Virus spoof or not??? (Plus legit warning)

Discussion in 'Software' started by mutz_nutz_uk, Jan 3, 2003.

  1. mutz_nutz_uk

    mutz_nutz_uk Private First Class

    OK guys. Two things. Firstly, a warning that has been given out by the Conservative Government Offices (Thats our Government twats in the Blue for you Yanks) regarding a virus. This is 100% genuine, and is sent from Conservative HQ with all the required documentation etc.

    > If you receive an e-mail that looks as if it has come from Norton.com
    > (manufacturers of one of the leading anti-virus programs), DELETE IT
    > IMMEDIATELY. IT IS A VIRUS.
    >
    > The Norton's e-mail address has been "spoofed" - ie somebody else has sent
    > this in the name of Nortons. The attachment, FixKlez.com, is actually the
    > Klez virus! Under no circumstances open the attachment, as Klez is an
    > extremely damaging virus.


    Just an edit from the e-mail, so you get the idea.

    Next - The big question. Another e-mail I got from a source within the Consevative Offices is paraphrased as follows.

    Basically, it states that Microsoft has a "background application" running that saves your internet content to a file named INDEX.DAT and hidden behind several layers of protection. This file, so the e-mail states, contains your internet history, cookies and various other browsing habit information in computer speak. This file is apparently uploaded upon your connection to the internet direct to Microsoft itself. The e-mail suggests doing a clear-out of internet history, cookies etc, then searching for INDEX.DAT, and reading the files you find (I got 4 of them). As stated, my file was clear. It then states to amend a few Windows Settings (basic "Show Hidden Files" sort of stuff), then look for the file again, and read the file that has now appeared in your Internet Folder (A magical 5th INDEX.DAT file). As stated in the email, I did the delete (Using Norton 2003 and IE6.0 delete history), looked, tweaked, looked again. And sure enough, I found a file, in computer speak, that read exactly the contents of my online browsing for the last several weeks. This is all despite the fact that I set IE to only keep 1 day of history, disable most settings bar those I need to browse, and regularly delete all history.

    All information in this e-mail points to the fact that Microsoft DOES indeed have a file which is embedded deep in the bowels of your system containing all your internet history, whether you want it too or not. The only thing now is finding proof that MS is uploading the file, maybe hidden within a legitimate internet process, such as "Search for Critical Updates"???

    Anyone else heard of this file, or its uses???

    I could, but I wont, post the entire e-mail. I am happy to post important bits if people require it. Main thing I am after is thoughts reference the possibility that MS is indeed doing this.

    Bastards. :(
     
  2. howie

    howie Private E-2

    yes I believe it could be true but coming from tory hq could it be some sort of prelude to an election campaign?
    I believe anything you do on the internet is about as secure as standing on a street corner shouting.
     
  3. FlyingPenguin

    FlyingPenguin Private E-2

    First part: Yes this is a common ploy of worm viruses. Klez can come as an attachment to a message that warns of the Klez virus and recommends you install the attached update, which is ofcourse a virus.

    There's no such thing, really, as "SPOOFING" an email return address. You can create an email with ANY return address - Norton's, the President of the United States, whatever. Doesn't mean that it came from them.

    Neither McAfee, Norton or any other Anti-Virus publisher will EVER send you an update patch via email. Netiher will Microsoft. If you think there's an update you need, go to the publisher's website.

    As for the second part, yes I've heard of the INDEX.DAT issue, but it's paranoid hogwash that the information is sent to Microsoft. #1, it's illegal, #2 a firewall application would detect it being sent.

    Some quick Google searching brings up several posts and articles about a program called SPIDER that reveals and deletes these INDEX.DAT files. Some info here: http://users.pandora.be/michel.beyens/vir/ie/ie.htm

    Apparently Window Washer is another utility that deals with this which you can get here at Geeks: http://www.majorgeeks.com/article.php?sid=293

    Frankly, unless you're browsing on a computer you're not supposed to use, or browsing sites at work you're not supposed to, I can't understand what the fuss is about. I don't give a rat's behind who knows what websites I visit.
     
    Last edited: Jan 5, 2003
  4. Olawy

    Olawy Private E-2

    That e-mail has good use if you favour
    labor.Forward it to all MS reps\support
    and ask WTF its all about.Belive me
    MS will be quite pissed if its name is associated with election FUD and MS
    is fearsome enemy .


    Gotta love the idiotisms one can see if politicos try to use IT in campaign
     
  5. HASSELBLAD

    HASSELBLAD Sgt. Smirnoff

    EG: A bomb goes off at a school, they think its Timmy but they dont have much proof. They check his PC but Timmy rememberd the history, but wait......what about M$ hidden file! well lets see......it looks as if Timmy like porn, and he has been reading about making bombs.
     
  6. howie

    howie Private E-2

    how do you find / delete this file?
     
  7. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Index.dat file is found in these folders if you using XP or 2K

    C:\Documents and Settings\*USER NAME*\Cookies
    C:\Documents and Settings\*USER NAME*\UserData
    C:\Documents and Settings\Default User\Cookies

    This file can only as far as I know be deleted and recreated at reboot as it will be in use if you try to delete it ( tho it maybe that it can be deleted in DOS but I way too lazy to find out )

    Therefor this program can do it for you http://www.majorgeeks.com/article.php?sid=730



    also if you slightly paranoid index.dat is found to keep a log of the MS office docs you open in ...... C:\Documents and Settings\*USER NAME*\Application Data\Microsoft\Office\Recent
     
  8. qx_nerdtronic

    qx_nerdtronic Private E-2

    Where it is - THE Definitive Guide

    On windows 9x it is under

    %windir%\temporary internet files\content.ie5

    windir is your windows directory; if you type it in, it will take you there.


    go Start-Run

    type explorer
    hit enter
    (WOW):cool:

    i am using windows nt 4 right now, so this is always there and can't be changed, but go through you View menu and enable the explorer toolbar. It allows you to access any directory on your hard drive (bizzare) put that directory at the top in the address bar and it will take you to the Content.ie5 directory. Under newer versions of windows, the actual folder view will be blank.
    In the explorer bar, there will be at least 4 and sometimes 20 or 30 (and sometimes more) directories with weird names like

    46d6arbx
    Kuq9fyzv

    these are the folder that actually save the cached information. Also in the Content.ie5 directory is the index.dat file. Download East tec eraser or windows washer to destroy it.
    also, you can use word 2000 to browse files on a restricted hard drive (another microsoft thing. I read in an article[ i think in PC World] that microsoft claimed that this was a feature, not a bug)

    You might be able to tell that I use linux because I say "directory" instead of "folder". I only have NT because I have a lot of windows software.
     
  9. qx_nerdtronic

    qx_nerdtronic Private E-2

    Sorry About the long post

    Sorry about the long post.
     
  10. Vampirefo

    Vampirefo Private E-2

    Ok here is my ideal, and yes I just tested it no ill effects yet, I use XP, and I dual boot so I tried two different ideals both worked.

    The main goal is to empty the index.dat and then make it read only.

    First way was to navigate to other OS find the index.dat it's located here.
    E:\Documents and Settings\Vampirefo\Local Settings\Temporary Internet Files\Content.IE5

    Now open it with word pad, select all and clear, now change it to read only, reboot into that OS all seems fine, and index.dat is 0 KB.

    Now boot to first OS, into Administrator account, find all the index files in users account, and do as above, boot in a user account with administrator privileges, and do the same with the index.dat in the Administrator account, either way works well for me.
     

    Attached Files:


MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds