Solved

some software had got hold of my harddisk volume number..

Posted on 2003-11-21
22
2,727 Views
Last Modified: 2012-05-04
hi everybody.
       
         i want that nobody e.g a software vendor could be able to trace my system . i found out a file  tdd.EXE-04A112Ed.pf  in the directory c:\windows\prefetch .. i opened it up to find out some strange kinda language followed by  something as refering to hard disk volume number.  i am pasting  a  few lines  of that file to give u some idea .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U S E R 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ G D I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ A D V A P I 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ R P C R T 4 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E A U T 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ M S V C R T . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ O L E 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M C T L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ I M M 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W I N S P O O L . D R V   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H E L L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S H L W A P I . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ C O M D L G 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S O C K 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 _ 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ W S 2 H E L P . D L L   \ D E V....  
  i wonder what does that mean..
         is somebody able to keep track of me through hard disk serial number?? is there anyway or software  to change the volume or serial number of hard disk??  i would be grateful for any practical solution . this is a bit urgent so i hope honourable experts would look into my question. thank you.
                                                       roCker
0
Comment
Question by:roCker
  • 9
  • 5
  • 2
  • +3
22 Comments
 
LVL 8

Accepted Solution

by:
SNilsson earned 500 total points
Comment Utility
Windows XP's prefetch feature is new added feature which improves system performance. However, after a period of time, just like the registry, obsolete entries begin to build up.

You can safely clear these invalid files and regain system performance by deleting them.

As for what the executable (tdd.exe) I dont know the purpose of this one, but you can do a search on your system for tdd.exe to find out if it is elsewere on your system.

You might also want to run some spyware checker like Spybot: http://www.safer-networking.org/


0
 

Author Comment

by:roCker
Comment Utility
hi Snilson.
       thanks a lot for ur advice . i did search for any more tdd.exe files but there  werebt any more files with    that name
 
       i would appreciate if u tell me as how to change the serial number or volume number of my hard disk.
                                                     
0
 
LVL 8

Expert Comment

by:SNilsson
Comment Utility
Most say it aint possible, but I found this one

"It is possible to change the REAL serial number of a Hard Disk, not matter what who is its manufactor.
The serial number is recorded in a part of the Hard disk named System Area, you can access this area using an especific ATA command, each manufator has its own ATA command for each Hard Disk model and size. Your can learn more about ATA commands in www.t13.org "

I dont know why you would want to, just delete the folder contents and run the spyware program, make sure you have a good firewall, then there should be no problem.
0
 
LVL 18

Expert Comment

by:chicagoan
Comment Utility
If you want to change the VOLUME ID, you can use volumeid.exe from www.sysinternals.com
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
Windows XP's prefetch feature
http://www.microsoft.com/whdc/hwdev/platform/performance/fastboot/BootVis.mspx

as for how to change the volumen number, if you want the solution for fat, i can give you a way to manually change it in a few steps. for ntfs, i think the principle is same, but i did not try before.
0
 
LVL 24

Expert Comment

by:SunBow
Comment Utility
skip the prefetch. it is more like a \backup directory that you do not have to manage

> is somebody able to keep track of me through hard disk serial number

yes, as well as through other info such as mobo & bios & NIC. DO, do remember that to get XP running in the first place, you must "agree" (OK, install) to let MS log ten HW numbers to identify the installation and get the activation code to operate it.

> is there anyway or software  to change the volume or serial number of hard disk?

Maybe. Do not count upon it helping you out much here.

>  i would be grateful for any practical solution

Step #1 is to install a firewall like ZoneAlarm that STOPS outgoing TCP packets in their tracks without your personal OK on each.  THis means, that the spywares that install can usually be blocked until they meet your level of approval. Most firewalls only stop the inbound invaders, not the stoolies that snuck onto your machine one day when you were less alert.

>  i found out a file  tdd.EXE

Do, of course, check the rest of your disk for same filename, be especially watchful of task manager, and all the files that can show up there.
0
 

Author Comment

by:roCker
Comment Utility

  thanks everybody for the pains. i am obliged.

