Windows cleaning Tips
while "surfing" online
1. Make yor browsers refuse ALL Cookies,
turn off ALL Java, Java Script,
ActiveX, Auto
Install on your browsers.
2. ALWAYS USE a PROXY while surfing
for added privacy and protection from snoopers, ad men, ets! For a list
of proxies go to proxies
info. When using a proxy, check to see if your proxy is secure:
proxy checkers (Start Button/Run/winipcfg to
see your IP). or here:
helie.com/BrowserCheckIf
you DO NOT know anything about Proxies, read the what's
a proxy FAQ, then go to how to set your browser
to use a proxy FAQ ,and check the proxy page
3. Always have a good intrusion detection system
running. In the Windoze world the current favorite would be
BlackICE Defender.
It will block hacking atempts, and will filter all kinds of junk while you
are on.
http://www.clariondeveloper.comhas the ClearIce freeware which will
assist you in analyzing the data that BlackICE
produces.
4. Your next step should be a FireWall.
Unfortunatly AtGuard has been discontinued,
but it has the best documentation on how to use it, and you can still
find copies of it floating around. If you are really paranoid the best
then will be
Conseal PC Firewall - Signal 9
Conseal also blocks protocols the other products (currently) ignore.
You will need to learn a little about ports and protocols but a liitle
knowledge won't harm you. Other good ones are
Proxymitron(totally free),
from http://members.tripod.com/Proxomitron
5. You do NOT want to share ALL your files with everyone on the 'net, do
you? Well, thats exactly what your silly Windoze allows by default,
because it assumes that you are connected to shared local area network
(LAN), so it has file and printer sharing
option ON by default. It is port 139 which is the NETBIOS Session Service,
its BOTH udp and tcp.
To disable it, go to
Control Panel+System+Performance+File System+Trouble Shooting folder, then choose
Disable new file system and locking semantics bullet. The system will then ask you to restart your PC. Do so. You are done.
Its a good idea to shut off ALL the other ports you have open on your
connection,
Do not leave an ftp or telnet or http port open if you are not ACTUALLY
USING IT. Generally a good firewall will take care of ALL your ports.
The port numbers are divided into three ranges:
well known ports 0-1023, registered ports 1024-49151, and dynamic ports
49152-65535. The well-known ports are used by your computer for the basic protocols. Numbers are typically "bound" to a specific protocol e.g. port 80 is for HTTP, port 443 is for HTTPS, etc.
he other ports are assigned dynamically by your computer as needed starting with port 1024. In other words, if you use a dial-up connection then your first connection to your ISP will usually be on port 1024. Here is a link for some more information.
ttp://www.chebucto.ns.ca/~rakerman/port-table.html
This page also links to other good information.
6. DO NOT d/l and run any .exe from an unknown
sources! Thats the ONLY sure way to get viruses or trojans!
After all, you'd NOT stick your penis in EVERY warm hole you
meet, right?...well maybe YOU would...
Lets review: 1. set your browsers to refuse java, javaScript, cookies, ActiveX,
2. use a proxy, and 3. use a firewall....
after you are done "surfing"
here is where the fun starts!..you will need to do some serious cleaning of
your PC now, so lets get to it!
1. Hope you know that while "surfing", EVERY image you looked at, every web
page you looked at was saved on your HD in your Browser's cache(s). IE has 4
and netscape has 2. So you definetly wannna clean, wipe,
empty the following folders/files that have been filled with all sorts of
info about where you surfed and what you looked at:
- browser's Caches in BOTH
C:\Windows\Temporary Internet Files, and your Browser's folders
- the browser's History folders that contain the
URL of every place you visited, IE has one
inside C:\Windows\,
Netcape inside it's folder.
- the Cookies
Folders in both C:\WINDOWS and C:\Program FIles\Netscape\Users\Cookies
if you use Netscape
You can clean all those folders either manually
(very cumbersome and time consuming), or by using either
Windows Washer
fromwebroot.com or Evidence
Eliminator or Eraser other good product.
