Re: Microsoft secret folders?

From: Jeff (jeff_at_falsepart.com)
Date: 11/03/04 

Date: Tue, 2 Nov 2004 19:09:35 -0500

Hi John

I have Spybot, Ad-Aware, and spywareblaster installed. I update and run
them regularly. Just did again: no spyware. I did not install "I am big
brother".

Zone alarm said that COM surrogate came from dllhost and I did find
dllhost.exe in the system32 subdirectory. Now this is dllhost, not the
dlhost that Symantec says is the spyware marker. No nl.exe.

dll.host appears to be a Microsoft file present as DLLHOST.EX_ IN MY i386
subdirectory. I therefore think it is legitimate. 

-- 
Jeff Williams
Email address deliberately false to avoid spam
jeff@phony.com
"John Barnett MVP" <freelanceit@mvps.org.NOSPAM> wrote in message
news:O$0s$pEwEHA.728@TK2MSFTNGP11.phx.gbl...
> Jeff glad i could be of assistance.
>
> Do you have Spybot S&D on your machine (www.safer-networking.org) ? If so
i
> need you to run the application and see what it comes up with.
> I've done a search of Microsoft knowledge base and, unless i have missed
> something, haven't come up with a thing. MSDN (Microsoft Develeper
Network)
> shows the dlhost.exe file as being an addition to an application. What
> worries me most is what i found on the Symantec web site. Take a look for
> yourself
> http://www.symantec.com/avcenter/venc/data/spyware.iambigbrother.html
> Just make sure you keep denying the Com Surrogate file access for the
> moment. I assume that denying it access is not having any detrimental
effect
> on your pc?
> You or someone else haven't downloaded and installed an application called
> 'I am big brother' by any chance?
> The symantec site gives a list of files that 'i am big brother'  produces
i
> suggest, first that you use Spybot and second do a search of your drive
for
> the relevant files and see what you come up with.
>
> -- 
> John Barnett MVP
> Associate Expert
> www.freelanceit.glowinternet.net
>
> "Jeff" <jeff@falsepart.com> wrote in message
> news:PQjhd.7813$Ae.2241@newsread1.dllstx09.us.to.verio.net...
> > John
> >
> > Thank you very much for all your help.
> >
> > Option 1 did not do it, but option 2 did. Maybe because I am still at
> > SP-1,
> > uptodate except for SP-2 itself.
> >
> > By the way my Zone Alarm firewall has been asking me if I would allow
"COM
> > Surrogate to access the Internet" from the application "dlhost.exe".  I
> > keep
> > denying but am not sure what it is.
> >
> > Thank you again. You've been a great help.
> >
> > -- 
> >
> > Jeff Williams
> > Email address deliberately false to avoid spam
> > jeff@phony.com
> >
> >
> >
> > John Barnett MVP wrote:
> >> Jeff my Home edition has .Net framework 1.1
> >> Having said that i actually always install the .net framework from the
> >> retail cd each time i reinstall windows xp.
> >> You have three options:
> >> 1/ Download the .net service pack 3 update that windows update that
> >> the Windows Update site suggests you need. If this doesn't upgrade
> >> your .ner framework 9which i am sure it will) then try the next item.
> >> 2/ If you have a Windows XP Service pack 2 (SP2) cd (some PC
> >> magazines are supplying them as cover discs) Then browse the cd and
> >> look for the DotNetfx folder. You will see a list of files. Click (or
> >> double click) on the DOTNETFX file. This is the express etup file.
> >> failing that you can use the Setup file. Alternatively try the next
> >> item. 3/ Go to the Microsoft download site www.microsoft.com/download
> >> In the search for a download dialogie box click the green arrow and
> >> from the drop down menu select .NET and press the Go button. When the
> >> search results page opens it should show .net Framework version 1.1
> >> redistributable package as the first option. Click on this to
> >> download. It is around 24MB in size. Once it is downloaded then clcik
> >> on the file to install it.
> >> Well Jeff that's three options to keep you busy this weekend.
> >> Hopefully you will bne able to use both Cleancache and FreshUI
> >> afterwards:-)
> >>
> >> Good Luck!
> >>
> >> "Jeff" <jeff@falsepart.com> wrote in message
> >> news:LbZgd.7773$Ae.3162@newsread1.dllstx09.us.to.verio.net...
> >>> Thanks John.
> >>>
> >>> --
> >>>
> >>> Jeff Williams
> >>> Email address deliberately false to avoid spam
> >>> jeff@phony.com
> >>>
> >>>
> >>> "John Barnett MVP" <freelanceit@mvps.org.NOSPAM> wrote in message
> >>> news:%23OcWQatvEHA.2016@TK2MSFTNGP15.phx.gbl...
> >>>> Jeff I have xp home and professional on my machine so i will take
> >>>> alook at home edition and see what version is on there and whether
> >>>> it can be updated. i'll get back to you.
> >>>>
> >>>> --
> >>>> John Barnett MVP
> >>>> Associate Expert
> >>>> www.freelanceit.glowinternet.net
> >>>>
> >>>> "Jeff" <jeff@falsepart.com> wrote in message
> >>>> news:R5Rgd.7752$Ae.2452@newsread1.dllstx09.us.to.verio.net...
> >>>>> I went there and have icons for  .net framework 1.0 wizard, not 1.1
