From: Robert Baer on
Ron Lopshire wrote:

> Robert Baer wrote:
>
>> dify.ltd(a)gmail.com wrote:
>>
>>> Robert Baer wrote:
>>>
>>>> Every once in a while i get at least one of these MRU flags:
>>>>
>>>> MRU List Object Recognized!
>>>> Location: :
>>>> software\microsoft\directdraw\mostrecentapplication
>>>> Description : most recent application to use microsoft
>>>> directdraw
>>>>
>>>> MRU List Object Recognized!
>>>> Location: :
>>>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
>>>> management console\recent file list
>>>> Description : list of recent snap-ins used in the microsoft
>>>> management console
>>>>
>>>> MRU List Object Recognized!
>>>> Location: :
>>>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
>>>> media\wmsdk\general
>>>> Description : windows media sdk
>>>>
>>>> *********
>>>> The question is: what causes these? i do not have any of the related
>>>> applications, most especially *not* "DirectDraw" or "Windows Media
>>>> SDK".
>>>
>>>
>>>
>>>
>>> Well, you certainly have DirectDraw, since it's part of Windows. MRU
>>> stands for Most Recently Used and it means that some programs keep a
>>> list of most recently used documents (think Word, where you have a list
>>> of most recently opened documents). This feature allows to quickly open
>>> frequently accessed documents, but also can act as an information
>>> disclosure vulnerabilty, if someone comes on to your computer and can
>>> see that you edited a document with the name "how I will kill X", s/he
>>> can approximate the contents of the document even if s/he can't access
>>> it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
>>> because they want to scare people that's why they detect many low risk
>>> items, and that's why the use techniques as described here:
>>> http://rootkit.com/newsread.php?newsid=471
>>>
>> I certainly do not have DirectDraw; it does not exist as a program
>> anywhere on the hard drive!
>
>
> Robert,
>
> Direct Draw is part of DirectX, and DirectX (used for a/v content) is
> embedded in WinXP.
>
> Step One: Click Start, select Run
>
> Step Two: In the Run dialog box, type: dxdiag
>
> Step Three: Click Ok
>
> You should see the Direct Draw DLLs in the list of DirectX files.
>
> See this:
>
> DirectX Diagnostic Tool
> (http://www.updatexp.com/directx-diagnostic-tool.html)
>
> Ron :)
I do *not* have XP and i will never get ot use that POS!
I am using Win98SE.
From: Robert Baer on
Phil Weldon wrote:

> 'Robert Baer' wrote:
> | I certainly do not have DirectDraw; it does not exist as a program
> | anywhere on the hard drive!
> _____
>
> Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
> Windows Media SDK).
> The three are not programs, but rather functions of the operating system.
>
> The flags you got from Ad-Aware are advisory, not an indication of a
> vulnerability.
> That is why you found them listed under 'negligible objects'.
>
> Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
> "Objects shown here are not considered to be a threat. They consist of
> MRU (Most Recently Used items) lists. These can be removed if the user
> desires."
>
> All 'Most Recently Used' entries are stored to allow functions like 'My Most
> Recent Documents'.
> This information is available only to someone logged on to your computer
> account or to an account with administrator privledges.
>
> Use Google to obtain information about 'Direct Draw', 'Windows Management
> Console', and 'Windows Media SDK'.
>
> Phil Weldon
>
> "Robert Baer" <robertbaer(a)earthlink.net> wrote in message
> news:RK7hg.2060$lp.1320(a)newsread3.news.pas.earthlink.net...
> .
> | I certainly do not have DirectDraw; it does not exist as a program
> | anywhere on the hard drive!
>
>
I am neither stupid nor ignorant.
There is *no* "administrator" in Win98SE!
In the dim dark ages 3+ years ago, i remember one could download
Windows Media SDK for development work.
None of the 3 mentioned functions are a part of Win98SE; if you can
show me how to find any one of them beasties....
From: Zoned on
AdAware SE cannot find spyware hidden by rootkits.
You will need to get one of the Anti Rootkit programs from
http://www.antirootkit.com to find what rootkits.

regards

Zoned

From: Phil Weldon on
"Robert Baer' wrote, in part:
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....
_____

You did not mention your operating system in your original post. Since you
have Windows 98 SE just collapse my statement about who can access this
information to 'anyone who uses your computer'.

