Author Topic: Easy Removal of Windows Super Hidden Temp Files  (Read 24213 times)

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #45 on: 25 November 2005, 03:51 »
a hat of ferite beads?
sig.

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #46 on: 25 November 2005, 04:07 »
Satellite dish?
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

Annorax

  • Global Moderator
  • Member
  • ***
  • Posts: 694
  • Kudos: 457
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #47 on: 25 November 2005, 05:30 »
Quote from: skyman8081
Thermite.  If it's good enough for the DoD, It's good enough for me.


Which makes me wonder when they'll introduce drives with built-in thermite or other ordnance packages for OS-triggered autodestruction. It'd go over well both to prevent both classified and copyrighted data from getting into teh "wrong" hands...
Quote from: "bash.org"
<3M> ok guys i've finally got my windows me machine up and running again :D
if everything seems to be running well on windows me you've obviously overlooked something....
<3M> who is general failure and why is he reading my hard disc :(
somehow, "i told you so" doesn't quite say it ;)

Dark_Me

  • Member
  • **
  • Posts: 302
  • Kudos: 314
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #48 on: 25 November 2005, 05:43 »
Thermite isn't the way to go. It produces so much heat that it can melt through the engine block of a car. Which you may already know. As for explosives, can you make it so that the completely distroy the hard drive without going out side the case and so damaging the user? I think a built in electromagnet would do it. It's completly harmless until electricity is put through it, then it, if strong enough, will completly wipe the hard drive.
Capitalism kicks ass.
-Skyman
If your a selfish, self-centred prick, who is willing to leave half the world in poverty, then yes.
-Kintaro

H_TeXMeX_H

  • Member
  • **
  • Posts: 1,988
  • Kudos: 494
    • http://draconishinobi.50webs.com/
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #49 on: 25 November 2005, 21:08 »
Quote from: Dark_Me
Thermite isn't the way to go. It produces so much heat that it can melt through the engine block of a car. Which you may already know. As for explosives, can you make it so that the completely distroy the hard drive without going out side the case and so damaging the user? I think a built in electromagnet would do it. It's completly harmless until electricity is put through it, then it, if strong enough, will completly wipe the hard drive.

Theoretically that would work ... much like rubbing your HDD with a big magnet ... uhhhh, but there is a chance that some of the data may survive, or the government has specialized data recovery equipment that can recover some data even from a heavily damaged drive (safest way is for the drive itself to cease to exist) ... or you can do what normal people do and use something like killdisk or DBan to wipe your drive. :D

mobrien_12

  • VIP
  • Member
  • ***
  • Posts: 2,138
  • Kudos: 711
    • http://www.geocities.com/mobrien_12
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #50 on: 26 November 2005, 09:37 »
Quote from: Annorax
Which makes me wonder when they'll introduce drives with built-in thermite or other ordnance packages for OS-triggered autodestruction. It'd go over well both to prevent both classified and copyrighted data from getting into teh "wrong" hands...


And to give the **AA the opportunity to physically blow your drive to hell remotely via the next generation Sony rootkit.  :)
In brightest day, in darkest night, no evil shall escape my sight....

themacuser

  • Member
  • **
  • Posts: 189
  • Kudos: 120
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #51 on: 3 December 2005, 05:56 »
Quote from: solemnwarning
Code: [Select]
#!/usr/bin/perl

$hdd = $ARGV[0];
$pid = fork();

if($pid == 0) {
  system("/bin/cat /dev/urandom > $hdd");
}


:)


Why? Why not sudo cat /dev/urandom > /dev/hda ?

One line of bash...
I'm often asked why I hate Microsoft - "What did they ever do to you?". Well, I'll tell you. They made dodgy programs and standards which have wasted hundreds of hours of my time involving lost work in crashes and stupidity.

para_fms

  • Member
  • **
  • Posts: 26
  • Kudos: 0
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #52 on: 13 January 2006, 16:37 »
ok, there's a few statements here that i know to be untrue, and a few others that i suspect are inaccurate.

first of all, one of the easiest ways to delete the files is to logon as another user with administrative rights. you'll now have access to the hidden files on other accounts.

windows xp/98 (and probably any other NT/9x flavor) clears the hidden files when deleting temp files through IE settings - this is not true. consider why they're hidden in the first place: i have good reason to believe, through conversations with law enforcement, that this stuff is often used against you in making a case. that's nothing new, but i would go a little further and suggest that this has something to do with why MS decided to hide them using the methods they did.

if you don't think you have content.IE* on your box, think again. if you think the directories are empty, and you use IE, think again.

it is interesting that MS didn't hide this stuff even better. they could've used rootkits. maybe we'll see that in vista/IE7??? or maybe, as others have suggested, the pretense behind all this isn't as sinister as i'm suggesting it is. still, i have worked with some law enforcement friends and that's why i have reason to believe as i do. and it doesn't stop with IE, though i'm not in a position to test OE anymore as i don't have it installed on either of my windows boxes.

here's an interesting little adventure i went on some time ago...