2. clean all the KNOWN hidden files in Windoze:
- Index.dat
(formerly known as MM256 and MM2045) is hidden in:
C\WINDOWS\COOKIES\, C:\WINDOWS\Temporary Internet Files,
C:\WINDOWS\HISTORY\, C:\WINDOWS\Temporary Internet Files\
- mm256 & mm2048.dat
can be found in:
C:\WINDOWS\HISTORY,
C:\WINDOWS\COOKIES , C:\WINDOWS\TEMPOR~1\CACHE1,
C:\WINDOWS\TEMPOR~1\CACHE2, C:\WINDOWS\TEMPOR~1\CACHE3,
C:\WINDOWS\TEMPOR~1\CACHE4
- desktop.ini
C:\WINDOWS\Temporary Internet Files,
C:\WINDOWS\HISTORY\,
C:\WINDOWS\HISTORY\History.IE5
3. NEVER, EVER delete ANY files to the Trash Bin
because the files are NOT actually deleted, only their headers have
been modified - marked to be written over. Any techy with a minimum
knowledge, armed with Norton or some other utilities like DirSnoop or Encase will be able to find all those "deleted" files in less than 5 minutes Oh, the shame of those ol' anal pix, eh? Get either BCWipe or
Eraser and and use them.
Or you can instead, create a folder and make sure you wipe that folder with Eraser or
create a virtual drive inside RAM and keep the stuff there. The drive will be gone once the PC is shut off.
4. if you use ICQ then you also need to clean your
chats. The new ICQ99 keeps 2(!) separate records of all those chats.
1. first you click on each user's name, go to History,
then View Messages History folder. There choose the
Delete all button.
2. second go to ICQ logo (main menu) the one with the animated dog or
cat or whatever it is, and choose the Messages Archive Click on the Deleted Items(twice), then Messages. Choose all
the messages in the right Window with right mouse button+Shift.
Press your delete button on the keyboard. Repeat with Chats,
Notes. go to Messages next(twice). clean all-message dialogs,
Received, go through all the names one by one. Repeat with all the
rest. You are done.
Think you are done yet?..hell, NO!...Before shutting down your PC for the day
you should also clean:
5. C:\WINDOWS\Recent has all the recent looked at
at files. in NT you can find it in
C:\WINNT\PROFILES\ADMIN~1\RECENT\ and
C:\WINDOWS\QFNONL\RECENT\ .
Windows Washer and Evidence Eliminator
will take care of those folders by default.
6. Win95, 98, UNIX, NT use a virtual memory space to keep files there called
Swap file. When a proccess becomes inactive its
data is copied back into RAM, but the virtusl swap file is never overwriiten. Your data can stay there for days or even months!
Worse some systems liek NT and Win95 have swap fiels that grow and shrink in
size dinamically using the empty space on your HD. Thus wiping the file in a shrinken space can leave parts of it in whats now the unused free space.
Win 95 & 98 swap file is
inside C:\Windows and is called
Win386.swp.
NT's swap file is called
pagefile.sys.
In UNIX you can actually switch to alternatice
swap file (Cool, eh?) while erasing the original. Check
/etc/fstab for references to yuor swap partition.
If you shut Windoze properly, the file will be gone, but according to some
people the info can still be read off the HD. You CAN'T clean it while in
Windoze, so you need to do it in DOS mode.
Supposedly using scorchthe program Dr Who talks
about in his FAQ or using Windows Washer, or
Evidence eliminator3.0 delete the file. I
have used With EnCase I found that it was the same as before. I would
say to be safe use bcwipe on the empty
space of your HD will clean any remains of that file.
7. DO NOT forget yo also wipe the Free Space on your HD that
Windows uses as a virtual memory space with
BCWipe from
jetico.sci.fior
Eraser,
BOTH of which are free. Read the Useful toolz FAQ
on where to find them and how to use them.
