Sent Items Logging

snowman · Jan 1, 2003

INTERESTING READING

http://www.glencoe.com/norton/online/updates/1999/32399-5.html

snowman · Jan 2, 2003

Well....got the ole laptop back up only to totally distroy it.......the phdisk....no more os.....no cdrom on ole lappytop...so garbage can time.......rest ye well ye ole lappytop....never to worry again about someone messing in your ye ole registry......three finger salute'

snowman · Jan 2, 2003

Pieter and John LwM

guys..just thought to advice you that I will take a break from researching this issue......the long hours are getting to me and disrupting my normal routine. An sometimes a break will give a person a new view......

strongly considering a dual boot......not sure if there will be a firewall issue though......
good hunting for a solution....

snowy · Jan 10, 2003

Time to wake-up this thread again

After several days given deliberately to trying TO MAKE THE LOGGING LOG.......the results are:

For the most part 90% of the logging is being PREVENTED!
unlike previously THERE ARE NO URLs logged....NO NEW PROGRAM INSTALLS LOGGED.....there are NO DETAILS of third party software install on the computer.

My os is still being logged though.....simply the index of the system....

Now here is the most odd part.......ONLY ONE WEBSITE was logged. Which will go un-named for security reasons related to the website. Would rather walk on the side of caution on this.

So how is the logging being prevented....heck if I know.....an no I am not trying to be funny....I will need to review the many changes I made to see whice is doing the blocking......that will take much time.
In the mean time I will continue to monitor to see if the blocking is persistent....or just a passing thing.

Douglas · Apr 20, 2003

Well, time to reopen this thread. I tried to read through it again to see if there's been an answer (I was w/out a computer for awhile). I don't think there's been a solution.

I was cleaning out my friend's computer a couple days ago. I used Spybot, jv16, regseeker, adaware, and mrublaster.
I used SureDelete to delete his .dbx files. Then I used dos to delete his index.dat on reboot, but the recreated file came with with many listings- all porn sites. I created a batch file to run at startup, but index.dat was recreated with even more listings of porn sites.
He does not run an av or at. He does run- at my insistence- a firewall. I did a scan at computer cops and pc flank and he came up clean for those tests.
Now, has anyone discovered where these listings are hiding?
If I missed the answer in this thread, I'm sorry.
Thanks,
Douglas

Pieter_Arntz · Apr 20, 2003

Hi Douglas,

Did you check his hosts file and the Downloaded Program Files folder to see if there were any traces of browser hijacks?
HijackThis is a useful tool to investigate those.

Regards,

Pieter

Douglas · Apr 20, 2003

Hi Pieter,
No, I didn't do either. Spybot showed a browser hijack, though (I can't remember which one or ones).
But I'll do what you suggest.
Thanks very much.
I'll let you know what happens!
(BTW, For a year now he has thought I was crazy because of my security concerns. After seeing the results of my cleaning,and the index.dat log, he has totally changed his tune!)

Regards
Douglas

The Snowman · Apr 20, 2003

Doug

on my way out the BB so this will be very brief.....illness has kept me off the computer......the issue mentioned in this thread is not however forgotten.....still believe it to be of major concern.......very time consuming to research

however, reason for this post....since you did the cleaning for your friend..after following Pieter's advice....would suggest that you consider doing a complete "cleaning wipe" of C drive just for privacy sake..even if just one pass.....would suggest several passes.....

The Snowman

The Snowman · Apr 20, 2003

Doug

By "cleaning wipe" I am referring to the un-used space on C drive.....wanted to make that clear.....

Douglas · Apr 20, 2003

Hi Snowman,
Thanks for taking the time on your way out to post your suggestion. (I've been out all day since posting. Dinner with the mother-in-law and all that ).

I'll probably do this next saturday, and will certainly let you know the results.
Thanks again, Snowy, and I've been real sorry to read about your illness. Hope you take care of yourself.

Douglas

LowWaterMark · Apr 20, 2003

quoting: The Snowman link=board=21;threadid=5669;start=120#55880 date=1050867055]By "cleaning wipe" I am referring to the un-used space on C drive.....wanted to make that clear.....
Click to expand...

Ah, this is very key here, I think! You see, in all of the above (thread), I was never certain where exactly this "historical data" (for lack of a better description of what people have found in those .DBX files) is coming from. In some cases, people found that a whole lot of data comes quickly into these files. So, is this really new usage data, or old information taken off the unused sections of the disk drives?

From my testing, when you delete a DBX file and OE creates a new one, it "pre-extends" that file up to a certain size. If it is not zeroing out that file space, but rather just opening it and sizing it, then whatever data is on the disk, in the blocks that "become this file", that's the data that you'll see when you open the DBX file in Notepad.

We used to call this "disk scavenging" and to prevent this we'd employed techniques like "highwater marking" ( hmm, that sounds slightly familar - LWM ) to force the system to erase any slack space in files as the data blocks were initially allocated to the file.

So, erasing the unused space on a drive ought to eliminate this possibility as the source of the data that appears in these new DBX files.

Note: I never found any of this historical data in any DBX file created by OE, and I still periodically do delete these as they become overly large from a lot of usage.

