Re: Microsoft secret folders?

From: John Barnett MVP (freelanceit_at_mvps.org.NOSPAM)
Date: 11/03/04 

Date: Wed, 3 Nov 2004 18:51:25 -0000

Looks like you are safe then Jeff. I was a little concerned because your
original post stated dlhost (with one 'l' ) Hence the reason for me checking
the symantec site.

"Jeff" <jeff@falsepart.com> wrote in message
news:WFVhd.7899$Ae.409@newsread1.dllstx09.us.to.verio.net...
> Hi John
>
> I have Spybot, Ad-Aware, and spywareblaster installed. I update and run
> them regularly. Just did again: no spyware. I did not install "I am big
> brother".
>
> Zone alarm said that COM surrogate came from dllhost and I did find
> dllhost.exe in the system32 subdirectory. Now this is dllhost, not the
> dlhost that Symantec says is the spyware marker. No nl.exe.
>
> dll.host appears to be a Microsoft file present as DLLHOST.EX_ IN MY i386
> subdirectory. I therefore think it is legitimate.
>
> --
>
> Jeff Williams
> Email address deliberately false to avoid spam
> jeff@phony.com
>
>
> "John Barnett MVP" <freelanceit@mvps.org.NOSPAM> wrote in message
> news:O$0s$pEwEHA.728@TK2MSFTNGP11.phx.gbl...
>> Jeff glad i could be of assistance.
>>
>> Do you have Spybot S&D on your machine (www.safer-networking.org) ? If so
> i
>> need you to run the application and see what it comes up with.
>> I've done a search of Microsoft knowledge base and, unless i have missed
>> something, haven't come up with a thing. MSDN (Microsoft Develeper
> Network)
>> shows the dlhost.exe file as being an addition to an application. What
>> worries me most is what i found on the Symantec web site. Take a look for
>> yourself
>> http://www.symantec.com/avcenter/venc/data/spyware.iambigbrother.html
>> Just make sure you keep denying the Com Surrogate file access for the
>> moment. I assume that denying it access is not having any detrimental
> effect
>> on your pc?
>> You or someone else haven't downloaded and installed an application
>> called
>> 'I am big brother' by any chance?
>> The symantec site gives a list of files that 'i am big brother' produces
> i
>> suggest, first that you use Spybot and second do a search of your drive
> for
>> the relevant files and see what you come up with.
>>
>> --
>> John Barnett MVP
>> Associate Expert
>> www.freelanceit.glowinternet.net
>>
>> "Jeff" <jeff@falsepart.com> wrote in message
>> news:PQjhd.7813$Ae.2241@newsread1.dllstx09.us.to.verio.net...
>> > John
>> >
>> > Thank you very much for all your help.
>> >
>> > Option 1 did not do it, but option 2 did. Maybe because I am still at
>> > SP-1,
>> > uptodate except for SP-2 itself.
>> >
>> > By the way my Zone Alarm firewall has been asking me if I would allow
> "COM
>> > Surrogate to access the Internet" from the application "dlhost.exe". I
>> > keep
>> > denying but am not sure what it is.
>> >
>> > Thank you again. You've been a great help.
>> >
>> > --
>> >
>> > Jeff Williams
>> > Email address deliberately false to avoid spam
>> > jeff@phony.com
>> >
>> >
>> >
>> > John Barnett MVP wrote:
>> >> Jeff my Home edition has .Net framework 1.1
>> >> Having said that i actually always install the .net framework from the
>> >> retail cd each time i reinstall windows xp.
>> >> You have three options:
>> >> 1/ Download the .net service pack 3 update that windows update that
>> >> the Windows Update site suggests you need. If this doesn't upgrade
>> >> your .ner framework 9which i am sure it will) then try the next item.
>> >> 2/ If you have a Windows XP Service pack 2 (SP2) cd (some PC
>> >> magazines are supplying them as cover discs) Then browse the cd and
>> >> look for the DotNetfx folder. You will see a list of files. Click (or
>> >> double click) on the DOTNETFX file. This is the express etup file.
