Windows cleaning Tips

while "surfing" online

1. Make yor browsers refuse ALL Cookies, turn off ALL Java, Java Script, ActiveX, Auto Install on your browsers.

2. ALWAYS USE a PROXY while surfing for added privacy and protection from snoopers, ad men, ets! For a list of proxies go to proxies info. When using a proxy, check to see if your proxy is secure: proxy checkers (Start Button/Run/winipcfg to see your IP). or here: helie.com/BrowserCheckIf you DO NOT know anything about Proxies, read the what's a proxy FAQ, then go to how to set your browser to use a proxy FAQ ,and check the proxy page

3. Always have a good intrusion detection system running. In the Windoze world the current favorite would be BlackICE Defender. It will block hacking atempts, and will filter all kinds of junk while you are on. http://www.clariondeveloper.comhas the ClearIce freeware which will assist you in analyzing the data that BlackICE produces.


4. Your next step should be a FireWall. Unfortunatly AtGuard has been discontinued, but it has the best documentation on how to use it, and you can still find copies of it floating around. If you are really paranoid the best then will be Conseal PC Firewall - Signal 9 Conseal also blocks protocols the other products (currently) ignore. You will need to learn a little about ports and protocols but a liitle knowledge won't harm you. Other good ones are Proxymitron(totally free), from http://members.tripod.com/Proxomitron

5. You do NOT want to share ALL your files with everyone on the 'net, do you? Well, thats exactly what your silly Windoze allows by default, because it assumes that you are connected to shared local area network (LAN), so it has file and printer sharing option ON by default. It is port 139 which is the NETBIOS Session Service, its BOTH udp and tcp. To disable it, go to Control Panel+System+Performance+File System+Trouble Shooting folder, then choose Disable new file system and locking semantics bullet. The system will then ask you to restart your PC. Do so. You are done.

Its a good idea to shut off ALL the other ports you have open on your connection, Do not leave an ftp or telnet or http port open if you are not ACTUALLY USING IT. Generally a good firewall will take care of ALL your ports. The port numbers are divided into three ranges: well known ports 0-1023, registered ports 1024-49151, and dynamic ports 49152-65535. The well-known ports are used by your computer for the basic protocols. Numbers are typically "bound" to a specific protocol e.g. port 80 is for HTTP, port 443 is for HTTPS, etc. he other ports are assigned dynamically by your computer as needed starting with port 1024. In other words, if you use a dial-up connection then your first connection to your ISP will usually be on port 1024. Here is a link for some more information. ttp://www.chebucto.ns.ca/~rakerman/port-table.html This page also links to other good information.


6. DO NOT d/l and run any .exe from an unknown sources! Thats the ONLY sure way to get viruses or trojans! After all, you'd NOT stick your penis in EVERY warm hole you meet, right?...well maybe YOU would...

Lets review: 1. set your browsers to refuse java, javaScript, cookies, ActiveX, 2. use a proxy, and 3. use a firewall....



after you are done "surfing"

here is where the fun starts!..you will need to do some serious cleaning of your PC now, so lets get to it!

1. Hope you know that while "surfing", EVERY image you looked at, every web page you looked at was saved on your HD in your Browser's cache(s). IE has 4 and netscape has 2. So you definetly wannna clean, wipe, empty the following folders/files that have been filled with all sorts of info about where you surfed and what you looked at:
You can clean all those folders either manually (very cumbersome and time consuming), or by using either Windows Washer fromwebroot.com or Evidence Eliminator or Eraser other good product.


2. clean all the KNOWN hidden files in Windoze:




3. NEVER, EVER delete ANY files to the Trash Bin because the files are NOT actually deleted, only their headers have been modified - marked to be written over. Any techy with a minimum knowledge, armed with Norton or some other utilities like DirSnoop or Encase will be able to find all those "deleted" files in less than 5 minutes Oh, the shame of those ol' anal pix, eh? Get either BCWipe or Eraser and and use them. Or you can instead, create a folder and make sure you wipe that folder with Eraser or create a virtual drive inside RAM and keep the stuff there. The drive will be gone once the PC is shut off.


