Hard disk cleaning and Privacy

First of all why? Well, there are many reasons, good and bad.. I'll try to concentrate on the good.

Now who is likely to get hold of your computer anyway?
Any number of people, including PC repair firms, if your system dies and you have to take it in, some not so nice firms may look through the drive for any goodies; and what if your house gets burgled? It's bad enough to have your house invaded like that. If you then have your online AND offline identity stolen, that's just going to be rubbing salt in the wound.

Kids... kids are often better with computers than their parents, and would you *REALLY* want junior (or his friends, which is probably more likely) getting hold of your credit card number or your email password? Probably not... so.. you need to clean up the hard drive after windows.



How to do clean up your tracks.

DISCLAIMER:

The information below has been gathered from personal experience and from numerous sources of good information. HOWEVER it is presented on an 'as is' basis, Deleting any files within Windows can be risky. The windows 95/98/2000 instructions have been used by myself on a good number of occasions. Windows Me and XP instructions are based on information freely available from Microsoft and Symantec amongst others, and have not been reported to cause any 'bad issues'. However, I will not be held liable for any damage or loss of data caused by following these instructions. As always you should have GOOD RECENT BACKUPS available in case anything goes wrong.

My lawyer did not tell me to write this, I don't have one. My conscience told me to write it, I don't want to see anyone lose all their data here.




Temp and Temporary Internet Files.

Throughout this section I will refer to the instructions for windows 9x (including 95 and 98 first/second editions) in default color (usually black), the instructions for windows 2000 or XP in blue [Windows Millennium edition (WinME) is GENERALLY similar to Windows 98, any differences will be noted in green]. Any instructions in monospaced font represent what you must type in.

Windows 2000 or XP users can skip to the Win2000/XP section below.

Note: The colors and font styles depend on a Cascading Style Sheet, if your browser does not support these, you'll know by the fact that this word isn't green.

Win95, 98 and Me: The most likely places to need cleaning on Windows 95, 98 and Me systems are Temporary Internet Files, Temp, and Cookies. On these systems, [assuming you installed windows to drive C:, if not, substitute your drive letter] all 3 folders reside by default in C:\Windows\. The problem is this: Windows will NOT let you empty temporary internet files properly, it claims 'this is a system folder and windows will break if you move it'... then refuses to let you move it anyway. It's lying, time to delete those pesky folders. This is a 2 stage process... the first stage is going to involve MS-Dos, (if you're NOT familiar with DOS, and deleting and renaming files, STOP. You don't want to destroy any data you DO want, so I would leave this for another time.)

Okay those of you that are still here... here goes. On Windows 95, and Windows 98, click "Start", Choose "shut down" then click in the radio button for "Restart in MS-Dos Mode", then click OK. Your computer will boot to a command prompt. Skip to the instructions below marked "At the DOS prompt".

Windows Me users should get hold of one blank floppy disk, then go to Bootdisk.com and obtain themselves Windows 98 OEM boot disk image from this page. These files are self extracting and will create a boot disk from the blank floppy you put in drive A:, then reboot from the disk, and select "start computer Without CD-ROM support".. then you will have a nice shiny command prompt just like the windows 98 and 95 users have had for a few minutes now, nice of Microsoft to hide it wasn't it?

At the command prompt.
You should now be facing a prompt that says "C:\Windows>" or "A:\>"...

Those of you seeing the "A:\>" prompt, type in the following:

C:

Those of you seeing the "C:\windows>" prompt, type in the following:

cd \

Now, type in the following with a [Return] at the end of each line:

CD WINDOWS

DIR TEMP*.*

[Explanation: Windows locks system folder while it is running and may not let you delete them, therefore we have to reboot into ms-dos mode to safely deal with these folders].

This should list 2 folders... one called "TEMPOR~1" and one called "TEMP", if your mileage varies, something's up... most likely the TEMPOR~1 one may be called TEMPOR~2... but at this point stop, and type EXIT and press [Return] to reboot to Windows. [Windows ME users remove any floppy disks and CTRL+ALT+DEL to reboot.]... better safe than sorry.

Assuming you're still here... you had those 2 directories [aka folders]. Now proceed to type the following.