> >>>>> which
> >>>>> is
> >>>>> what FreshUI wants.
> >>>>>
> >>>>> I am getting to think from what I saw on the web that 1.1 is only
> >>>>> for XP
> >>>>> Pro, not XP Home which is what I have. But I am not sure.
> >>>>>
> >>>>> --
> >>>>>
> >>>>> Jeff Williams
> >>>>> Email address deliberately false to avoid spam
> >>>>> jeff@phony.com
> >>>>>
> >>>>>
> >>>>>
> >>>>> John Barnett MVP wrote:
> >>>>>> Jeff if it offers the service pack update you should already have
> >>>>>> .net framework on your machine.
> >>>>>> Go to Control Panel and click the Administrative Tools icon. See
> >>>>>> if you have icons for .net framework 1.1 wizard and
> >>>>>> configuration. If not you should be able to download .net
> >>>>>> framework from the microsoft download site.
> >>>>>>
> >>>>>>
> >>>>>> "Jeff" <jeff@falsepart.com> wrote in message
> >>>>>> news:%FNgd.7747$Ae.5385@newsread1.dllstx09.us.to.verio.net...
> >>>>>>> Thanks John
> >>>>>>>
> >>>>>>> I discovered and downloaded Cleancache and installed it.
> >>>>>>> However it would not run on my XP Home PC because it needs
> >>>>>>> Microsoft.NET Framework 1.1 to run.  My XP Home "Windows Update
> >>>>>>> does not provide this as an available update.  The only thing
> >>>>>>> offered for my "Home" XP is Microsoft .NET Framework
> >>>>>>> 1.0 Service Pack 3 and that is apparently not adequate for
> >>>>>>> CleanCache to work.
> >>>>>>>
> >>>>>>> I will look for FreshUI .  I happen to own Acronis Privacy suite
> >>>>>>> but I do not think it can delete the index.dat files because
> >>>>>>> they are locked as you say and it does not seem to have a cache
> >>>>>>> cleaner that I can find.
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>>>
> >>>>>>> Jeff Williams
> >>>>>>> Email address deliberately false to avoid spam
> >>>>>>> jeff@phony.com
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> John Barnett MVP wrote:
> >>>>>>>> Jeff the easiest way to delete .dat files is the freeware
> >>>>>>>> application Cleancache. Just mark, on the relevant tabs, what
> >>>>>>>> .dat files are to be deleted and press the 'run complete
> >>>>>>>> cleanup' button. Obviously Index.dat files cannot be deleted
> >>>>>>>> from within windows so once you have used cleancache you simply
> >>>>>>>> restart your pc and the index dat files will be cleared and a
> >>>>>>>> new empty file created. there are also other applications that
> >>>>>>>> will do the same FreshUI is one that comes to mind.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> "Jeff" <jeff@falsepart.com> wrote in message
> >>>>>>>> news:qLMgd.7742$Ae.700@newsread1.dllstx09.us.to.verio.net...
> >>>>>>>>> Windows DOES keep files that track all your visited URLs,
> >>>>>>>>> cookies, internet
> >>>>>>>>> temp files, etc. in index.dat files and they are almost
> >>>>>>>>> impossible to delete
> >>>>>>>>> because Windows marks them as locked in use.
> >>>>>>>>>
> >>>>>>>>> The easiest way to delete them seems to be as follows:
> >>>>>>>>> 1. create a new user account with administrative powers.
> >>>>>>>>> (Password IT!!)
> >>>>>>>>> 2. Search for all your index files and write down their
> >>>>>>>>> locations
> >>>>>>>>> 3. log out of your present user account and login as the new
> >>>>>>>>> user you just created.
> >>>>>>>>> 4. Go to the index.dat files you marked and delete them
> >>>>>>>>> 5. log out of the new account and back into your normal
> >>>>>>>>> account.
> >>>>>>>>>
> >>>>>>>>> The usual locations of the dangerous index.dat files are the
> >>>>>>>>> following:
> >>>>>>>>>
> >>>>>>>>> \Documents and Settings\<Username>\Cookies\index.dat
> >>>>>>>>>
> >>>>>>>>> \Documents and Settings\<Username>\Local
> >>>>>>>>> Settings\History\History.IE5\index.dat
> >>>>>>>>>
> >>>>>>>>> \Documents and Settings\<Username>\Local
> >>>>>>>>> Settings\History\History.IE5
> >>>>>>>>>
> >>>>>>>>> \MSHist012001123120020101\index.dat
> >>>>>>>>>
> >>>>>>>>> \Documents and Settings\<Username>\Local
> >>>>>>>>> Settings\History\History.IE5\MSHist012002010720020114\index.dat
> >>>>>>>>>
> >>>>>>>>> \Documents and Settings\<Username>\Local Internet
> >>>>>>>>> Files\Content.IE5\index.dat
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>>
> >>>>>>>>> Jeff Williams
> >>>>>>>>> Email address deliberately false to avoid spam
> >>>>>>>>> jeff@phony.com
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> "crissssss.........." <cris@newsgroupinfo.wanadoo.co.uk> wrote
> >>>>>>>>> in message news:cm0182$p7$1@news7.svr.pol.co.uk...
> >>>>>>>>>> I have no idea what files. I really was only asking this:
> >>>>>>>>>> If it's true that any computer keeps records of past web
> >>>>>>>>>> searches (or anything else) that are NOT cleared out by using
> >>>>>>>>>> the usual Internet Options, then surely these files must grow
> >>>>>>>>>> and grow until they slow a computer down. Or is this the idea
> >>>>>>>>>> so Microsoft can then sell you another computer? Thanks Chris
> >
> >
> >
>
>