  SNilson ----i surfed t13.org but its a very huge and enormous site having no search option . i tried to search and grab ATA commands as u stated but after quite much of hard work i couldnt find a clue.


bbao --  i really would be interesting in some easy steps to chnage the serial number. i would be very grateful if u tell me  .

chicagoan--- i went through ur mentioned site . downloaded volumeid.exe
 and for a moment i thought i have got to the solution but it isnt doing what it says it does. i wonder y .i reallllllly wonder. so any more tips.?


 and guys have u given a look at the code or material or watever i pasted at the top . i mean there was some mentioning of volume id like  this. i mean this kinda script.. . .      …@  ‡   0  …@  ˆ   @  …@  ÿÿÿÿ P  …@  \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ N T D L L . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ K E R N E L 3 2 . D L L   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ U N I C O D E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ L O C A L E . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \ S O R T T B L S . N L S   \ D E V I C E \ H A R D D I S K V O L U M E 1 \ W I N D O W S \ S Y S T E M 3 2 \
             any idea what it is???
0
 

Author Comment

by:roCker
Comment Utility
oo i skipped one thing.
           this  code that i have pasted  above was found in the file tdd.exe in my c:\ windows\prefetch directory that made me suspicious
                                thanks once again
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
i would suggest you use a professional disk binary editor to do it, or at least use debug.exe.
at here, for example, we access the drive C (FAT), with debug.exe

debug
l 1000 2 0 1      ; where 1000 is buffer, 2 is drive c, 0 is sector 0, 1 is numnber of sectors
d 1000             ; dump buffer at 1000h
e 1027 aa bb cc dd     ; where aa,bb,cc,dd are new serial number, in reverse order
d 1000             ; confirm the changes, from 1027h - 102ah
w                    ; write back to the disk

NOTE: it is a process to physically change content of sector, you should hold the risk by yourself and please be CAREFUL for every step!!

hope it helps,
bbao
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:roCker
Comment Utility
hi bbao.
         
      well i couldnt follow up your instructions . do u mean that i start  debug.exe in dos prompt . and then type all tht u  have written above ?? am i right ?
       and wht  is a professional disk binary editor?
     and what does that 'risk' mean . do u mean there wud go something wrong to my harddisk during the process ?

       okies i tried the debug 1000 2 0 1 in debug.exe but it gives a message like this   " ^Error " .
 
                                                                      hope to hear from u soon
                                                                             roCker
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
debug <RETURN>
L 1000 2 0 1 <RETURN>
D 1000 <RETURN>
E 1027 aa bb cc dd <RETURN>
D 1000 <RETURN>
W <RETURN>

 
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
hi, i would suggest you use the following lines to see the help for your reference. again, to write disk sector directly should be a high risk operation.

DEBUG <RETURN>
? <RETURN>
Q <RETURN>

sorry for i lost Q command for QUIT in my last post.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
as for the tools, i use a very old program NORTON DISKEDIT.EXE.
0
 

Author Comment

by:roCker
Comment Utility
thanks .
       what exactly can be the risk in doing the steps.. would u plzz elaborate  a little.


  chicagoen...i installed volumeid.exe and it works. but in the end it says to add the  new address in the format xxxx-xxxx in hexadecimal  i do type a hexadecimal number like 9E014A2C but again it says that type in this way
xxxx-xxxx. can u please give some further suggestion over that??

                                                     
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
the risk are, if you type wrong number, your boot sector or even other sector (if the sector numner is wrong) may be damaged, wich may even cause your system crashed.

just noticed the volumeid.exe, that sounds good, it is a safe way for you. it looks you know a little about disk structure and debug.exe, so you should use similar tools instead of doing it manually with so primitive debug.exe, although my method is simple and effective.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
btw, your input should be 9E01-4A2C, there is a "-" at the center.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
roCker, how is your case? do you need further help? :)
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
a lot of comments contributed by the experts, so i would like to suggest splitting the points.
0
 
LVL 32

Expert Comment

by:Luc Franken
Comment Utility
bbao,

I admit I've thought about a split of points :)
The original question was little more than "I wonder what this all means?" which was mostly answered by SNilsson at http:#9796221
The second question was: "how to change the HDD serial number?", the most obvious responce would be: "Don't do it, if you're doing it for just finding a file at your system that states it, you're being paranoid." There is absolutely no need for changing the HDD serial number, period.

If I have to change my recommendation, I propose an award to SNilsson for his first comment.

Thanks,

LucF
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now