   | Member with 84 posts. | | | | alternate data streams hi again
been a bit since my last problem post. seems my last couple suspected issues went away after a restore point, uninstall and reinstall of webroot spysweeper, uninstalled webroot firewall but just using xp firewall now. also set only trend micro to start at restart, then i start webroot after startup settles. everything has seemed normal lately although restarts are still a bit slow. decided to run spybot and hjt today.
spybot found 4 entries for "RegistrySmart" and a good handfull of usage tracks. hjt looked normal, nothing new,, but the ads spy function found quite a few alternate data streams, about half connected to a temp folder,, and the other half connected to items in the favorites folder.
what are these? and do i just "fix" them thru hjt? any way to know what they are connected to or being used for? we had removed a few of these before when cookiegal helped me a while back ["desktop MRI disabled"], since uninstalling webroot firewall and using xp again, have i opened up for another infection?
my main concern is and has been desktop spying-viewing [ i play cards online] , is it possible these are anything related ? even with xp firewall on, remote assist and file sharing off , spysweeper and trendmicro always running,, is it even possible for someone to easily [and without my knowledge] spy on my desktop??
thanx for the help [and patience] once again |  | Distinguished Member with 14,988 posts. | | Join Date: Sep 2003 Location: -71.45091, 42.27841 | |
__________________
The independence created by philosophical insight is - in my opinion - the mark of distinction
between a mere artisan or specialist and a real seeker after truth. - Einstein 1944
Imagination is more important than knowledge. - Einstein | | | Member with 84 posts. | | | | appreciate the links lotuseclat
i believe i can also remove these thru hjt, is that as effective?. do they all need to be removed, i.e. all considered harmful? and if so , how to find source and prevent re-occurences?
thanx again | | | Distinguished Member with 14,988 posts. | | Join Date: Sep 2003 Location: -71.45091, 42.27841 | | | | | | Member with 84 posts. | | | | thanx again for then links,,
read up just a bit. seems there are some legitimate alternate data streams, but easily exploitable harmful uses as well. i went thru hjt and removed all of them. couple reboots, play cards, couple websites,, none returned.
the ones connected to the documents and settings/temp folder i assume are related to web surfing, sites viewed or something. all were between 98 and 135 bytes. probably no telling what they are.
the ones connected to items in the favorites folder apparently have to do with the icons next to the titles. now all the ones that had icons are changed back to the default explorer page icon. no harm there apparently but i woiuld like to get those back.
looks like half legitimate,, half suspect. i think ill check occassionally, see if any show up and see what i was doing just prior, might narrow it down. ill read up a little more too.
as usual,, appreciate the help | | | Member with 84 posts. | | | | little more i found lately on the subject
the ads connected to the items in favorites are [i believe] just for the little icons in the favorites list. they each return as you visit the site, close and reopen explorer, there they are.
the ones connected to items in documents and settings/temp folder,, im not sure yet what sites, but they return occasionally after web browsing. seems they show up 2 or 3 at a time, and each item listed twice. i saved the first list of ads i found if someone wants to look at them?? they might be from the kids sites, games and what not. we seem to catch more things from the kids sites and game downloads than anything else.
also, on the desktop spying or game cheating ive been worried about, one forum thread led me to a thing called snoopfree. freeware that monitors keyboard hooks and screen snapshots and such,, any here of or use it ??
first thing it blocked was zHotkey, from the gateway keyboard but not necessary. also it blocked a keyboard hook from ie explorer. both since running it this afternoon, the zhotkey comes at startup, the explorer one im not sure [accidentally cleared log missed the time, doh].
thanx again | | | Member with 84 posts. | | | | hello again,
i know its been a while on the subject,, the ads tool in hjt shows the ones for the icons in the favorites folder.
occasionally hjt picks up a couple in the documents and settings temp folder [although they dont show if you look in the folder?]. seem to come 2 or 3 at a time every week or so, and they always are listed twice. those i dont know when or from where they appear [not at startup, or web browser, possibly kids online games], hjt removes them and nothing seems noticeably different before or after.
any other thoughts?? , or am i worrying too much lol
thanx again |  THIS THREAD HAS EXPIRED.
Are you having the same problem?
We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.
|
Smart Search
| Find your solution! | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
| You Are Using:  |
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 04:46 AM.
Copyright © 1996 - 2009 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2009, Jelsoft Enterprises Ltd.
|  |
|
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
General Security 
Search 