REN TEMPOR~1 TRASH1

REN TEMP TRASH2

MD TEMP

[Explanation: Tempor~1 is the msdos short file name - dos can only handle filenames with 8 letters and a 3 letter extension - for the folder Also Known As 'Temporary Internet Files'; on a Windows 9x machine, every file has a short name associated with it, these can be seen in Windows by right clicking the file or folder, choosing properties, and seeing 'MS-DOS Name'. We renamed the 2 folders to TRASH1 and TRASH2, when Windows reboots, it will recreate a new Temporary Internet Files folder, but for reasons of its own, it will not create a "Temp" folder (these 2 are not synonymous, and are used for totally different purposes by the way), therefore we used the 'MD' command, being short for MKDIR, which in turn is short for 'MaKe DIRectory' to create a new temp folder]

Okay, now that is done, restart windows. [Windows 95, 98 users, type "EXIT", Windows ME users remove the floppy disk and press CTRL+ALT+DEL to restart]

Now you are back to Windows. Time to find the TRASH1 and 2 folders and get rid of them. First, you will need to tell Windows not to hide folders and files.

To make Windows show all files and folders:

  1. Windows 95, 98, Me or 2000: double click My Computer. In Windows XP, click the Start button, then click My Computer.
  2. Windows 95 and 98: Click the View menu, then click Folder Options. In Windows Me, 2000 or XP: Click the Tools menu, then click Folder Options.
  3. On the View tab, uncheck Hide file extensions for known file types.
  4. Windows 95 and 98: in the Advanced Settings box, under the "Hidden files" option, click 'Show all files'. Windows Me, 2000 or XP: uncheck 'Hide protected operating system files'. Then, under the "Hidden files" option, click 'Show hidden files and folders'.
  5. If you see a warning dialog, click 'Yes'.
  6. Click Apply.
  7. Click OK.

Now double click drive C:, double click "Windows" and select "show files" if it defaults to showing you a message about not playing in the folder.

You should see (somewhere in amongst all that garbage) a pair of folders called "TRASH1" and "TRASH2".. right click them, select 'delete' *[at this point if you like you can move them to desktop instead to have a look through them later] , then ok the move to the recycle bin. While you are there, double check, you will see Windows has re-created the Temporary Internet Files folder. Now double click on the folder labelled "Cookies". Select everything except index.dat, (you can do this by selecting index.dat and then clicking "edit", "invert selection") and delete them.

You're finally done, those files are gone for good.

Back to Top


Windows 2000/XP instructions

Usually windows 2000 has one or more 'User Accounts' and an 'Administrator' account. With windows XP, by default it sometimes only installs the administrator account and names it as "owner" I believe. Anyway, if you have access to another account with administrator priviledges, you can simply delete the OTHER account's Temporary Internet Files folder while logged in as administrator. Otherwise, it's a little involved, however not nearly as involved as what the Windows 9x/ME people just had to go through. The reason for this is simple. In Windows XP and 2000, the temporary internet files folder is stored under C:\Documents and Settings\[username]\local settings\ by default, the problem IS that this folder won't be accessible to other users, and can't be deleted from your logged in account.. hmm. Before you go any further, you will need to check that the folder is actually there.

Do this by opening "My Computer" on desktop, open clicking the View menu, and selecting "Folder Options", then clicking the view tab. Click in "show all files" and uncheck 'hide protected operating system files' if that option is present.

Now double click drive C:, then double click Documents and Settings. Select the folder that has your username on it, and double click that one too. (almost there). Now double click "Local Settings" [this is the folder that by default is hidden], and see if "Temporary Internet Files" is in there. If not, use start/search to find it.

Now obtain 2 nice blank floppy disks. Format them if necessary. When logged in as your normal username, start Internet Explorer, and click "Tools" then "Internet Options". In the middle of the "General" pane, there should be a box labelled "Temporary Internet Files". First click on "Delete Files", then "Delete Cookies", then "Settings..." Click in the amount box (where it has the current size in Mb), and delete everything and type "1" to tell it to use 1 Megabyte.

Now comes the tricky and somewhat clunky bit. Click on "Move Folder" and browse to the A: drive, yep, that's right, tell it to use the floppy disk for the Temporary Internet Files. Now it will tell you to log off to complete the move. Do this, and when you log back in, WAIT till the drive activity light on the floppy drive goes out.

Now using My Computer, go back to the folder that Temporary Internet Files was originally in, and make sure it's not there. If it is, delete it, Windows should now let you do this. Then perform a switcheroo with the floppy disks. Put the second blank one in. Then go back to the Tools/Internet Options/General/Temporary Internet Files/Settings/Move Folder option, and browse back to where the folder was originally.

