tech question (2)

[havanagilla]

HOpe this one doesn't solicit conflicts...and that there is an answer somewhere...<br><br>Today, I received an email with the sign of the "clip" (attachment) but it had no attachment. the guy who emailed is not so kosher, I think, but i was not sure (and he kept saying how beautiful I am, which kind of got me off guard). Anyway, I ran my usual adware check late after noon and received a weird message, saying one file, which is infected, CANNOT be removed, and to reboot, run dskcheck. I did all of it, and it didn't appear again. however, I checked the file (it was specificed as "cookies/index" and there was a new file created at the moment I downloaded that email. It read "INDEX" (DAT, 32 kb) and trying to remove it - it said that it cannot be removed because it is being used. I entered safemode, to remove, and then it disappeared but another one appeared in the same file, called NTUSER, 32k, DAT. Will also not be removed. I suspect this is a cancer..sort of. If I am correct and it is that guy, he has BsC in computer science and was 3 years the journalist of "internet and computers" in a midsize local newspaper. (why do these guys approach me all the time ? is it because of that PROMIS post ???). <br>--So, if he has planted something, it would be pretty sticky. since I am not sure my internet will be all safe and happy tomorrow, this might be a moot question. <br>Thanks anyway<br>Life in Israel is a huge challenge to the comcept of tolerance, compassion and love. <p></p><i></i>

[Dreams End]

This is an interesting one. Yet another reason to switch from Microsoft to Linux products. I am no expert but the index.dat files are already on your system. These are hidden files used by windows to track things like what website you visited and evidently are NOT cleared when you clear your browser history. Surprise surprise. I don't quite know how his email was connected to that. Here's an entry I found about index.dat files:<br><br><!--EZCODE QUOTE START--><blockquote><strong><em>Quote:</em></strong><hr><br>        Index.dat file--What is Index.dat file ?<br><br>Index.dat are files hidden on your computer that contain all of the Web sites that you have ever visited. Every URL, and every Web page is listed there. Not only that but all of the email that has been sent or received through Outlook or Outlook Express is also being logged. The file names and locations depend on what version of Internet Explorer you have. If you are running IE version 4.0 or above, the file name is "index.dat". Microsoft has not supplied an adequate explanation as to what these files are for or why they have been hidden so well.<br><br>According to Microsoft, these files are used to cache visited Web sites to help speed up the loading of Web pages in Internet Explorer. Obviously this cannot be the case because when you clear the Temporary Internet Files the "index.dat" files remain behind and continue to grow. If you delete or clear the Temporary Internet Files, there is absolutely no need to index the URL cache because those files no longer exist.<br><br>On a Windows 9x computer these files are located in the following locations:<br>\WINDOWS\Cookies\index.dat<br>\WINDOWS\History\index.dat<br>\WINDOWS\Temporary Internet Files\index.dat<br>\WINDOWS\Cookies\index.dat<br>\WINDOWS\History\index.dat<br>\WINDOWS\Temporary Internet Files\index.dat<br><br> In Windows 2000 and Windows XP there are several "index.dat" files in these locations:<br><br>\Documents and Settings\<Username>\Cookies\index.dat<br><br>\Documents and Settings\<Username>\Local Settings\History\History.IE5\index.dat<br><br>\Documents and Settings\<Username>\Local Settings\History\History.IE5\MSHist012001123120020101\index.dat<br>\Documents and Settings\<Username>\Local<br> Settings\History\History.IE5\MSHist012002010720020114\index.dat<br><br>\Documents and Settings\<Username>\Local<br> Internet Files\Content.IE5\index.dat<br> <br><br><br>Index.dat files can be very hard to find. If you are in Windows, even with "Show hidden files and folders" enabled, index.dat files are not visible and cannot be found if you do a search for index.dat files. The reason that these files are so invisible is that they are not just hidden, they have been designated as "system" files. System files and folders are treated differently in DOS and Windows and are effectively cloaked from casual searches.<br><!--EZCODE AUTOLINK START--><a href="http://www.acesoft.net/delete_index.dat_files.htm">www.acesoft.net/delete_in..._files.htm</a><!--EZCODE AUTOLINK END--><br><hr></blockquote><!--EZCODE QUOTE END--><br><br>Here's a free link for deleting them. when I get some time and if I remember I'll boot up my Windows and try it out. <br><br>ntuser.dat appears to hold info on your user profiles. I can't tell if it holds password info or not. I'm sorry I can't say more about that but looking it up did remind me how insane the Windows registry system is. And all these files which are not readable by the person who owns the machine...what a pain.<br><br>So, to sum up, those files were already on your computer. I'm not sure what the adware program was saying when it pulled them up. I suppose it's possible your "friend" could have put a trojan or virus on your computer using those same names...I'm really not sure.<br><br>But Hava...and I'll write this in caps: DO NOT CLICK ON ATTACHMENTS FROM PEOPLE YOU DON'T KNOW. EVER. NO MATTER HOW BEAUTIFUL THEY MAY SAY YOU ARE. <p></p><i></i>

