Welcome to WebmasterWorld Guest from 54.145.208.64

Forum Moderators: phranque

Message Too Old, No Replies

Beyond Cookies?

Strange HTM files in Windows\Temp

   
7:06 am on Mar 20, 2001 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



While cleaning out TMP files in my Windows\Temp folder, I encountered a huge number of tri*.HTM files. Trying to open them crashes IE, with an "illegal operation" message... but, when looking at the contents in Lister (a text viewer), some show no text content, even though they're 1.2K or so. A bunch of them, though, show text in the following form:

{[AltaVista LookSmart Directory]}
Search the
AltaVista Directory
Your query:
etc

When I ran my cursor over the text to copy it for this message, I got a text flag at my cursor position, along with a little "e" IExplorer icon. For the above text, when the cursor is over the first line, the flag reads [ad.doubleclick.net...] etc until %2flooksmart.altavista.com --- Most, in fact, seem to be AV/LS related.

On another, the text is {[L90 adMonitor Ad]} -- and the url in the flag is [ads.admonitor.net...] etc.

I assume these are tracking files, but I'm stumped about why I can't open them and why I'm seeing a url at my cursor. Are they an attempt to get around cookie detection? Might this also be a way of tracking visits for popularity?

Anyone have an idea what they are and how I can keep them off my system?

7:50 am on Mar 22, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Hey Robert, we're not ignoring you, honest! :) I'll "rally the troops," call everyone's attention to your question in the mods forum. No promises but hopefully someone will have a few ideas...
8:31 am on Mar 22, 2001 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Dave - Thanks. These things are fairly recent... I can say that. I've been cleaning out Windows\Temp for a long time, and this is the first time I've noticed these.
8:52 am on Mar 22, 2001 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Must have installed some new software in the last few weeks? Sounds like spyware caching ads to temp.
8:53 am on Mar 22, 2001 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Robert,
Take a look here [webmasterworld.com] which may be a possibility. Try this page, [privacyfoundation.org] and this page too. [users.rcn.com]

Could this be what it is?

9:17 am on Mar 22, 2001 (gmt 0)

10+ Year Member



You all remember the DC turmoil last year?

My guess is that they are up to something similar.

[websearch.about.com...]

1:26 pm on Mar 22, 2001 (gmt 0)



Henki,

how old is that article? There is no date on it.

-G

1:50 pm on Mar 22, 2001 (gmt 0)

10+ Year Member



Grnidone,

That artical looks to be Feb 16, 2000 is the date Looks like a year old.. Correct me if I am wrong

6:03 pm on Mar 22, 2001 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Robert - Your question got me doing some digging and I came up with AdAware at [lavasoft.de...]
It's a freeware Winders scanner and file/cookie manager that handles most of the known spyware. So far I like it! It won't keep the temp files off your disk but it will identify the ones you want to know about and delete...
6:31 pm on Mar 22, 2001 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Thanks for much interesting information... I've spent part of the morning following up. Since I've also been losing the last-read tags on these forums, I decided to purge all my cookies. Noticed that many of the recent ones contained a mediaplex.com ID inside them, with my name in the cookie name... so somehow I was being tracked.

>>Must have installed some new software in the last few weeks? Sounds like spyware caching ads to temp.<<

Two possibilities...

One, with great misgivings a couple of weeks ago I installed Shockwave, which I believe also installs Active-X. I'm not really sure where Active-X resides, etc... can't find much documentation about it. I remembered at the time that there had been, on my earlier versions of IE, an advanced option for disabling Active-X, but on IE4 I can't find it.

The other... at the same time I installed Shockwave (for a media project), I also needed to exchange a large file, and we decided on one of the free virtual hard drive sites (after trying several). As it turns out, these are email address gathering sites... so one of these??

I'm trying to find out how to detect whatever it is and disable it. The lavasoft site is looking interesting.

Thanks.

8:27 pm on Mar 22, 2001 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



PS to the above... I downloaded AdAware and it's great. They also offer a real time monitoring version for $12, if you want that.

AdAware isn't really a cookie manager, though. It lets you scan your system and detect files that are implicated in privacy intrusion, based on an associated database. First scan caught one Windows\Temp file that I hadn't already deleted... but it didn't find any program file that would have introduced these.

Should I assume from this that Windows and/or IE Explorer makes us all vulnerable to whatever introduces these temp HTM files and there's nothing I can do but keep checking?... or should I assume that I simply haven't located whatever on my system is introducing these?

Another question, following up on the cleansing of my temp files and cookies... I assumed that the index.dat file in my Cookies folder would get rebuilt when I got rid of all my cookies. Not so... It still goes back to the first cookie I ever crunched, and it can't be deleted. I'm guessing its size has got to be slowing down something. Any thoughts on how to refresh this... and further thoughts on the HTM files?

1:04 pm on Mar 23, 2001 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I would guess that if you didn't detect any known spyware on your system, that it must have been from a java or active X banner system you visited. That could have been anywhere.

Could see a url in them at all?

6:22 pm on Mar 23, 2001 (gmt 0)

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



I've dumped the files in the housecleaning process, so mediaplex.com and the urls noted in my first post are the only ones I have noted.

>>it must have been from a java or active X banner system you visited<<

Is the medium security setting on the Internet Zone sufficient? I'm not sure I could be functioning on the web with the high security setting... but the thought of what Active-X can do has always made me nervous.