Now, you can format the floppy disks *[or copy the folders off the floppy to desktop first in order to snoop look through them later], and be secure knowing your Temporary Internet Files are no more.

Back to Top


Clearing recent documents lists in Windows and clearing the URL dropdown in Internet Explorer

This one is also simple. Right click the part of the taskbar where the program buttons usually appear, [the empty section next to the system tray at the bottom right is ideal], and select "properties". Then click the "Advanced" tab... (am I the only one who has ever thought that should be called "actually useful" instead of "advanced"?). Then click the "Clear" button...

Back to Top


Clearing Internet Explorer's History

Start Internet Explorer, then select the "Tools" menu, and click "Internet Options". On the "General" tab you should see "Days to keep pages in history" and a "Clear History" Button... click this... done.:-)

Back to Top


A word about Auto Complete

Internet Explorer 5.5 and above have a seemingly useful misfeature called "Auto Complete" which handily stores your form data. Form data can be any input onto a form in a web page, Name, Password, Credit card number, the search you made for pictures the other week...yes, _that_ search...

The problem is, once it saves things it can be VERY difficult if not impossible to remove it. Yes, there is a clear button [Tools menu, Internet Options, Content tab, Auto Complete..].

However, it will sometimes plain refuse point blank to delete things. No matter what you do. You can dig through folders, deleting cookies, Temporary Internet Files, index.dat documents, history lists, even go into the registry and delete likely looking candidates. It's not going anywhere.

I have looked into this extensively, and it turns out that Internet Explorer saves form and password entries to the "Protected Storage System". Deleting the information in Windows 9x is fairly simple, although dangerous, in Windows 2000 and XP, frankly it's a nightmare. Let me explain.

Windows 9x appears to store the information in the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Protected Storage System Provider\(computername)\. Computername is the name of the machine as defined under the "Identification" tab in network properties. As you may have guessed, this lives in the registry. The registry is a dangerous place to be even if you DO know precisely what you're doing, and more so if you don't. I sucessfully deleted the saved form entries by removing this key, NOTE however, several points regarding this:

  1. It was on a system I didn't mind destroying (I have cd's)
  2. The system had no saved passwords so losing them wasn't an issue
  3. It was a Windows 98 system so the only thing likely using the key was IE itself

I would suggest if you DO want to try deleting this key, back up the registry FIRST!. Then delete it, and see if the saved form entries are gone. Run the system for a couple of months to see if anything else quits working. If everything seems ok, archive the registry backup file someplace just in case.

In Windows 2000 and XP, the data is saved under the key
HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider\(SID)\, where SID is the user ID string. Confusing isn't it? It doesn't really *matter* however because Windows will not let you even view the contents of this key by default. I managed to view the contents by changing permissions on the key using regedt32.exe, very carefully poking around without altering a thing, then setting the permissions back. It's no fun, trust me on this. Basically with Windows 2000 and XP, I was too chicken to delete this key as it contains details of almost everything *hidden* by the system. There are many many third party utilities out there to view and delete the saved form information. I would suggest you use one. I did.

Note: The similar Auto Complete feature in Mozilla Firefox is much better implimented. It genuinely clears lists when you tell it, it has a 'master password' to protect your saved passwords. [The point of this is each site knows your password ONLY to that site, as you can use different ones -recommended- for each site, yet still only need one to log in]. Again however, make a note of your passwords somewhere, preferably somewhere SAFE [PGP encrypted file on a 3.5" CD single labelled "Big Secrets From A Movie" anyone?]

Back to Top


Viewing Temporary Internet Files

Now for a nice quick set of instructions.

To view the files that Windows helpfully left in Temporary Internet Files AFTER you told it to delete them, take the folder you have on desktop from the first section, right click it and choose Find or Search [whichever you see] and enter "desktop.ini" in the named field. Click find now, and then delete any files you see in the search window. Now you can go through the folder and see what was REALLY there [the desktop.ini file allows Windows Explorer to hide files from you].

Back to Top


Cleaning Up after Firefox

Using the Mozilla Firefox web browser has dozens of advantages. One of these is detailed here.

Click Tools, Options, and select "Privacy".

Click every Clear button you can find.

