Hey Everyone,
I would like to know that how do i detect Eblaster on my computer? It's installed on my pc but i don't have any idea about it. So do any one knows how can i detect it on my pc? Any kind of information would be appreciated.
Thanks.
Hey Everyone,
I would like to know that how do i detect Eblaster on my computer? It's installed on my pc but i don't have any idea about it. So do any one knows how can i detect it on my pc? Any kind of information would be appreciated.
Thanks.
eBlaster is a spyware application that may track your personal information. Once eBlaster in installed in your system, it may start logging every keystroke you make, every message and email you send. eBlaster may also make your desktop screenshots in order track your activities. All this collected data may be sent to a predefined email address.
WARNING: eBlaster manual detection and removal process is difficult. You’re required to access sensitive files in your machine. NOT recommended unless you’re an expert in this field.
One of the easiest ways to "detect" whether eBlaster has been installed, is to attempt to locate a simple text logfile that is created by the program. The file is always in the root of the randomly generated folder under "\windows\system32". The log file is a simple ASII text file and commonly had a .dll file extension. The log file has some very predictable text can easily be detected using a grep search:
11/27/2008 12:56:00: (AGT,EXPLORER) Initializing process for file C:\WINDOWS\explorer.exe Recording App 1 Blocking App 1
11/27/2008 12:56:00: (EBR,EXPLORER)
11/27/2008 12:56:00: (EBR,EXPLORER) Start Monitor - User lance on REG-OIPK81M2WC8
11/27/2008 12:56:00: (EBR,EXPLORER) Build Number 3067. Serial Number 1234567890
11/27/2008 12:56:00: (EBR,EXPLORER) Windows XP Home Edition Service Pack 1 (5.1.2600)
11/27/2008 12:56:00: (EBR,EXPLORER) IPC Message pump started.
11/27/2008 12:56:00: (SHR,EXPLORER) PacketProcessorEB::CreatePacketXML: Sending settings to server.
Some of the lines above have been word-wrapped by the blog, but normally each line in this text file will begin with the datestamp then the timestamp. The datestamp format is always "mm/dd/yyyy". The timestamp format is always "hh:mm:ss:". A simple GREP search of "##/##/#### ##:##:##:" would find this logfile, regardless of it's name, with minimal false positive hits.
NTFS offers file based compression but the compression rate isn't displayed anywhere. For any folder on an NTFS volume, NTFSRatio shows the size and the compression rate of this folder and also of its subfolders. Compression and decompression can be done inside NTFSRatio with immediate review of the result. Results can be printed or exported. NTFSRatio can be called from the Explorer context menu of any folder.
Bookmarks