internet.......by scanning those folders...........anyone care to guess how many people don't use a firewall.........

this truely bothers me.....cleaning these files AFTER THE FACT wont help if those folders are full during a scan.........

I keep checking the folders an mine are empty.....so maybe this will work for me..........others wont be so fortunate.............

 

Was discussing this topic with a group earlier......an may just let this thing do its thing..........computer hard drives can be used in court as evidence.......might be interesting to see what these folders log.

turning the table around a little here.......track the trackers

 

Hi snowman,

Tried creating a folder in a different location and that was not a problem. Outlook Express creates it's little bundle of .dbx files there without a complaint and also happily continues to put all the extra info in them,as well. Trashed them once more, then dumped folder I created. Open OE and it recreates my folder for me(helpful little S.O.B.), and continues to keep track of my life(very helpful little S.O.B.).

From my experience, the info in these .dbx's is randomly scattered through each of them without being in a precise cronological order of events. These files seem to pull this info out of some kind of log on my computer at random. If I destroy them, and then recreate them immediately, the info generated in them may be something totally different. For example, I could read my post to L2BS from early this morning in one file and when it had been recreated seconds later, the info had parts of the Spyblocker host file in it. Maybe this is logical if there is a malicious reason for this, as I guess someone could easily put this stuff together once they had received it. Would just quit using OE altogether but I don't know that it has been established that OE is even at fault here. The info gets in the files, irregardless of whether OE is granted permission to access the internet. For now, those .dbx files will not be allowed to exist on this computer pending further testing as I am really not worried about email capabilities on a regular basis.

Will keep checking as different ideas pop into my head or suggestions are posted. Thanks everyone.

 

LWM

John...yes. its very possible that it goes just as you stated......personally I think you are right on point here.
(oh by the way, thanks for jumping in on this)

Still some things I don't quite understand......first, I agree with you in that alot of the bits appear to be "left-overs".....but I can't reproduce that...tryed to all day....but this may be due to the way I now have outlook ex set.....
in my case it was not "bits" but "complete" .....an for the life of me can't see where those url's came from..........that one e mail was harmless in context.....yet privacy wise I see this as a major issue....
my serious question is could these folders be scanned over the internet....an the contents revealed to the scanner...........this is not likely to happen to someone like you or I.........an yet all those people out there who don't use firewalls.....ouch! could those same folders be used to hide a BOT if a scanner was able to download one.....
when the holidays are over most likely I will box-up the ye ole computer again....but it really bothers me leaving this matter "open"..........an I most sincerely hope that persons like yourself will find a solution
in closing...after you cleared those folders did you go back to outlook ex an do a "compact" then re-check the folders again.....if so were they still empty

 

All I can say is - wow, wow and wow.

I cannot believe the time and effort that has gone into this! That is GREAT!! And to think it's been done over the Christmas holiday. I've hardly had a chance to turn around for several days, and it's like Sherlock Holmes has made a visit to the board!

First, to VET, thank you for your post. I wasn't personally offended in any way - so it wasn't really necessary, but it was appreciated nevertheless. I know this must be terribly frustrating.

Second, to snowy, somehow again it was appropriate for snowman to be doing all of this research over Christmas. Just by your name alone! I was stunned to return to the board and see what all you have done in the way of trying to figure this out. Have you slept? Have you stopped to eat? Talk about getting down to business! Good job!! I don't like this talk about you boxing up the puter though. Not at all -- you have too much to offer here. This thread is the perfect example!

The only thing I was thinking about the problem with the .dbx files as far as moving them to an encrypted portion of the disk - or something similar - is that if there is still some anxiety that the information found within these files (unwanted info) is being sent out via smtp when the program is being used legitimately - that wouldn't help much. However, reading all the info I have to agree that this is more than likely a Windows quirk and nothing malicious involved.

LowWaterMark, as usual, had some interesting thoughts and maybe worth doing some experimenting with. However, the thing that really baffles me is that I securely wipe the Deleted Items .dbx file (when I use OE), it is recreated, and I have no problems at all. So, I wonder about that as far as LWM's possible theory. However, different OS could come into play here possibly. One thing is for sure: it's a mystery. And a second thing is a given: SNOWY NEEDS SOME SLEEP.