WARNING: some people report problems with it.They
have had to reconfigure and re-load Win95 AFTER using BCWipe. So the
program IS NOT for everyone off-siteThere is also Shredder.
8. Two VERY revealing files on your PC are USER.DAT and
SYSTEM.DAT that
are make Windoze's
Registery. They are insideC:\Windows.
To look at them you must first make all your hidden and
system files visible by clicking the right mouse button and
choosing VEIW, OPTIONS, then VIEW foder again and click on the Show all files button.
The problem with them is since they are system files you can't clean
them and even if you did, Windoze will regenerate them right back
up with exactly the same data it had before.
It had been suggested to that one way to deal with this two files is to:
Boot the system in DOS, and while in DOS, use REGEDIT
to make a backup copy of USER.DAT
and SYSTEM.DAT in a
directory other than Windows. Now,rename the original
USER.DAT and SYSTEM.DAT to anything else (such as .SAV)
and copy the backup copies back into the Windows
directory. This cleans up the registry something
wonderful, and often results in much smaller -- and
faster registry files. This only works in DOS; doing it
in a DOS window in Windows won't work.
9. Defrag your HD weekly if not more
often. that way all the info in the
old clusters you had used will be wiped and cleaned . After defragging,
run eitherBCWipe or Eraser and wipe the free disc space. One time run should
be
enough.
10. Win98 has an AppLog in C:\WINDOWS\
contains a txt based log file for EACH application I have on my PC, with
some weird numbers that dont make any sence to me. Go ahead check YOUR PC.
Now WHY would Windoze keep a log like this? If anybody can tell me what
those numbers mean, please, DO contact me.
11. Get rid of the.tmp filesthat are inside
C:\Windows\Temp.
Tempfiles are supposed to be deleted from your computer whenever you shut it
down. However, in certain situations (like when your computer crashes) temp
files remain on the hard disk. When booting, the stupid OS will also save
lost clusters as FILE0001.CHK, ets. Delete all those with Windows Washer or Evodence Eliminator.
Or you can do it all in DOs mode(not recommended becase we dont really know if DOS actually deletes
them or just marks the file headers as deleted): 1.Choose Start, Shut Down, Restart in MS-DOS mode.
2.At the DOS prompt type: cd\windows\temp and press Enter.
3.Type: del *.tmp to banish all temp files from the
C:\Windows\Temp folder.
12. Get an email program that uses TEXT. (good one is thebat with the NO HTML
switch) But pegasus and others work well too. And I find people are touchy
about this subject. pegasus + PGP is cool and it can use more than one
mailer is NEAT-O. and can confuse those that study headers.
TheBat is good too If you need to be stealth you can use some bouncers
and pegasus.
13. clean daily:
- nsform??.TMP
contains All the data inside every Netscape form
you've ever submitted, with and without SSL, when the submission failed
or was cancelled.
- Inbox, Outbox, Sent, Trash
has a complete copy of all your incoming, outgoing,
sent, and soon-to-be-deleted email. All in plain text without
any encryption.
- MsWord, Excel, Access, PowerPoint
All these programs, as well as windows itself, cache the filenames of the
most recent documents you have been working on. This leads any attacker
directly to your recent work!
14. DO NOT keep anything that can be used against you on your HD, but today,
it's hard enough to know what that might be. Get a CD-burner if you can spare the
cash or SEAQUEST drive or IOMEGA zip drive and keep the cartriges. To
Learn to ENCRIPT your data using one of the
MANY diff encription programs available like
Best Cript, ScramDisc , ets.
You can get PGP from MIT.
PGP Faq is at:PGP FAQ
NOTE: Do a string search on
SECRING.PGP, Secring.SKR, .ASC ,
etc These will be YOUR secret keyrings, if you do happen to be using PGP!
