Q on AdAwareSE

  • Thread starter Thread starter Robert Baer
  • Start date Start date
R

Robert Baer

Every once in a while i get at least one of these MRU flags:

MRU List Object Recognized!
Location: :
software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft
directdraw

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
management console\recent file list
Description : list of recent snap-ins used in the microsoft
management console

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
media\wmsdk\general
Description : windows media sdk

*********
The question is: what causes these? i do not have any of the related
applications, most especially *not* "DirectDraw" or "Windows Media SDK".
 
Robert said:
Every once in a while i get at least one of these MRU flags:

MRU List Object Recognized!
Location: :
software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft
directdraw

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
management console\recent file list
Description : list of recent snap-ins used in the microsoft
management console

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
media\wmsdk\general
Description : windows media sdk

*********
The question is: what causes these? i do not have any of the related
applications, most especially *not* "DirectDraw" or "Windows Media SDK".
Click to expand...

Well, you certainly have DirectDraw, since it's part of Windows. MRU
stands for Most Recently Used and it means that some programs keep a
list of most recently used documents (think Word, where you have a list
of most recently opened documents). This feature allows to quickly open
frequently accessed documents, but also can act as an information
disclosure vulnerabilty, if someone comes on to your computer and can
see that you edited a document with the name "how I will kill X", s/he
can approximate the contents of the document even if s/he can't access
it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
because they want to scare people that's why they detect many low risk
items, and that's why the use techniques as described here:
http://rootkit.com/newsread.php?newsid=471
 
Well, you certainly have DirectDraw, since it's part of Windows. MRU
stands for Most Recently Used and it means that some programs keep a
list of most recently used documents (think Word, where you have a list
of most recently opened documents). This feature allows to quickly open
frequently accessed documents, but also can act as an information
disclosure vulnerabilty, if someone comes on to your computer and can
see that you edited a document with the name "how I will kill X", s/he
can approximate the contents of the document even if s/he can't access
it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
because they want to scare people that's why they detect many low risk
items, and that's why the use techniques as described here:
http://rootkit.com/newsread.php?newsid=471
Click to expand...

Apparently F-Secure is no good either. Would you agree?
From your link:
" btw it's not just a coincidence that the Ad-Aware engine uses another PR
crap firm F-Secure in their products for fighting with spyware."
 
Well, you certainly have DirectDraw, since it's part of Windows. MRU
stands for Most Recently Used and it means that some programs keep a
list of most recently used documents (think Word, where you have a list
of most recently opened documents). This feature allows to quickly open
frequently accessed documents, but also can act as an information
disclosure vulnerabilty, if someone comes on to your computer and can
see that you edited a document with the name "how I will kill X", s/he
can approximate the contents of the document even if s/he can't access
it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
because they want to scare people that's why they detect many low risk
items, and that's why the use techniques as described here:
http://rootkit.com/newsread.php?newsid=471
Click to expand...
I certainly do not have DirectDraw; it does not exist as a program
anywhere on the hard drive!
 
Robert said:
I certainly do not have DirectDraw; it does not exist as a program
anywhere on the hard drive!
Click to expand...

Robert,

Direct Draw is part of DirectX, and DirectX (used for a/v content) is
embedded in WinXP.

Step One: Click Start, select Run

Step Two: In the Run dialog box, type: dxdiag

Step Three: Click Ok

You should see the Direct Draw DLLs in the list of DirectX files.

See this:

DirectX Diagnostic Tool
(http://www.updatexp.com/directx-diagnostic-tool.html)

Ron :)
 
'Robert Baer' wrote:
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
_____

Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
Windows Media SDK).
The three are not programs, but rather functions of the operating system.

The flags you got from Ad-Aware are advisory, not an indication of a
vulnerability.
That is why you found them listed under 'negligible objects'.

Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
"Objects shown here are not considered to be a threat. They consist of
MRU (Most Recently Used items) lists. These can be removed if the user
desires."

All 'Most Recently Used' entries are stored to allow functions like 'My Most
Recent Documents'.
This information is available only to someone logged on to your computer
account or to an account with administrator privledges.

Use Google to obtain information about 'Direct Draw', 'Windows Management
Console', and 'Windows Media SDK'.

Phil Weldon

..
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
 
Ron said:
Robert,

Direct Draw is part of DirectX, and DirectX (used for a/v content) is
embedded in WinXP.

Step One: Click Start, select Run

Step Two: In the Run dialog box, type: dxdiag

Step Three: Click Ok

You should see the Direct Draw DLLs in the list of DirectX files.