4. if you use ICQ then you also need to clean your chats. The new ICQ99 keeps 2(!) separate records of all those chats. 1. first you click on each user's name, go to History, then View Messages History folder. There choose the Delete all button.
2. second go to ICQ logo (main menu) the one with the animated dog or cat or whatever it is, and choose the Messages Archive Click on the Deleted Items(twice), then Messages. Choose all the messages in the right Window with right mouse button+Shift. Press your delete button on the keyboard. Repeat with Chats, Notes. go to Messages next(twice). clean all-message dialogs, Received, go through all the names one by one. Repeat with all the rest. You are done.


Think you are done yet?..hell, NO!...Before shutting down your PC for the day you should also clean:

5. C:\WINDOWS\Recent has all the recent looked at at files. in NT you can find it in C:\WINNT\PROFILES\ADMIN~1\RECENT\ and C:\WINDOWS\QFNONL\RECENT\ . Windows Washer and Evidence Eliminator will take care of those folders by default.


6. Win95, 98, UNIX, NT use a virtual memory space to keep files there called Swap file. When a proccess becomes inactive its data is copied back into RAM, but the virtusl swap file is never overwriiten. Your data can stay there for days or even months! Worse some systems liek NT and Win95 have swap fiels that grow and shrink in size dinamically using the empty space on your HD. Thus wiping the file in a shrinken space can leave parts of it in whats now the unused free space.
Win 95 & 98 swap file is inside C:\Windows and is called Win386.swp. NT's swap file is called pagefile.sys. In UNIX you can actually switch to alternatice swap file (Cool, eh?) while erasing the original. Check /etc/fstab for references to yuor swap partition.
If you shut Windoze properly, the file will be gone, but according to some people the info can still be read off the HD. You CAN'T clean it while in Windoze, so you need to do it in DOS mode.
Supposedly using scorchthe program Dr Who talks about in his FAQ or using Windows Washer, or Evidence eliminator3.0 delete the file. I have used With EnCase I found that it was the same as before. I would say to be safe use bcwipe on the empty space of your HD will clean any remains of that file.


7. DO NOT forget yo also wipe the Free Space on your HD that Windows uses as a virtual memory space with BCWipe from jetico.sci.fior Eraser, BOTH of which are free. Read the Useful toolz FAQ on where to find them and how to use them. WARNING: some people report problems with it.They have had to reconfigure and re-load Win95 AFTER using BCWipe. So the program IS NOT for everyone off-siteThere is also Shredder.


8. Two VERY revealing files on your PC are USER.DAT and SYSTEM.DAT that are make Windoze's Registery. They are insideC:\Windows. To look at them you must first make all your hidden and system files visible by clicking the right mouse button and choosing VEIW, OPTIONS, then VIEW foder again and click on the Show all files button. The problem with them is since they are system files you can't clean them and even if you did, Windoze will regenerate them right back up with exactly the same data it had before. It had been suggested to that one way to deal with this two files is to: Boot the system in DOS, and while in DOS, use REGEDIT to make a backup copy of USER.DAT and SYSTEM.DAT in a directory other than Windows. Now,rename the original USER.DAT and SYSTEM.DAT to anything else (such as .SAV) and copy the backup copies back into the Windows directory. This cleans up the registry something wonderful, and often results in much smaller -- and faster registry files. This only works in DOS; doing it in a DOS window in Windows won't work.


9. Defrag your HD weekly if not more often. that way all the info in the old clusters you had used will be wiped and cleaned . After defragging, run eitherBCWipe or Eraser and wipe the free disc space. One time run should be enough.


10. Win98 has an AppLog in C:\WINDOWS\ contains a txt based log file for EACH application I have on my PC, with some weird numbers that dont make any sence to me. Go ahead check YOUR PC. Now WHY would Windoze keep a log like this? If anybody can tell me what those numbers mean, please, DO contact me.


11. Get rid of the.tmp filesthat are inside C:\Windows\Temp. Tempfiles are supposed to be deleted from your computer whenever you shut it down. However, in certain situations (like when your computer crashes) temp files remain on the hard disk. When booting, the stupid OS will also save lost clusters as FILE0001.CHK, ets. Delete all those with Windows Washer or Evodence Eliminator. Or you can do it all in DOs mode(not recommended becase we dont really know if DOS actually deletes them or just marks the file headers as deleted): 1.Choose Start, Shut Down, Restart in MS-DOS mode. 2.At the DOS prompt type: cd\windows\temp and press Enter. 3.Type: del *.tmp to banish all temp files from the C:\Windows\Temp folder.