The Snowman · Apr 21, 2003

LowWaterMark

oh but your experience is a thing of beauty.....one of my previous..nearly last post stated that only my os was now showing....the historical<< data was no longer doing so.....with that in mind.....as you stated..is this the key?
Can't but love the way the old and the new comes together on this one.....chances of anyone experienced enough to put it all together as you just did are slim to none..........for certain I was at a lost on how to explain the whys and what fors of the results of my final tests......if in fact its as you explained others should be able to duplicate the results......whatcha think??
At the risk of foolishly jumping much to far ahead.......suffice it to say that the average user either would not be able to.....find it to time consuming to...or simply not want to bother to.....do the cleaning.......an, because of the multi steps involded..could any software be made to properly do the job
another question: System Restore.....if enabled constantly.. would it not restore that historical data ? This come easily be overcome for experience users....not so perhaps for users of less experience
Where to now with this LowWaterMark?? Suggestions any??
snowman

LowWaterMark · Apr 21, 2003

Hi Snowy!

Well, as I mentioned, I was never able to recreate this effect on my system and I tried a lot of different things back when we were all first discussing this, and testing it for ourselves...

But, I'm on XP with NTFS and OE 6. Perhaps differences in our PC setups is the cause for the different results.

Now, I still think the most likely cause for this effect is "old data" from previously deleted files, but since I couldn't make it happen on my system, I couldn't carry it any further.

If someone wanted to test this though, I suppose they could try filling up the free space on their disk with a known text pattern and then letting OE create a new DBX file and see if it picks up the known text. Of course, caution is advised trying this.

>> System Restore.....if enabled constantly.. would it not restore that historical data ?

Only if that historical data is of the type of file that System Restore handles. System Restore doesn't restore everything on a system, only specific Windows related data (like the registry) and system files. Whether or not this data is covered by what System Restore handles, I don't know because I don't know what this data is. (Catch-22 there, I think )

But in all honesty, I don't know where we go from here. If I had been able to recreate it, I'd have continued forward to find the cause. As you know, problem resolution and finding answers often depends upon being able to recreate occurences.

If someone is still having this occur in a predictable pattern on their system, they could test this further. Otherwise, maybe we can't find the answer and it remains a Microsoft mystery.

The Snowman · Apr 23, 2003

LowWaterMark

My apology for delay in replieing. An your comments/research have been most appreciated. imo, its old data....previously installed programs FE.....since I don't use e mail can't say if copies are stored there.
in my case the issue is resolved.....was continuing the research in hopes of aiding others...unfortunately my present health wont permit me to continue. Fortunately there are alot of good minds at this forum....perhaps one of them will resolve this mystery.

Best Regards

Snowy

The Snowman · Apr 29, 2003

LowWaterMark

submitted for your opinion.

If outlook express was set to use folders on the imap server for drafts and sent mail instead of duplicating them in local folders.......would this have any possible effects on the issue at hand........to any degree. (I don't believe it would avoid logging of the old data......but any value otherwise....to lower logging)

snowy

LowWaterMark · Apr 29, 2003

Hmm, you know, this is really just beyond my personal experience. For imap environments, I always use Outlook. I've only ever used OE in the more direct POP3 environment, but, if it isn't set up to duplicate (sync) folders locally, then I would would think one of two things are possible.

1. If it isn't duplicating at all, then there shouldn't be any .dbx files locally, (for the folders in question), should there? (This works against the theory.)

2. Or, say it always creates local copies of these key email folders, (in .dbx files), since it has no data to pre-populate these files with, it somehow picks up the system data we are talking about. (Clearly, this supports the theory.)

For me, I'm sorry to say... I just don't know.

The Snowman · Apr 29, 2003

LWM

Thanks for the response....was being hammer so had to pause......please excuse my delay in reply.

as you may be awear I don't use e mail....did so a few years ago...but not of recent....but in the past always only used pop.......
ok...in my case ONLY the os was being copied into those files: your number 2

as to your number one....interesting....got me to wondering if those files actually need to exist (on dialup yes)

about now perhaps whats need is for some others to test. Also, admitted this is beyond my ability to fully understand.....but then everything about computers is beyond my abilty LOL

Log in or Sign up

Sent Items Logging

snowman Guest

snowman Guest

snowman Guest

snowy Guest

Douglas Guest

Pieter_Arntz Spyware Veteran

Douglas Guest

The Snowman Guest

The Snowman Guest

Douglas Guest

LowWaterMark Administrator

The Snowman Guest

LowWaterMark Administrator

The Snowman Guest

The Snowman Guest

LowWaterMark Administrator

The Snowman Guest

Log in or Sign up

Sent Items Logging

snowman Guest

snowman Guest

snowman Guest

snowy Guest

Douglas Guest

Pieter_Arntz Spyware Veteran

Douglas Guest

The Snowman Guest

The Snowman Guest

Douglas Guest

LowWaterMark Administrator

The Snowman Guest

LowWaterMark Administrator

The Snowman Guest

The Snowman Guest

LowWaterMark Administrator

The Snowman Guest

Useful Searches