See this:

DirectX Diagnostic Tool
(http://www.updatexp.com/directx-diagnostic-tool.html)

Ron :)
Click to expand...
I do *not* have XP and i will never get ot use that POS!
I am using Win98SE.
 
Phil said:
'Robert Baer' wrote:
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
_____

Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
Windows Media SDK).
The three are not programs, but rather functions of the operating system.

The flags you got from Ad-Aware are advisory, not an indication of a
vulnerability.
That is why you found them listed under 'negligible objects'.

Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
"Objects shown here are not considered to be a threat. They consist of
MRU (Most Recently Used items) lists. These can be removed if the user
desires."

All 'Most Recently Used' entries are stored to allow functions like 'My Most
Recent Documents'.
This information is available only to someone logged on to your computer
account or to an account with administrator privledges.

Use Google to obtain information about 'Direct Draw', 'Windows Management
Console', and 'Windows Media SDK'.

Phil Weldon

.
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
Click to expand...
I am neither stupid nor ignorant.
There is *no* "administrator" in Win98SE!
In the dim dark ages 3+ years ago, i remember one could download
Windows Media SDK for development work.
None of the 3 mentioned functions are a part of Win98SE; if you can
show me how to find any one of them beasties....
 
I do *not* have XP and i will never get ot use that POS!
I am using Win98SE.
Click to expand...

Windows 98SE also shipped with DirectX, version 6 or so. dxdiag
should work.
 
"Robert Baer' wrote, in part:
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....
_____

You did not mention your operating system in your original post. Since you
have Windows 98 SE just collapse my statement about who can access this
information to 'anyone who uses your computer'.

#1. Windows 98 SE includes DirectX, of which 'Direct Draw' is a part, see
http://www.microsoft.com/downloads/...91-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
..

#2. Windows 98 SE includes Windows Media SDK,
from MSDN archives:
"Microsoft Management Console (MMC)-previously known by the code
name "Slate"-is an ISV-extensible, common console framework for management
applications. The MMC will be released as part of the next major release of
Windows NT. When released, MMC will run on both the Windows NT (4.0 and
later versions) and Windows® 95 operating systems (current and future
versions)."

#3. Windows Media SDK, see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
..

If the above is not sufficient for you, I suggest you use MSDN at
http://msdn1.microsoft.com/en-us/default.aspx .

Phil Weldon

| Phil Weldon wrote:
|
| > 'Robert Baer' wrote:
| > | I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| > _____
| >
| > Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
| > Windows Media SDK).
| > The three are not programs, but rather functions of the operating
system.
| >
| > The flags you got from Ad-Aware are advisory, not an indication of a
| > vulnerability.
| > That is why you found them listed under 'negligible objects'.
| >
| > Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
| > "Objects shown here are not considered to be a threat. They consist
of
| > MRU (Most Recently Used items) lists. These can be removed if the user
| > desires."
| >
| > All 'Most Recently Used' entries are stored to allow functions like 'My
Most
| > Recent Documents'.
| > This information is available only to someone logged on to your computer
| > account or to an account with administrator privledges.
| >
| > Use Google to obtain information about 'Direct Draw', 'Windows
Management
| > Console', and 'Windows Media SDK'.
| >
| > Phil Weldon
| >
| > | > .
| > | I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| >
| >
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....
 
Zoned said:
AdAware SE cannot find spyware hidden by rootkits.
You will need to get one of the Anti Rootkit programs from
http://www.antirootkit.com to find what rootkits.

regards
Click to expand...

there is no such thing as a rootkit on Win9x systems
The whole OS is open to any user, so the OS itself could be considered a
rootikit (if it weren't for the invisibility aspect of rootkits)

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
»Q« said:
Windows 98SE also shipped with DirectX, version 6 or so. dxdiag
should work.
Click to expand...
I'll be dammned! 4/23/99 file date.
But...but...motorbut. I have never used it; this is the first time i
knew about that.
So, how the heck is it used so that an MRU is created?
 
Phil said:
"Robert Baer' wrote, in part:
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....
_____

You did not mention your operating system in your original post. Since you
have Windows 98 SE just collapse my statement about who can access this
information to 'anyone who uses your computer'.
Click to expand...
** That is me, myself and I; all three of us, period.
#1. Windows 98 SE includes DirectX, of which 'Direct Draw' is a part, see
http://www.microsoft.com/downloads/...91-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
.
Click to expand...
** I see that i have DXDIAG, but nothing else, and since this is the
first time i have heard of that, i obviously have not been using it (and
will no.
In fact, i think i will delete it and the DLLs from my HD.
#2. Windows 98 SE includes Windows Media SDK,
from MSDN archives:
"Microsoft Management Console (MMC)-previously known by the code
name "Slate"-is an ISV-extensible, common console framework for management
applications. The MMC will be released as part of the next major release of
Windows NT. When released, MMC will run on both the Windows NT (4.0 and
later versions) and Windows® 95 operating systems (current and future
versions)."
Click to expand...
** I translate that to "not on my computer".
Correct?
#3. Windows Media SDK, see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
.