[thoughtographer]

I'm not touching this one with a 10-bit "byte". <p><!--EZCODE ITALIC START--><em>"A crooked stick will cast a crooked shadow."</em><!--EZCODE ITALIC END--></p><i></i>

[havanagilla]

thanks DE. interesting. So, the software has a "black box" so to speak, and the user cannot access or erase it. <br>--<br>To my defense I can say that the email didn't actually HAVE an attachment, it only had that "clip" sign, as if there's an attachment. this could be a virus, but sometimes it is either-<br>1. the sender's "business card"<br>2. the previous correspondence as in "reply to"<br>--<br>The connection to him is the fact that this "index" file was created at the date and hour of his email reception. (yesterday), and I am quite sure the original index should be older. <br><br>Also, when I signed out last night, my PC wrote me a message<br> "there is another user online, if you logg out, the material will be erased or not saved, would you like to go on ?".<br>First time this everhappened to me. What I think is that he installed a trojan backdoor, and somehow the Index file popped up in adaware scan, to point me to that direction.<br><br>As for being careful - If you've been, like me, in total social isolation for 2 years, anyone saying you are beautiful...would have led you to at least open THEIR EMAILS, if not more..<br> <p></p><i></i>

[Dreams End]

Well, I'm not saying there may not be something odd going on. I imagine it's possible to get an attachment onto an email but have it not be visible. However, since the point would be to get you to click on it, that's a little strange. <br><br><!--EZCODE QUOTE START--><blockquote><strong><em>Quote:</em></strong><hr>So, the software has a "black box" so to speak, and the user cannot access or erase it. <hr></blockquote><!--EZCODE QUOTE END--><br><br>YES!!! That's one of my issues with microsoft. Why hide files that merely contain user data? The user should have complete control over what data is stored. There were rumors of even worse stuff on XP like a back door to NASA (I always wondered if that was really NSA). The good news is, they CAN be erased. I think the links I provided had a program to do it. If not, google. <br><br>Secondly, you mention adware but not anti-virus software? Get some. I know an online site that will scan your computer, but if he has access to your computer then really what you need to do is disconnect entirely from the internet until this is resolved. <br><br><!--EZCODE QUOTE START--><blockquote><strong><em>Quote:</em></strong><hr>"there is another user online, if you logg out, the material will be erased or not saved, would you like to go on ?".<hr></blockquote><!--EZCODE QUOTE END--><br><br>This can happen even if you are the only one on if somehow you've gotten to the logon screen without signing off. I'm sorry I don't know Windows better..maybe thoughtographer will "screw his courage to the sticking place" and weigh in here, but there are ways to see if someone has been on . There are log files for example, and I don't remember how you access the internet but if you have a firewall (which you should) there are ways to examine what is coming and going from your computer.<br><!--EZCODE QUOTE START--><blockquote><strong><em>Quote:</em></strong><hr><br>As for being careful - If you've been, like me, in total social isolation for 2 years, anyone saying you are beautiful...would have led you to at least open THEIR EMAILS, if not more..<hr></blockquote><!--EZCODE QUOTE END--><br><br>I would say just the opposite, but you will have to be the one to deal with all that difficulty. It was a sad sentence, though. Meanwhile, opening EMAILS is okay, but not attachments. Good anti-virus software can be configured to automatically scan attachments...and you can also ask the software to scan a particular attachment. <br><br>Windows is quite inscrutable, sometimes. And while you, of any of us, have good reason for being "paranoid", it's sometimes easy to misinterpret normal computer behavior. However, that's not to say you are crazy and I would suggest doing the following. Sign off (sorry!). Disconnect the computer from the internet. Get some anti-virus software. Usually, when you install it, it will ask to go ahead and do a sweep of the computer first. Allow this. If you already have anti-virus software, then hopefully you made an emergency floppy disk for this sort of thing. If so, insert it and reboot and follow instructions. I THINK (but I'm not sure) that if you are already infected then it's too late to make a floppy disk as this may also get infected, so I would insert your anti-virus install disk and see if you can reinstall...asking it to scan first.<br><br>Other folks who know windows should maybe offer some advice about looking at firewall logs, etc to see if there is anything suspicious. I don't know enough about it. <br><br>It may be nothing...but please don't click on attachments you are not expecting. Even if they are from me! <p></p><i></i>