IE nonsense - note that this AFTER clearing the cache from within IE. OS is XP Pro, SP2.

this is while logged-on in the account i was accessing the directories from.

unfortunately, i was 'raised' on windows. it started with an OEM machine with 95 installed. then 98 and XP. although i've tried to switch to Linux multiple times, i keep returning to windows. there's a few reasons: 1) i'm very familier with it. 2) games. 3) i have yet to find a flavor of Linux that doesn't have a lot of bugs and annoyances and incredibly crappy driver/hardware support.

the last time i researched Linux (a month or so ago) i went with Suse. from what i read, it's the most 'refined' Linux OS (previously i've tried Redhat, Mandrake, Ubuntu and i forget what others). although my joystick was recognized, it didn't work. although it had a driver for my Logitech MX310 mouse (a hugely popular mouse), the side buttons didn't function. the driver for my Creative Audigy weren't nearly as good as the kxProject drivers. my ATI 9800 graphics card wasn't supported well at all. all this stuff may be easily fixed, i don't know, but it was annoying none the less.

i also CANNOT STAND windows as it is out-of-the-box. there's so much crap and annoyances present it's completely ludicrous: IE, OE, WMP, MSN, SFC, "balloon tips", cartoonish default theme, useless and security compromising services, windows update, windows security center, and on and on and on and on. then i found nLite. it's great for slipstreaming, unattended, and REMOVING all the useless, annoying, security hole riddled crap (that billy thinks everyone should have) BEFORE you install.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #53 on: 13 January 2006, 20:04 »
*sigh*

Please read this thread from the beginning. :rolleyes:

MS are not spying on you and it has nothing to do with law enforcement - the FBI already have plenty of methods of recovering deleted files from your hard disk.

The temporary files and index.dat are an indexing system that allows the Windows file system to store the web addresses and other info from the net.

Windows Explorer hides them, interprets their contents and displays the URLs togeather with other info like the date and time.

The reason why they weren't deleted in Windows 95/98 when you clicked on "delete temporary Internet files" is due to MS' incompetance and poor programming.

Windows XP (don't know about ME/2000) doesn't have this problem, yes the index.dat files remain but their contents is removed.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #54 on: 13 January 2006, 23:31 »
[offtopic]Incidentally, Cerberus has mirrored the Clearing and Sanitizing Matrix originally found in section 8-306 ("Use the search, Luke :cool:") of DoD 5220.22-M.[/offtopic]

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

para_fms

  • Member
  • **
  • Posts: 26
  • Kudos: 0
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #55 on: 14 January 2006, 04:28 »
Quote from: Aloone_Jonez

Please read this thread from the beginning. :rolleyes:

MS are not spying on you and it has nothing to do with law enforcement - the FBI already have plenty of methods of recovering deleted files from your hard disk.

Windows XP (don't know about ME/2000) doesn't have this problem, yes the index.dat files remain but their contents is removed.

i did read it and i paid particular attention to your post. i think you're wrong about those files not being used by LE however. i've personally had email and phone correspondences with a cop involved in forensics, as well as another detective who was a personal friend. "the riddler" came to the same conclusion when we were sharing information.

as far as the contents of index.dat being removed in XP, i'd have to check that again. i was under the impression that wasn't so. the files in the content.ie5 sub-directories still remain however.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #56 on: 14 January 2006, 04:38 »
The index.dat files aren't actually removed, the list of URLS they contain gets cleared.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

Orethrius

  • Member
  • **
  • Posts: 1,783
  • Kudos: 982
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #57 on: 14 January 2006, 11:47 »
Quote from: para_fms
i did read it and i paid particular attention to your post. i think you're wrong about those files not being used by LE however.

Help me out here, you think he's wrong and that cache files are used by law enforcement agencies (which he admitted, along with the concept that they ALSO use Undelete and similar drive recovery tools - Disk Druid on Linux and Restorer2000 for Windows come to mind, among others), or that he's wrong and Microsoft actually colluded with the Feds to make the browser cache a protected system folder (any directory with a dot (.) extension being hidden from the system by default unless directly accessed)?

Quote from: para_fms
i've personally had email and phone correspondences with a cop involved in forensics, as well as another detective who was a personal friend. "the riddler" came to the same conclusion when we were sharing information.

That's lovely.  Did he tell you that "they" used cached files and data recovery (which would be most accurate, IMO), or just one or the other?

Quote from: para_fms
as far as the contents of index.dat being removed in XP, i'd have to check that again. i was under the impression that wasn't so.