These are protected by your passphrase, so I hope you've got a realllllly
long one, and it's not something any average cracker will be able to pick,
and you're not running any keypress macro recorders or typing sniffers, and
you've not got any Trojan Horses or Password Targeted Viruses busy siphoning
off your passwords and passphrases, and you trust all the software you run
on yourPC,
Let's review: clean your Browser's caches, all the Index.dat files,
temp folders, recent folder, wipe the freespace, the swap file, and the registery!
Don't you feel tired already??
15. Lots of the programs you use daily leave many tracks behind of what you
did last.So examples include:if you use ACDSEE,
clean the "move" pull down menu under the "move" icon it contains all the
information about the jpegs you viewed and where they were moved to. Not
cool.
Did you know Winzip creates a
temporary file with the names of all the unzipped files? Look for it on C:\
root dir. There you will find a neat list of all your extract actions...
There are possibilities to turn off the logging in both programs if you look
in the configuration menus, but I think that default is to keep logs, so
check it out.. ;) Also, remove the "unzipped" file and everything inside.
Keep it clean :) by WhiteSpider
Your SBNews puts an .ini file
(Newsbot.ini) in the Windows directory. It contain plain text info
about selected groups, host name etc.If you want to clean up your tracks,
copy it to a safe backup folder after use and use
BCwipe or similar to delete the one in the Windows
directory.Remember to put it back there before you use SBN the next time..If
you don't, it will automatically create a new one, but all the info on
download directories, hosts etc. will be lost.Also keep in mind that SBN
saves logfiles of all downloads in its program Keep it clean :)
So
install the program in a safe place.. ;)
by WhiteSpider
Did you KNOW that SBnews has a Dup file in its folder? thats how it keeps
track of all the pix you have d/ld. I am SURE other news-reader have
the same folder somewhere in there, too. How to deal with that issue?
personally, I dont know.Any suggestions? Maybe clean that file and when
staring SBNEws look over whats there with "headers" and only choose what
you want. Maybe disable the "dup" fucntion toowill be a good idea.
A direct link to Win95 and 98 clean up utilities:
winfiles.com
more Tweaking and cleaning up your Windoze
tips
Every week a new report hits the news about
some newly discovered weakness in Windoze or somebody
discovers something hidden inside.
That's why I started this FAQ, to share everything I have discovered,
in hope other people can ALSO benefit
Perhaps old news for some but new to others...
1. In Windows98 I found a file called 'logfile.log'
It had recorded a LOT of info about activities.
I used Editpad to access file/clicked 'select all'/then hit Backspace/ then
Re-Saved the file at 0 kb.
Check it out on your PC's My logfile.log has stayed clean since.
Evidence Eliminator is rude and it starts up every time I reboot Windoze.
to stop it I went to START+RUN, typed regedit and looked for this key:
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run
. once inside, delete the Evidence Eliminator key. Of course you can
also prevent any other program from starting too while you are there...:-)
According to an article of the magazine Wired, some
ICQ advanced users detected that the automatic mechanism of Update installed by Mirabilis might be used to obtain information directly from the hard disk of the users. AOL just bought Mirabilis and the ICQ system must be one of the biggest data bank in the whole world.
So, as good safety precaution, these experts urge to turn this
feature OFF.
To do that you need to Go to START+RUN
start-menu and type "regedit" and look for this particular string:HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs
Right-clik over the Key Auto Update, select
Modify and enter No
That�s all.
If you REALLy want to remove all the previous installed software off your PC, you again need to edit the Win registery. Go to START+RUN
start-menu and type "regedit". Go to
HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall
.
Now you should see all programs that are installed on your computer,
whether they exist or not. Just delete the ones you don't have anymore.
Oh yeah... Try at your own risk. If you delete the wrong thing the computer
may crash.
Also, use the FIND option in the registery to find ANy traces of the software
you want removed and then use the delete function.
Suppose you want to change your name in Windows.
To Change the Version, in Control Panel and System Properties :
- Open the Registry and collapse all of the branches so that all "Hotkey"
folders are showing.