John
Luv2BSecure&Snowy'sPostsToo&Don'tWantToSeeHimPackThePuter

 

Lov2B

John..my dear friend I warmly thank you for all.......actually I enjoyed myself...slept well but maybe not enough.....ate alittle of this and that....lol an was doing research into business matters at the same time....had a ball.....

as for boxing the puter..its for the best....truely I enjoy helping others in however small way I can.....an yet my lack of computer knowledge leaves me dangling like a kite in a storm...........there is so very little I can offer that it may be harmful when ment to be good.......
now is a time when the security community needs to pull together.......many depend on people like yourself and LowWaterMark....they lurk..they read..they learn..from folks like you guys....this world belongs to those like yourself who really have something to offer.......my compliments....an from those you have not yet met...thank you.....you were there for them...

warm regards

snowman

 

Snowman,
I strongly disagree !
You sniff out issues better than an Ant Eater on an Ant hill !

Keep that' Puter out for a while yet, so you don't have to shovel any snow !!

As for those "sent items" files....I have Incredimail on my PC and those 'Sent items" files are found under the heading..."sent items.imm" and "sent items.imh" in the Incredimail directory !!

Regards,
bill

 

EyeSpy....LOL...very nice of you....appreciated...much!

at the risk of the mods delting this link...please read....


http://eyeonsecurity.org/advisories/Incredimail

 

big OOPS.....guess I do need sleep..I didn't see this:

*Vendor Status: Informed on 08 May 2001, issues a fix on 17th May 2001*

 

Hello,

"I looked through these dbx files and in addition to the text of the 1KB email messages, there was some random text in them. The nature of the text made me think that what was happening here was that OE was using a file access routine that forced the creation of a minimum sized dbx file (139KB on my XP system) for any new OE folder generated. And, that the "extra" data contained within these files was nothing more than whatever was on the disk drive at the location where the data blocks were pieced together to build the new file."

Based on my experience with this, I would have no trouble at all in accepting this as the explanation for this rather strange(on the surface) behaviour. On my 98SE machine, I believe the file size was 137kb if memory serves.

"However, reading all the info I have to agree that this is more than likely a Windows quirk and nothing malicious involved."

This is my gut feeling for this issue, but I do not possess the knowledge or experience of people such as you or LowWaterMark and must by necessity ask for your help in figuring out what is going on.

"as for boxing the puter..its for the best....truely I enjoy helping others in however small way I can.....an yet my lack of computer knowledge leaves me dangling like a kite in a storm...........there is so very little I can offer that it may be harmful when ment to be good......."

I am going to agree with eyespy here. I think you underestimate your ability to help people. And it is obvious from posts all over this forum, how well you are liked. If for health reasons or simply peace of mind, you feel the need to get away every now and then, then by all means do so. But do not forget that you are missed by many.

And the following is from Spybot's helpfile concerning the shredder:

The first 5 shreds are using pre-defined bit pattern that should make even hardware recovery impossible. Any further pass will use a random bit pattern that is changing every few Bytes.
Please notice: one pass is not enough to shred a file, as the heads of your hard disk won‚t hit the same track 100,00% of the time. There are small differences of a few µm that will allow pros to reconstruct even overwritten data. That is why multiple shreds are necessary, and why different patterns should be used.

Warning: This tool is designed to remove files so they can not be recovered again! If you use it, be aware of that!

Disclaimer: I tried my best to finally shred every given to this tool. But I can't guarantee that files will be unrecoverably extinguished.

Just a FYI only.

 

Well here is a twister.......folders were empty all yesterday........went to outlook express....did a "compack"...delete etc........AN A SECOND SET OF FOLDERS APPEARED NEXT TO THE OTHER FOLDERS!! an the second set of folders....which were named the same as the other foldrrs except for this (1) below each folder...WERE FULL OF INFORMATION.......mostly code...os related....again instruction on outlook express........
Prior to doing the "compack" I had clean the index dat..MRU's Cache.....Defra'ed....an wiped all un-used space
on c drive 7 times with DOD

I am convinced just about that this issue is with Windows an not outlook express....that info is being stored somewhere in the os.........eyespy does not use outlook express.......don't know if he has outlook ex on his os...but he says the same folders appear on this machine.....

yes this is indeed interesting.....an seemingly no known way of preventing the storeage of the collected info. I did elimate a couple of this....downloaded a program but nothing was logged either from the website or the program..........also, I do not use cookies so thats not a part of this picture.......never use activeX......java only for applets an in a sandbox
the implications of what could possibly result because of this exploit...innocent as it may be..is enormous. This throws computer privacy back to the dark ages. Its already been shown that private accounts can be logged.....what about credit cards...other accounts..etc....good golly MS Molly.......