Path to cookies and cache

Stereomike

Client
Регистрация
29.03.2011
Сообщения
221
Благодарностей
30
Баллы
0
Hey,
would be great, if one of you could have a quick look, if the path to cookies and cache (settings) is something like

c:\Users\admin-sama\AppData\Roaming\Microsoft\Windows\Cookies


Thanks!
 

Stereomike

Client
Регистрация
29.03.2011
Сообщения
221
Благодарностей
30
Баллы
0
Can anyone just confirm? I don't know what that admin-sama is. I need to know if it's from Zenno.
 

Stereomike

Client
Регистрация
29.03.2011
Сообщения
221
Благодарностей
30
Баллы
0
Gawd... 12 views and nobody could just click on his settings and verify the path?
 

bigcajones

Client
Регистрация
09.02.2011
Сообщения
1 216
Благодарностей
683
Баллы
113
I looked Mike and didn't see anything in there. But I do believe that is the path to the cookies.
 
  • Спасибо
Реакции: Stereomike

Stereomike

Client
Регистрация
29.03.2011
Сообщения
221
Благодарностей
30
Баллы
0
Do you have something like admin-sama on your PC? I saw that we have a user "admin-sama" on this forum. I wondered if Zenno depends on admin-sama or if my machine got hacked.
 

player

Client
Регистрация
06.06.2011
Сообщения
154
Благодарностей
16
Баллы
0
I have an admin-sama:

C:\Users\admin-sama\AppData\Roaming\Microsoft\Windows\Cookies

Don't know for what you need it, however i found another folder with cookies and cache:

C:\Program Files\ZennoLab\ZennoPoster Pro\Progs\Trash
 
  • Спасибо
Реакции: Stereomike

Stereomike

Client
Регистрация
29.03.2011
Сообщения
221
Благодарностей
30
Баллы
0
ok, that really helped me alot. I was afraid someone installed a backdoor useraccount or something, but it seems it belongs to zenno.

Knowing that now for sure, I have to emphasize the neccessity of a VM for Zennoposter.
My system got infected over the last weekend (ransomware, the trojan locks you out), and the initial infection took place by a banner ad that got cached in the mentioned admin-sama folder. From there it went to autostart and established the loading of a "firefox.exe" that was in fact the trojan. Though I were able to kill the process (have a taskmanager in my logitech g15 keyboard), I am still researching what took place and if there's still malware left deep in the system (rootkits etc).
Most of the time I use sandboxie when I use public proxies, seems to me, that theres a risk of an infection if somebody prepares his proxy server to deliver you some malware. Second risk is letting Zenno post to random sites /big lists where you don't know what's happening there. This also affects tools like AMR, NohandsSeo, Scrapebox etc.
I have yet to decide if I format the system (it's offline since sunday) or if I trust several AV kits... but for sure, I will add alot of VMs for my online tasks...
Hope thats a warning for everybody who didn't use virtual machines till now...
(and you can't trust your AV once you got infected - I had Comodo running on paranoid settings for AV,Firewall and Defense - and it didn't caught the trojan)
 

Кто просматривает тему: (Всего: 1, Пользователи: 0, Гости: 1)