#1. Windows 98 SE includes DirectX, of which 'Direct Draw' is a part, see
http://www.microsoft.com/downloads/details.aspx?FamilyID=4846c891-d45d-4122-8230-69f3e5ecdede&DisplayLang=en
..

#2. Windows 98 SE includes Windows Media SDK,
from MSDN archives:
"Microsoft Management Console (MMC)-previously known by the code
name "Slate"-is an ISV-extensible, common console framework for management
applications. The MMC will be released as part of the next major release of
Windows NT. When released, MMC will run on both the Windows NT (4.0 and
later versions) and Windows? 95 operating systems (current and future
versions)."

#3. Windows Media SDK, see
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnanchor/html/anch_winmedsdk.asp
..

If the above is not sufficient for you, I suggest you use MSDN at
http://msdn1.microsoft.com/en-us/default.aspx .

Phil Weldon

"Robert Baer" <robertbaer(a)earthlink.net> wrote in message
news:W8whg.2673$lf4.1520(a)newsread1.news.pas.earthlink.net...
| Phil Weldon wrote:
|
| > 'Robert Baer' wrote:
| > | I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| > _____
| >
| > Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
| > Windows Media SDK).
| > The three are not programs, but rather functions of the operating
system.
| >
| > The flags you got from Ad-Aware are advisory, not an indication of a
| > vulnerability.
| > That is why you found them listed under 'negligible objects'.
| >
| > Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
| > "Objects shown here are not considered to be a threat. They consist
of
| > MRU (Most Recently Used items) lists. These can be removed if the user
| > desires."
| >
| > All 'Most Recently Used' entries are stored to allow functions like 'My
Most
| > Recent Documents'.
| > This information is available only to someone logged on to your computer
| > account or to an account with administrator privledges.
| >
| > Use Google to obtain information about 'Direct Draw', 'Windows
Management
| > Console', and 'Windows Media SDK'.
| >
| > Phil Weldon
| >
| > "Robert Baer" <robertbaer(a)earthlink.net> wrote in message
| > news:RK7hg.2060$lp.1320(a)newsread3.news.pas.earthlink.net...
| > .
| > | I certainly do not have DirectDraw; it does not exist as a program
| > | anywhere on the hard drive!
| >
| >
| I am neither stupid nor ignorant.
| There is *no* "administrator" in Win98SE!
| In the dim dark ages 3+ years ago, i remember one could download
| Windows Media SDK for development work.
| None of the 3 mentioned functions are a part of Win98SE; if you can
| show me how to find any one of them beasties....


From: Robert Baer on
?Q? wrote:

> Robert Baer <robertbaer(a)earthlink.net> wrote in
> <news:E4whg.2670$lf4.2388(a)newsread1.news.pas.earthlink.net>:
>
>
>>>Direct Draw is part of DirectX, and DirectX (used for a/v
>>>content) is embedded in WinXP.
>>>
>>> Step One: Click Start, select Run
>>>
>>> Step Two: In the Run dialog box, type: dxdiag
>>>
>>> Step Three: Click Ok
>>>
>>>You should see the Direct Draw DLLs in the list of DirectX files.
>>>
>>>See this:
>>>
>>>DirectX Diagnostic Tool
>>> (http://www.updatexp.com/directx-diagnostic-tool.html)
>>>
>>>Ron :)
>>
>> I do *not* have XP and i will never get ot use that POS!
>> I am using Win98SE.
>
>
> Windows 98SE also shipped with DirectX, version 6 or so. dxdiag
> should work.
>
I'll be dammned! 4/23/99 file date.
But...but...motorbut. I have never used it; this is the first time i
knew about that.
So, how the heck is it used so that an MRU is created?