- Find the Hotkey "Local Machine" folder and click the "+" sign in front
of it.
- Look for the Software Folder ( Microsoft Folder ) and click the "+" sign
in front of it.
- Look for the Window Folder and click the "+" sign in
front of it.
Look for the Current Version Folder and double-click
on it.
- On the right-hand side of the screen, look for the
"Registered Owner File" and right click on it, then,
then the Modify command.
- Rename what you want computer to appear as on the 'net, then click OK.
- Minimize the Registry and double click on System from within the
Control Panel. You can now see the new name in the Version.
HKEY_CURRENT_CONFIG
then Software, then MS, then windows, then CurrentVersion
to look at the name your PC uses on a network, find your
network neighborhood icon,
select properties, then
select the identification tab
. Right there is your computer's name, which could have been set by
some other piece of software. Change it to something else, click on ok.
I believe you'll have to reboot your computer before the change takes affect
Suppose you want to stop the
CritialUpdate file in Windows 98 from updating Windowze
without asking you. You need to do this then:
Start+Program+Accessories+System Tools+System Information+
Tools+System Configuration Utilities+Start up
Then uncheck the Critical Update and restart Windows
. ICQ also likes to update itself without your
persmition. To show it who's da boss, do this:
go to Windoze Registry with START+RUN
start-menu and type "regedit". then open
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs
Auto Update "No"
.You can use several tricks to make your computer
start faster.
Decrease StartUp items: Applications that you
don't use during a typical computing session may load themselves
automatically at start-up. To find out which programs are auto-launching
and stealing your system resources, go
into Windows Explorer and open the following folder:
C:\Windows+Start Menu+Programs+StartUp
Just right-click on the ones you don't want to load at start-up and
choose Delete from the pop-up menu.
More sneaky StartUp items: You might have more unwanted stuff
self-activating at start-up than what's listed in the StartUp folder.
From the Start menu, choose Run and type MSCONFIG in the text box.
Click on the StartUp tab. You'll see long list of items. All of those
marked with an X launch automatically at StartUp.
Uncheck non-critical functions such as Tips (unless you like them), Task
Monitor, and Load Power Profile (don't uncheck it if you use a notebook
computer). Unchecking Norton products such as CrashGuard and Anti-Virus
will expedite the start-up process but will leave you more vulnerable to
crashes and viruses.
Did you know that each time Windows 98 boots it
searches for new floppy drives? But when is the last time you installed a
new floppy drive? To disable the ludicrous floppy drive scan go to:
1.Right-click on My Computer and select Properties.
2.Click on the Performance tab followed by the File System button.
//8+ 3.Choose the Floppy Disk tab and uncheck Search for
new floppy drives each time your computer starts.
. Delete Auto Insert: You can tweak your CD-ROM drive
to save a few CPU cycles by disabling Auto Insert Notification-- the
function that tells your computer to launch, say, your audio CD player
when you stick that CD into the drive. Auto Insert Notification can be
particularly annoying if you put a game CD into the CD-ROM drive and the
Installation Wizard opens even though you've already installed the game
onto your machine.
disable Auto Insert Notification:
1.Right-click on My Computer and select Properties.
2.Click on the Device Manager tab.
3.Double-click on the CD-ROM icon and then double-click on the CD-ROM
model you're currently using.
4.Click on the Settings tab and uncheck Auto insert notification.
turn off the CritialUpdate file in Windows 98:
Start+Program+Accessories+System Tools+System Information+
Tools+System Configuration Utilities+Start up
Then uncheck the Critical Update and restart Windows
open the MSINFO32.EXE inside C:\Program Files\Common Files\Microsoft Shared\MSinfo\MSINFO32.EXE
with an Hex editor and edit it to remove the active modules you dont want from starting.
end for now-...;-)
I shall be adding more quick reference tips and
links here. As usual, I need as much feedback as I can. E-mail me with
any comments, questions, corrections, ets.