If the above is not sufficient for you, I suggest you use MSDN at
http://msdn1.microsoft.com/en-us/default.aspx .
Click to expand...
** Ditto translation.
 
Ron said:
How do you _really_ feel about WinXP? LOL. I understand your position,
and I am starting to feel the same way about Vista.

Visual Tour: 20 Things You Won't Like About Windows Vista
... by Scot Finnie

(http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000829)

Short Version: (http://tinyurl.com/oysst)

Ron :)
Click to expand...
There is this nice list: 1) The FCC is going to steal our TV sets
(will not be able to use them) in a few years, 2) Billie boy is going to
lock our computers to the CIA, FBI, etc, 3) all personal data is already
the property of those spooks, 4) *all* company data is accessable at
will by the spooks, 5) etc 6) etc
And it all started with FDR stealing the gold...
 
Noel said:
there is no such thing as a rootkit on Win9x systems
The whole OS is open to any user, so the OS itself could be considered a
rootikit (if it weren't for the invisibility aspect of rootkits)
Click to expand...
True?
No rootkits for Win98SE?
They are so "advanced" that they cannot run on these older OSes?
 
Robert Baer said:
True?
No rootkits for Win98SE?
They are so "advanced" that they cannot run on these older OSes?
Click to expand...

The majority of rootkits (AIUI) rely on Alternate Data Streams (ADS) for
their stealth capability - and Win9x does not support ADS (witness the fact
that the WMF exploits that broke out at the new year affected only the NT
hierarchy of Windows, because the vulnerability was effectively using ADS)
While the active files may be present, Windows 9x is effectively incapable
of accessing the routines within the files, and so remains unaffected.

--
Noel Paton (MS-MVP 2002-2006, Windows)

Nil Carborundum Illegitemi
http://www.crashfixpc.com/millsrpch.htm

http://tinyurl.com/6oztj

Please read on how to post messages to NG's
 
'Robert Baer' wrote, in part:
| ** I see that i have DXDIAG, but nothing else, and since this is the
| first time i have heard of that, i obviously have not been using it (and
| will no.
| In fact, i think i will delete it and the DLLs from my HD.
_____

Why bother to ask a question when you have no intention in accepting an
answer?
And why should anyone bother to answer?
Just to close this off;

| ** That is me, myself and I; all three of us, period.

Anyone who sits down at your computer can access the Most Recently Used
information; some users wish to delete MRU information to prevent that.

| ** I translate that to "not on my computer".
| Correct?

No.

| ** Ditto translation.

No.

Phil Weldon

| Phil Weldon wrote:
|
| > "Robert Baer' wrote, in part:
| > | I am neither stupid nor ignorant.
| > | There is *no* "administrator" in Win98SE!
| > | In the dim dark ages 3+ years ago, i remember one could download
| > | Windows Media SDK for development work.
| > | None of the 3 mentioned functions are a part of Win98SE; if you can
| > | show me how to find any one of them beasties....
| > _____
| >
| > You did not mention your operating system in your original post. Since
you
| > have Windows 98 SE just collapse my statement about who can access this
| > information to 'anyone who uses your computer'.
| ** That is me, myself and I; all three of us, period.
|
| >
| > #1. Windows 98 SE includes DirectX, of which 'Direct Draw' is a part,
see
| >
http://www.microsoft.com/downloads/...91-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
| > .
| ** I see that i have DXDIAG, but nothing else, and since this is the
| first time i have heard of that, i obviously have not been using it (and
| will no.
| In fact, i think i will delete it and the DLLs from my HD.
|
| >
| > #2. Windows 98 SE includes Windows Media SDK,
| > from MSDN archives:
| > "Microsoft Management Console (MMC)-previously known by the
code
| > name "Slate"-is an ISV-extensible, common console framework for
management
| > applications. The MMC will be released as part of the next major release
of
| > Windows NT. When released, MMC will run on both the Windows NT (4.0 and
| > later versions) and Windows® 95 operating systems (current and future
| > versions)."
| ** I translate that to "not on my computer".
| Correct?
|
| >
| > #3. Windows Media SDK, see
| >
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
| > .
| >
| > If the above is not sufficient for you, I suggest you use MSDN at
| > http://msdn1.microsoft.com/en-us/default.aspx .
| ** Ditto translation.
|
| >
| > Phil Weldon
 
Back
Top