[havanagilla]

Thanks DE. <br>1. The only reason I suspect trojan is because the adaware scan said so, and said also it CANNOT remove the infect file, which it cites as "the index"...thing. This is pretty much standard. So I tried to remove manually, and it still did't work, but other things happened.<br>2. meanwhile my provider ran a check as well and placed my connection under 24 hrs special monitor (till tomorrow morning).<br>3. Being mad...that's fine, and mad people still have things happen...so..<br>4. sad...yes. and you are correct of course, that being isolated should make one double careful. <br>5. meanwhile the culprit (a good looking, charmer, smoothtalking guy :-) has been refusing to resend his emails to my yahoo box, which makes him more guilty. <br>6. I harnessed the assistance of a computer guy, who is also a fellow madman (MC victim who keeps saying San Diego is in danger :-)), but he has a real degree in computer science, so i hope he knows how to deal with it.<br>7. black box - indeed ODD. and suspcisious by windows. If I knew computers i'd switch to linux, but I am sure the NSA people can crack that one as well. It reminds me of Seinfeld, saying about the black box -"if they can make a black box that doesn't break or burn , why don't they fucking make the entire airplane from the same stuff". good question :-)<br><br>I learnt a lot so far. <br><br>ps I have firewarll, antivirus running and the works. But I know it is VERY easy to crack them. <p></p><i></i>

[havanagilla]

I downloaded that track program (hope they are not infecting with something...). here are the results<br>1. the culprit files are still alive and happy, they seem to be smiling now.<br>2. the 30 days trial option, shrank to 15 days, once I installed the program (thieves).<br><br>Soooooo....? <p></p><i></i>

[Dreams End]

They should have a way for you to view these files and also to erase them. note that you cannot delete them as Windows keeps generating them! So, you should be able to see the contents of these files...though it may take your computer friend to see if there is anything suspicious. Save the contents as a text file, if it will let you, for future reference and then use the erase feature. Open them up and see that they have been erased. I can't guarantee that will fix any problems...but we aren't even sure you are having problems. I'd also have your friend check firewall logs. YOu are looking for suspicious activities on unexpected ports. He will understand what to look for. <br><br>anyway, to be clear...the index.dat files will always be with you. This program simply erases their current contents.<br><br> <p></p><i></i>

[havanagilla]

ah, oh, I see, the file remains only changes contents. ok then.<br>Well, in the morning I couldn't surf at all so I called my provider who was also monitoring my connections <br>1. definitely hacked and remote-hooked to someone.<br>2. also <!--EZCODE BOLD START--><strong>hacked the Modem and so</strong><!--EZCODE BOLD END--> company was hear already and replaced the modem. (can you hack modems? next they'll hack the user)<br>3. he doesn't give a hoot who it is, cause that's not their job. as far as he is concerned, go to police or reformat entire PC.<br>--<br>So the problem is not settled yet. Since I had no connection in the morning, friend couldn't help, will do that tomorrow.<br> <p></p><i></i>

[Dreams End]

If this is all correct...I'm afraid the only real choice you have is a complete reinstall. Sorry. index.dat is the least of your problems. I would back up any data you want to keep on a cd...then scan that cd with antivirus software BEFORE you put it back on your newly formatted and reinstalled Windows system. <br><br>Or...you might go Linux. simplyMepis, the version I'm playing with now, seems very user friendly. But anyway, good luck! <p></p><i></i>