>> >> failing that you can use the Setup file. Alternatively try the next
>> >> item. 3/ Go to the Microsoft download site www.microsoft.com/download
>> >> In the search for a download dialogie box click the green arrow and
>> >> from the drop down menu select .NET and press the Go button. When the
>> >> search results page opens it should show .net Framework version 1.1
>> >> redistributable package as the first option. Click on this to
>> >> download. It is around 24MB in size. Once it is downloaded then clcik
>> >> on the file to install it.
>> >> Well Jeff that's three options to keep you busy this weekend.
>> >> Hopefully you will bne able to use both Cleancache and FreshUI
>> >> afterwards:-)
>> >>
>> >> Good Luck!
>> >>
>> >> "Jeff" <jeff@falsepart.com> wrote in message
>> >> news:LbZgd.7773$Ae.3162@newsread1.dllstx09.us.to.verio.net...
>> >>> Thanks John.
>> >>>
>> >>> --
>> >>>
>> >>> Jeff Williams
>> >>> Email address deliberately false to avoid spam
>> >>> jeff@phony.com
>> >>>
>> >>>
>> >>> "John Barnett MVP" <freelanceit@mvps.org.NOSPAM> wrote in message
>> >>> news:%23OcWQatvEHA.2016@TK2MSFTNGP15.phx.gbl...
>> >>>> Jeff I have xp home and professional on my machine so i will take
>> >>>> alook at home edition and see what version is on there and whether
>> >>>> it can be updated. i'll get back to you.
>> >>>>
>> >>>> --
>> >>>> John Barnett MVP
>> >>>> Associate Expert
>> >>>> www.freelanceit.glowinternet.net
>> >>>>
>> >>>> "Jeff" <jeff@falsepart.com> wrote in message
>> >>>> news:R5Rgd.7752$Ae.2452@newsread1.dllstx09.us.to.verio.net...
>> >>>>> I went there and have icons for .net framework 1.0 wizard, not 1.1
>> >>>>> which
>> >>>>> is
>> >>>>> what FreshUI wants.
>> >>>>>
>> >>>>> I am getting to think from what I saw on the web that 1.1 is only
>> >>>>> for XP
>> >>>>> Pro, not XP Home which is what I have. But I am not sure.
>> >>>>>
>> >>>>> --
>> >>>>>
>> >>>>> Jeff Williams
>> >>>>> Email address deliberately false to avoid spam
>> >>>>> jeff@phony.com
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> John Barnett MVP wrote:
>> >>>>>> Jeff if it offers the service pack update you should already have
>> >>>>>> .net framework on your machine.
>> >>>>>> Go to Control Panel and click the Administrative Tools icon. See
>> >>>>>> if you have icons for .net framework 1.1 wizard and
>> >>>>>> configuration. If not you should be able to download .net
>> >>>>>> framework from the microsoft download site.
>> >>>>>>
>> >>>>>>
>> >>>>>> "Jeff" <jeff@falsepart.com> wrote in message
>> >>>>>> news:%FNgd.7747$Ae.5385@newsread1.dllstx09.us.to.verio.net...
>> >>>>>>> Thanks John
>> >>>>>>>
>> >>>>>>> I discovered and downloaded Cleancache and installed it.
>> >>>>>>> However it would not run on my XP Home PC because it needs
>> >>>>>>> Microsoft.NET Framework 1.1 to run. My XP Home "Windows Update
>> >>>>>>> does not provide this as an available update. The only thing
>> >>>>>>> offered for my "Home" XP is Microsoft .NET Framework
>> >>>>>>> 1.0 Service Pack 3 and that is apparently not adequate for
>> >>>>>>> CleanCache to work.
>> >>>>>>>
>> >>>>>>> I will look for FreshUI . I happen to own Acronis Privacy suite
>> >>>>>>> but I do not think it can delete the index.dat files because
>> >>>>>>> they are locked as you say and it does not seem to have a cache
>> >>>>>>> cleaner that I can find.