You're done. Yes, Firefox actually DOES delete stuff when it's told, unlike Internet Explorer certain other web browsers.

Back to Top


Disabling & Enabling System Restore

Windows Millennium and Windows XP have a "System Restore" feature that can be extremely useful if you accidentally do something that damages your installation. However, it also sometimes caches viruses, trojans, worms, and other various assorted nasty things, this will be shown by your selected antivirus product complaining that it couldn't delete a file or the same virus showing up time and again, possibly even before you reconnect to the network. If you are sufficiently confident to try this, here are the instructions for how to disable and enable the function for both versions of Windows.

Windows Me

The default location of the System Restore folder in Windows Me is [drive letter]:\_Restore\, disabling this feature may be necessary to allow antivirus products to delete nasties in that folder. [If you have system restore enabled and cannot see this folder, please set your system to show hidden and system files]

To make Windows show all files and folders in Windows Me:

  1. Double click My Computer
  2. Click the Tools menu, then click Folder Options.
  3. On the View tab, uncheck Hide file extensions for known file types.
  4. Uncheck 'Hide protected operating system files'. Then, under the "Hidden files" option, click 'Show hidden files and folders'.
  5. If you see a warning dialog, click 'Yes'.
  6. Click Apply.
  7. Click OK.

WARNING: Disabling System Restore will delete all previous restore points!

System Restore is enabled by default in Windows Me. To disable System Restore:

  1. Right-click My Computer, and then choose Properties from the menu.
  2. Click the Performance tab, then click File System.
  3. Click the Troubleshooting tab, then click to put a check the 'Disable System Restore' checkbox.
  4. Click OK, then OK again, then click Yes to restart the computer.

To re-enable System Restore:

  1. Right-click My Computer, and then choose Properties from the menu.
  2. Click the Performance tab, then click File System.
  3. Click the Troubleshooting tab, then click to clear the check from the 'Disable System Restore' checkbox.
  4. Click OK, then OK again, then click Yes to restart the computer

Windows XP

The default location of the System Restore folder in Windows XP is [drive letter]:\System Volume Information\, disabling this feature may be necessary to allow antivirus products to delete nasties in that folder. [If you have system restore enabled and cannot see this folder, please set your system to show hidden and system files].

To make Windows show all files and folders in Windows XP:

  1. Click the Start button, then click My Computer.
  2. Click the Tools menu, then click Folder Options.
  3. On the View tab, uncheck Hide file extensions for known file types.
  4. Uncheck 'Hide protected operating system files'. Then, under the "Hidden files" option, click 'Show hidden files and folders'.
  5. If you see a warning dialog, click 'Yes'.
  6. Click Apply.
  7. Click OK.

WARNING: Disabling System Restore will delete all previous restore points!

System Restore is enabled by default in Windows XP. To disable System Restore:

  1. Click the Start button, then Control Panel, and double click "System"
  2. Click the System Restore tab.
  3. Click to put a check the 'Turn Off System Restore' checkbox.
  4. Click OK

To enable System Restore:

  1. Click the Start button, then Control Panel, and double click "System"
  2. Click the System Restore tab.
  3. Click to clear the check from the 'Turn Off System Restore' checkbox.
  4. Click OK

Back to Top


Clearing Yahoo!™ Messenger's tracks

Yahoo! Messenger has also been known to save things it shouldn't. Not very often mind you, but there are a few things to be aware of when using it.

Back to Top


Pretty Good Privacy

If you are very worried about your privacy, you could go to PGPI and download the latest version of PGP, which stands for "Pretty Good Privacy". (oddly the server was allegedly not responding when I tried this link, however after I did a couple of whois lookups etc, messed with the dns settings and so on, it works. Methinks my ISP is trying to block things by putting false entries in the DNS server.. BAD IDEA.. this means the network is deliberately borked and y'all don't get paid). This program is NOT for beginners, however it does provide encryption of sensitive data to standards that once scared several governments, and provides a secure wipe function to totally and utterly delete all traces that a file ever existed.

Back to Top


Cleaning up after you clean up

If you want to completely ensure the files are GONE, now you have completed all this, you should run scandisk (if available on your system) and then defragment the drive. Twice. Just to make sure:-)

Back to Top


Back to Home

Becca, this page is almost entirely *your* fault.

Viewable With Any Browser  Valid
HTML 4.01!  Valid CSS!

Last Modified 2005-11-18      

Apache Webserver