12. Get an email program that uses TEXT. (good one is thebat with the NO HTML switch) But pegasus and others work well too. And I find people are touchy about this subject. pegasus + PGP is cool and it can use more than one mailer is NEAT-O. and can confuse those that study headers. TheBat is good too If you need to be stealth you can use some bouncers and pegasus.


13. clean daily:
All these programs, as well as windows itself, cache the filenames of the most recent documents you have been working on. This leads any attacker directly to your recent work!


14. DO NOT keep anything that can be used against you on your HD, but today, it's hard enough to know what that might be. Get a CD-burner if you can spare the cash or SEAQUEST drive or IOMEGA zip drive and keep the cartriges. To Learn to ENCRIPT your data using one of the MANY diff encription programs available like Best Cript, ScramDisc , ets. You can get PGP from MIT. PGP Faq is at:PGP FAQ
NOTE: Do a string search on SECRING.PGP, Secring.SKR, .ASC , etc These will be YOUR secret keyrings, if you do happen to be using PGP! These are protected by your passphrase, so I hope you've got a realllllly long one, and it's not something any average cracker will be able to pick, and you're not running any keypress macro recorders or typing sniffers, and you've not got any Trojan Horses or Password Targeted Viruses busy siphoning off your passwords and passphrases, and you trust all the software you run on yourPC,


Let's review: clean your Browser's caches, all the Index.dat files, temp folders, recent folder, wipe the freespace, the swap file, and the registery! Don't you feel tired already??

15. Lots of the programs you use daily leave many tracks behind of what you did last.So examples include:if you use ACDSEE, clean the "move" pull down menu under the "move" icon it contains all the information about the jpegs you viewed and where they were moved to. Not cool.
Did you know Winzip creates a temporary file with the names of all the unzipped files? Look for it on C:\ root dir. There you will find a neat list of all your extract actions... There are possibilities to turn off the logging in both programs if you look in the configuration menus, but I think that default is to keep logs, so check it out.. ;) Also, remove the "unzipped" file and everything inside.
Keep it clean :) by WhiteSpider


Your SBNews puts an .ini file (Newsbot.ini) in the Windows directory. It contain plain text info about selected groups, host name etc.If you want to clean up your tracks, copy it to a safe backup folder after use and use BCwipe or similar to delete the one in the Windows directory.Remember to put it back there before you use SBN the next time..If you don't, it will automatically create a new one, but all the info on download directories, hosts etc. will be lost.Also keep in mind that SBN saves logfiles of all downloads in its program Keep it clean :)
So install the program in a safe place.. ;)
by WhiteSpider


Did you KNOW that SBnews has a Dup file in its folder? thats how it keeps track of all the pix you have d/ld. I am SURE other news-reader have the same folder somewhere in there, too. How to deal with that issue? personally, I dont know.Any suggestions? Maybe clean that file and when staring SBNEws look over whats there with "headers" and only choose what you want. Maybe disable the "dup" fucntion toowill be a good idea.


A direct link to Win95 and 98 clean up utilities: winfiles.com


more Tweaking and cleaning up your Windoze tips

Every week a new report hits the news about some newly discovered weakness in Windoze or somebody discovers something hidden inside. That's why I started this FAQ, to share everything I have discovered, in hope other people can ALSO benefit

  • Perhaps old news for some but new to others... 1. In Windows98 I found a file called 'logfile.log' It had recorded a LOT of info about activities. I used Editpad to access file/clicked 'select all'/then hit Backspace/ then Re-Saved the file at 0 kb. Check it out on your PC's My logfile.log has stayed clean since.