This seems to be the case under XP (verifiable via any hex editor), but you'll need to use one admin account to directly delete (as in shift-del) another's index.dat file.  Why this is, I cannot begin to imagine.

Quote from: para_fms
the files in the content.ie5 sub-directories still remain however.

I have noticed this behaviour myself, actually.  Given, I can track down the folders and empty them manually if the clear command doesn't take the first dozen times, but why go to such lengths to make the folders protected system files?  However, before going to the length of drawing dark conspiracies between the federal government and Microsoft (despite the NSA key debacle some time ago), I'd be more willing to chalk this one up to either programmer error (that is, a glitch - that's right, Windows is NOT immune to them by any stretch of the imagination) or an earnest attempt by Microsoft to claim that the browser is an inextricable part of the operating system ("See?  Only the browser can delete the cached files, the system can't even read them!" - ignoring the obvious smoke and mirrors).

Then again, I could be wrong, and this COULD be a dark plot to make our personal data a matter of public record.  Not that it'd be the first time or anything.

Proudly posted from a Gentoo Linux system.

Quote from: Calum
even if you're renting you've got more rights than if you're using windows.

System Vitals

para_fms

  • Member
  • **
  • Posts: 26
  • Kudos: 0
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #58 on: 14 January 2006, 14:14 »
Quote from: Orethrius
Help me out here, you think he's wrong and that cache files are used by law enforcement agencies (which he admitted, along with the concept that they ALSO use Undelete and similar drive recovery tools - Disk Druid on Linux and Restorer2000 for Windows come to mind, among others), or that he's wrong and Microsoft actually colluded with the Feds to make the browser cache a protected system folder (any directory with a dot (.) extension being hidden from the system by default unless directly accessed)?

i think (read: 98% sure) that the cache files are used by LE. i mean, that's just common sense. they'd be foolish not to. i don't know, nor do i have any strong opinion on whether or not MS and the feds worked together, though it certainly wouldn't suprise me at all.
Quote
That's lovely.  Did he tell you that "they" used cached files and data recovery (which would be most accurate, IMO), or just one or the other?

obviously they use both. we didn't talk a whole lot about data recovery though. i was more interested in the cache files. i do remember 'alternate data streams' and 'mirror imaging' being brought up at one point. i don't know about rootkits, though i don't think they were mentioned.
Quote
This seems to be the case under XP (verifiable via any hex editor), but you'll need to use one admin account to directly delete (as in shift-del) another's index.dat file.  Why this is, I cannot begin to imagine.

well, it could be as simple as trying to protect the cache files while the user is logged on, or it could be to protect the files so they can be used against you later. i'll vote for the latter.
Quote
I have noticed this behaviour myself, actually.  Given, I can track down the folders and empty them manually if the clear command doesn't take the first dozen times, but why go to such lengths to make the folders protected system files?

exactly!
Quote
However, before going to the length of drawing dark conspiracies between the federal government and Microsoft...

i'm not, that's just it...
my opnions are rooted in the conversations i've had with 2 LE officers and 'the riddler'. i didn't come up with stuff by myself, though i did eventially suspect something fishy was going on. you asked the key question yourself; why attrib simple chache files hidden and system, plus burry them even further using the desktop.ini files? it's almost certainly not to protect them form the user, wouldn't you agree? hell, required system files aren't hidden that well!

Aloone_Jonez's post about the hiding mechinisim makes a lot of sense. IF i'm completely wrong about all this, i could see attributing my mistaken opinion to the information he provided, but i don't think i'm wrong. and the question still remains, why go through so much trouble to hide simple cache files? this was no coding error; the contents of desktop.ini aren't there by accident. no way.

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Easy Removal of Windows Super Hidden Temp Files
« Reply #59 on: 14 January 2006, 15:56 »
I can't be bothered to bebunk the rest of your post - I'd just be repeating myself.

Quote from: para_fms
the contents of desktop.ini aren't there by accident. no way.


Almost every folder Windows has write access to on your hard drive will have a desktop.ini file in it. They are responsible for storing desktop related settings (strangly enough) like whether you want to view pictures as thumbnails the oreder you want the files sorted and the type of folder it is. The History and Temporary Internet files contain desktop.ini files with attributes that denote them as such, have you noticed how when you delete the contents of the desktop.ini files whe index.dat files magically become visible?

The  conspiracy theory is definetly bullshit, if MS really wanted to hide the files from you then they would've come up with something far more devious, they wouldn't have made the mistake of allowing the administrator to view them or a differant OS like Linux. Another thing is you don't actually have to be admin to view them, you just need read only access to another user area and even the admin can't veiw their own index.dat files, the only person who can't see them is the person who is lodded onto the user area containg them, this is because Windows is interpreting them as your browsing history or temporary Internet files respectivly.
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu: