From: Robert Baer on
Every once in a while i get at least one of these MRU flags:

MRU List Object Recognized!
Location: :
software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft
directdraw

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
management console\recent file list
Description : list of recent snap-ins used in the microsoft
management console

MRU List Object Recognized!
Location: :
S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
media\wmsdk\general
Description : windows media sdk

*********
The question is: what causes these? i do not have any of the related
applications, most especially *not* "DirectDraw" or "Windows Media SDK".
From: dify.ltd on

Robert Baer wrote:
> Every once in a while i get at least one of these MRU flags:
>
> MRU List Object Recognized!
> Location: :
> software\microsoft\directdraw\mostrecentapplication
> Description : most recent application to use microsoft
> directdraw
>
> MRU List Object Recognized!
> Location: :
> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
> management console\recent file list
> Description : list of recent snap-ins used in the microsoft
> management console
>
> MRU List Object Recognized!
> Location: :
> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
> media\wmsdk\general
> Description : windows media sdk
>
> *********
> The question is: what causes these? i do not have any of the related
> applications, most especially *not* "DirectDraw" or "Windows Media SDK".

Well, you certainly have DirectDraw, since it's part of Windows. MRU
stands for Most Recently Used and it means that some programs keep a
list of most recently used documents (think Word, where you have a list
of most recently opened documents). This feature allows to quickly open
frequently accessed documents, but also can act as an information
disclosure vulnerabilty, if someone comes on to your computer and can
see that you edited a document with the name "how I will kill X", s/he
can approximate the contents of the document even if s/he can't access
it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
because they want to scare people that's why they detect many low risk
items, and that's why the use techniques as described here:
http://rootkit.com/newsread.php?newsid=471

From: Robert Baer on
dify.ltd(a)gmail.com wrote:

> Robert Baer wrote:
>
>>Every once in a while i get at least one of these MRU flags:
>>
>> MRU List Object Recognized!
>> Location: :
>>software\microsoft\directdraw\mostrecentapplication
>> Description : most recent application to use microsoft
>>directdraw
>>
>> MRU List Object Recognized!
>> Location: :
>>S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
>>management console\recent file list
>> Description : list of recent snap-ins used in the microsoft
>>management console
>>
>> MRU List Object Recognized!
>> Location: :
>>S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
>>media\wmsdk\general
>> Description : windows media sdk
>>
>>*********
>> The question is: what causes these? i do not have any of the related
>>applications, most especially *not* "DirectDraw" or "Windows Media SDK".
>
>
> Well, you certainly have DirectDraw, since it's part of Windows. MRU
> stands for Most Recently Used and it means that some programs keep a
> list of most recently used documents (think Word, where you have a list
> of most recently opened documents). This feature allows to quickly open
> frequently accessed documents, but also can act as an information
> disclosure vulnerabilty, if someone comes on to your computer and can
> see that you edited a document with the name "how I will kill X", s/he
> can approximate the contents of the document even if s/he can't access
> it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
> because they want to scare people that's why they detect many low risk
> items, and that's why the use techniques as described here:
> http://rootkit.com/newsread.php?newsid=471
>
I certainly do not have DirectDraw; it does not exist as a program
anywhere on the hard drive!
From: Ron Lopshire on
Robert Baer wrote:

> dify.ltd(a)gmail.com wrote:
>
>> Robert Baer wrote:
>>
>>> Every once in a while i get at least one of these MRU flags:
>>>
>>> MRU List Object Recognized!
>>> Location: :
>>> software\microsoft\directdraw\mostrecentapplication
>>> Description : most recent application to use microsoft
>>> directdraw
>>>
>>> MRU List Object Recognized!
>>> Location: :
>>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\microsoft
>>> management console\recent file list
>>> Description : list of recent snap-ins used in the microsoft
>>> management console
>>>
>>> MRU List Object Recognized!
>>> Location: :
>>> S-1-5-21-57989841-152049171-839522115-1000\software\microsoft\windows
>>> media\wmsdk\general
>>> Description : windows media sdk
>>>
>>> *********
>>> The question is: what causes these? i do not have any of the related
>>> applications, most especially *not* "DirectDraw" or "Windows Media SDK".
>>
>>
>>
>> Well, you certainly have DirectDraw, since it's part of Windows. MRU
>> stands for Most Recently Used and it means that some programs keep a
>> list of most recently used documents (think Word, where you have a list
>> of most recently opened documents). This feature allows to quickly open
>> frequently accessed documents, but also can act as an information
>> disclosure vulnerabilty, if someone comes on to your computer and can
>> see that you edited a document with the name "how I will kill X", s/he
>> can approximate the contents of the document even if s/he can't access
>> it. That's why it's reported by AdAware. BTW, don't rely on AdAware,
>> because they want to scare people that's why they detect many low risk
>> items, and that's why the use techniques as described here:
>> http://rootkit.com/newsread.php?newsid=471
>>
> I certainly do not have DirectDraw; it does not exist as a program
> anywhere on the hard drive!

Robert,

Direct Draw is part of DirectX, and DirectX (used for a/v content) is
embedded in WinXP.

Step One: Click Start, select Run

Step Two: In the Run dialog box, type: dxdiag

Step Three: Click Ok

You should see the Direct Draw DLLs in the list of DirectX files.

See this:

DirectX Diagnostic Tool
(http://www.updatexp.com/directx-diagnostic-tool.html)

Ron :)
From: Phil Weldon on
'Robert Baer' wrote:
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!
_____

Yes, you do have the three FUNCTIONS ( Direct Draw, Management Console,
Windows Media SDK).
The three are not programs, but rather functions of the operating system.

The flags you got from Ad-Aware are advisory, not an indication of a
vulnerability.
That is why you found them listed under 'negligible objects'.

Use 'Help' in Ad-Aware for the meaning of 'negligible objects':
"Objects shown here are not considered to be a threat. They consist of
MRU (Most Recently Used items) lists. These can be removed if the user
desires."

All 'Most Recently Used' entries are stored to allow functions like 'My Most
Recent Documents'.
This information is available only to someone logged on to your computer
account or to an account with administrator privledges.

Use Google to obtain information about 'Direct Draw', 'Windows Management
Console', and 'Windows Media SDK'.

Phil Weldon

"Robert Baer" <robertbaer(a)earthlink.net> wrote in message
news:RK7hg.2060$lp.1320(a)newsread3.news.pas.earthlink.net...
..
| I certainly do not have DirectDraw; it does not exist as a program
| anywhere on the hard drive!