  • Evidence Eliminator is rude and it starts up every time I reboot Windoze. to stop it I went to START+RUN, typed regedit and looked for this key: HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Run . once inside, delete the Evidence Eliminator key. Of course you can also prevent any other program from starting too while you are there...:-)


  • According to an article of the magazine Wired, some ICQ advanced users detected that the automatic mechanism of Update installed by Mirabilis might be used to obtain information directly from the hard disk of the users. AOL just bought Mirabilis and the ICQ system must be one of the biggest data bank in the whole world. So, as good safety precaution, these experts urge to turn this feature OFF.
    To do that you need to Go to START+RUN start-menu and type "regedit" and look for this particular string:HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs Right-clik over the Key Auto Update, select Modify and enter No Thatīs all.


  • If you REALLy want to remove all the previous installed software off your PC, you again need to edit the Win registery. Go to START+RUN start-menu and type "regedit". Go to HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall . Now you should see all programs that are installed on your computer, whether they exist or not. Just delete the ones you don't have anymore. Oh yeah... Try at your own risk. If you delete the wrong thing the computer may crash.
    Also, use the FIND option in the registery to find ANy traces of the software you want removed and then use the delete function.


  • Suppose you want to change your name in Windows. To Change the Version, in Control Panel and System Properties :



  • to look at the name your PC uses on a network, find your network neighborhood icon, select properties, then select the identification tab . Right there is your computer's name, which could have been set by some other piece of software. Change it to something else, click on ok. I believe you'll have to reboot your computer before the change takes affect

  • Suppose you want to stop the CritialUpdate file in Windows 98 from updating Windowze without asking you. You need to do this then: Start+Program+Accessories+System Tools+System Information+ Tools+System Configuration Utilities+Start up Then uncheck the Critical Update and restart Windows


  • . ICQ also likes to update itself without your persmition. To show it who's da boss, do this: go to Windoze Registry with START+RUN start-menu and type "regedit". then open HKEY_CURRENT_USER\Software\Mirabilis\ICQ\DefaultPrefs Auto Update "No"


  • .You can use several tricks to make your computer start faster. Decrease StartUp items: Applications that you don't use during a typical computing session may load themselves automatically at start-up. To find out which programs are auto-launching and stealing your system resources, go into Windows Explorer and open the following folder: C:\Windows+Start Menu+Programs+StartUp Just right-click on the ones you don't want to load at start-up and choose Delete from the pop-up menu.


  • More sneaky StartUp items: You might have more unwanted stuff self-activating at start-up than what's listed in the StartUp folder. From the Start menu, choose Run and type MSCONFIG in the text box. Click on the StartUp tab. You'll see long list of items. All of those marked with an X launch automatically at StartUp. Uncheck non-critical functions such as Tips (unless you like them), Task Monitor, and Load Power Profile (don't uncheck it if you use a notebook computer). Unchecking Norton products such as CrashGuard and Anti-Virus will expedite the start-up process but will leave you more vulnerable to crashes and viruses.


  • Did you know that each time Windows 98 boots it searches for new floppy drives? But when is the last time you installed a new floppy drive? To disable the ludicrous floppy drive scan go to: 1.Right-click on My Computer and select Properties. 2.Click on the Performance tab followed by the File System button. //8+ 3.Choose the Floppy Disk tab and uncheck Search for new floppy drives each time your computer starts.


  • . Delete Auto Insert: You can tweak your CD-ROM drive to save a few CPU cycles by disabling Auto Insert Notification-- the function that tells your computer to launch, say, your audio CD player when you stick that CD into the drive. Auto Insert Notification can be particularly annoying if you put a game CD into the CD-ROM drive and the Installation Wizard opens even though you've already installed the game onto your machine. disable Auto Insert Notification: 1.Right-click on My Computer and select Properties. 2.Click on the Device Manager tab. 3.Double-click on the CD-ROM icon and then double-click on the CD-ROM model you're currently using. 4.Click on the Settings tab and uncheck Auto insert notification.


  • turn off the CritialUpdate file in Windows 98: Start+Program+Accessories+System Tools+System Information+ Tools+System Configuration Utilities+Start up Then uncheck the Critical Update and restart Windows


  • open the MSINFO32.EXE inside C:\Program Files\Common Files\Microsoft Shared\MSinfo\MSINFO32.EXE with an Hex editor and edit it to remove the active modules you dont want from starting.

    end for now-...;-)
    I shall be adding more quick reference tips and links here. As usual, I need as much feedback as I can. E-mail me with any comments, questions, corrections, ets.