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> --
>> >>>>>>>
>> >>>>>>> Jeff Williams
>> >>>>>>> Email address deliberately false to avoid spam
>> >>>>>>> jeff@phony.com
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> John Barnett MVP wrote:
>> >>>>>>>> Jeff the easiest way to delete .dat files is the freeware
>> >>>>>>>> application Cleancache. Just mark, on the relevant tabs, what
>> >>>>>>>> .dat files are to be deleted and press the 'run complete
>> >>>>>>>> cleanup' button. Obviously Index.dat files cannot be deleted
>> >>>>>>>> from within windows so once you have used cleancache you simply
>> >>>>>>>> restart your pc and the index dat files will be cleared and a
>> >>>>>>>> new empty file created. there are also other applications that
>> >>>>>>>> will do the same FreshUI is one that comes to mind.
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> "Jeff" <jeff@falsepart.com> wrote in message
>> >>>>>>>> news:qLMgd.7742$Ae.700@newsread1.dllstx09.us.to.verio.net...
>> >>>>>>>>> Windows DOES keep files that track all your visited URLs,
>> >>>>>>>>> cookies, internet
>> >>>>>>>>> temp files, etc. in index.dat files and they are almost
>> >>>>>>>>> impossible to delete
>> >>>>>>>>> because Windows marks them as locked in use.
>> >>>>>>>>>
>> >>>>>>>>> The easiest way to delete them seems to be as follows:
>> >>>>>>>>> 1. create a new user account with administrative powers.
>> >>>>>>>>> (Password IT!!)
>> >>>>>>>>> 2. Search for all your index files and write down their
>> >>>>>>>>> locations
>> >>>>>>>>> 3. log out of your present user account and login as the new
>> >>>>>>>>> user you just created.
>> >>>>>>>>> 4. Go to the index.dat files you marked and delete them
>> >>>>>>>>> 5. log out of the new account and back into your normal
>> >>>>>>>>> account.
>> >>>>>>>>>
>> >>>>>>>>> The usual locations of the dangerous index.dat files are the
>> >>>>>>>>> following:
>> >>>>>>>>>
>> >>>>>>>>> \Documents and Settings\<Username>\Cookies\index.dat
>> >>>>>>>>>
>> >>>>>>>>> \Documents and Settings\<Username>\Local
>> >>>>>>>>> Settings\History\History.IE5\index.dat
>> >>>>>>>>>
>> >>>>>>>>> \Documents and Settings\<Username>\Local
>> >>>>>>>>> Settings\History\History.IE5
>> >>>>>>>>>
>> >>>>>>>>> \MSHist012001123120020101\index.dat
>> >>>>>>>>>
>> >>>>>>>>> \Documents and Settings\<Username>\Local
>> >>>>>>>>> Settings\History\History.IE5\MSHist012002010720020114\index.dat
>> >>>>>>>>>
>> >>>>>>>>> \Documents and Settings\<Username>\Local Internet
>> >>>>>>>>> Files\Content.IE5\index.dat
>> >>>>>>>>>
>> >>>>>>>>> --
>> >>>>>>>>>
>> >>>>>>>>> Jeff Williams
>> >>>>>>>>> Email address deliberately false to avoid spam
>> >>>>>>>>> jeff@phony.com
>> >>>>>>>>>
>> >>>>>>>>>
>> >>>>>>>>> "crissssss.........." <cris@newsgroupinfo.wanadoo.co.uk> wrote
>> >>>>>>>>> in message news:cm0182$p7$1@news7.svr.pol.co.uk...
>> >>>>>>>>>> I have no idea what files. I really was only asking this:
>> >>>>>>>>>> If it's true that any computer keeps records of past web
>> >>>>>>>>>> searches (or anything else) that are NOT cleared out by using
>> >>>>>>>>>> the usual Internet Options, then surely these files must grow
>> >>>>>>>>>> and grow until they slow a computer down. Or is this the idea
>> >>>>>>>>>> so Microsoft can then sell you another computer? Thanks Chris
>> >
>> >
>> >
>>
>>
>
>