Removing Traces Of Payload

[PurpleChip]

Some months ago, i tried experimenting a bit with some U3 payloads on my school laptop. When i stopped hacking with U3 stuff, i tought about all the traces of such acitivity still on my computer. Ran some rounds with CCLeaner and CleanAfterMe, and tought all was good. Yesterday, a pal from school runned his U3 payload on my computer, and iehv.exe found a LOT of stuff, files i had created and so on. So my question is, where does it gather the info from? How can i clean it?

> Purple ;)

[Infiltrator]

You see whenever a file gets created and then deleted, it does not get fully deleted off your computer. It still lies somewhere on your computer's hard drive.

For windows itself it thinks that the deleted file is gone and does not exist anymore, but there are certain tools that will allow you to retrieve those deleted files again.

Now for CCLeaner and CleanAfterMe I am not 100% sure whether they wipe the files completely off the hard drive. If they don't well that explains why your pal has managed to find a lot of stuff, you thought was deleted.

[nykon]

You need to use something like File Shredder, where it removes the data from the disk and places some other data in its place on the platter so that it cannot be recovered (at least that is how I am lead to believe it works).

[Infiltrator]

@PurpleChip

Microsoft has a tool that enables you to completely delete the data off your hard drive leaving no trace of the file itself.

It's called SDelete v1.51 and can be downloaded from the URL below.

http://technet.microsoft.com/en-us/sysinte...s/bb897443.aspx

Edited June 13, 2010 by Infiltrator