Superantispyware finds sqlite cookies

[Steph]

A Superantispyware scan today found masses of sqlite tracking cookies - and yet I use Do Not Track Plus set to "do not allow tracking cookies" and always use CCleaner at the end of each session.

So I made sure all cookies were cleared and scanned again - this time no cookies and the scan was clear.

I then logged on to FF, clicked on H2G and a BBC site (but didn't click on any links) then without using CCleaner scanned again. The same number of sqlite cookies were back

All other scans were clean and I've never come across these before - any ideas please?

Thank you.

Steph

[DonnaB]

Hi Steph,

Firefox 3 started to store it’s cookies in a SQLite database instead of the old plain-text cookie.txt.

Where are cookies stored

Cookie information is stored in the profile folder, in two files. Starting with Firefox 3.0 and SeaMonkey 2.0 the cookie information is stored in the files cookies.sqlite and permissions.sqlite. In Firefox 2 or below and Mozilla Suite/SeaMonkey 1.x, cookies are stored in the cookies.txt file and cookie site permissions are stored in the hostperm.1 file.

Found HERE

I'm thinking the cookies were replenished once you accessed those sites again.

I know that when I use Ccleaner it clears out all my cookies and I have to login to all my sites again because this clears out the cookie cache. To be honest, that drives me batty. I belong to so many sites and I don't use the same passwords at every site so I have to keep a record of what passwords I use where so I don't have to keep clicking on Forgot your password?

I've done this so many times that I'm sure the day will come when a site will great me with , "Hi Donna! Forgot your password again, huh?" LOL.....

[Canuck]

Hi all,

The way to keep the cookies (for passwords) in Ccleaner.
1) run ccleaner and delete all cookies
2) access the site(s) where you want password remembered and enter password(s)
3) in Ccleaner > Options > Cookies > highlight cookie you want kept in the 'cookies to delete' column and click arrow to move over to 'cookies to keep' column. Close window. From then on when cleaning, your passwords will be saved.

Hope this helps.

[Steph]

Hi Donna and Canuck, thank you both for replying.

I've read your explanations about sqlite cookies storing passwords, but this is the strange thing - I've never stored passwords for sites and always use CCleaner to clear the cookie cache at the end of each session and SAS has never picked this up before when I've revisited sites that need a password. In any event, the two sites I used to test what the scan was picking up - BBC and H2G - I literally just clicked on each to load them and then shut them down immediately - I didn't log in to H2G and I don't use a password for the BBC site. FF is set to NOT remember passwords for sites (Options>Security Remember Passwords for Sites unticked) and I use Do Not Track Plus - so it's definitely not a password thing as there were no passwords used and they just keep coming back regardless (it's the same number of tracking cookies each time by the way, whatever I do - 69).

It looks as if cookies are being stored when everything I can think of has been set not to allow that, or this would have come up before - can you think of any other settings that might have got changed somehow that could be reset?

Thanks

Steph

[Canuck]

Steph, in FF go to Tools > Options > Privacy tab > check 'Accept cookies from sites' and uncheck (if checked) 3rd party cookies, 'Keep until' set to 'until they expire'. 'Tell all the sites I don't want to be tracked' should be checked, and select in the dropdown, 'use custom settings for history'.. all the rest should be unchecked ...
Hope these work for you.

[Steph]

Hi Canuck, checked all that but settings were already as you described except "tell all sites I don't want to be tracked" wasn't ticked for some reason, but it is now.

Despite that, still no good, the same ones are all coming up in exactly the same way, 69 of them. What I don't understand is why they keep showing up - I clear them and then regardless of which sites I look at, whether I click on any links or not and despite the fact that none of the sites tested require passwords (apart from H2G) back they come. SAS is the only scan picking them up though - Avast, A2squared and Malwarebytes don't find anything. Very strange. Any other ideas please?

UPDATE

I just tried something and think I may have narrowed this problem possibly down to FF. I ran an SAS scan and cleared the 69 tracking cookies it keeps picking up and then also ran CCleaner and cleared cookies with that too (although there weren't any, obviously). Then I opened FF so it loaded my home page. That's all I did - then shut down FF immediately and ran SAS again - and the 69 pesky things were there again. I just checked DoNotTrackPlus settings and I noticed that at least some of the tracking cookies listed by SAS are displayed by DNT+ as being permanently "blocked everywhere" and while on the home page as above DNT+ recorded that as being free of all tracking. In FF, Tools>Options>Privacy tab>Exceptions lists a whole stack of cookies (incl. the 69) as "blocked"

Very weird. If everywhere is set to block them but SAS is still listing them all as requiring removal even after they've been deleted and all I've then done is launch and then immediately shut down a protected browser, how is it the same ones keep being identified on my machine?? I wonder if there's another setting I'm missing that's been altered somehow? Any ideas?

[MrDarn]

Lets see a log, and see if we can shine a light on this.

Logs are located here:

C:Users\your user name\AppData\Roaming\SUPERAntiSpyware\Logs on most computers.

NOTE: The AppData folder is usually hidden by default.
A quick way there without enabling 'view hidden files' is to open a "Run" box (Shortcut [Windows Key]+[r] ) and type "%appdata%" (no quotes)


Please post your latest log.

[Canuck]

I'm wondering if they might have something to do with Add-ons or plugins? Try turning them off and see what happens.

[Digerati]

It would not be the first time SAS or any other spyware/malware scanner "suddenly" reported a bunch of stuff. This smells like a bad case of false positives to me.

I suspect all those files were there yesterday and SAS didn't yell at you then. But my guess is SAS downloaded new updates, and suddenly files that have been on your system for months get tagged!?

Has SAS been running in real time all this time?

[Digerati]

Then I opened FF so it loaded my home page. That's all I did

And what is your homepage? If your homepage is CNN.com or MSN.com, it could be downloading a bunch of stuff.

If Canuck's no-add-ons suggestion doesn't reveal anything, do your SAS and CC thing again, then call up IE or Chrome instead of FF, and see what happens.

I normally run with IE9, but I just ran SAS and it found 94 "tracking cookies". I canceled (did not remove those "threats") and ran CC. Note I have CC set to keep all the "tracking cookies" for the sites I visit daily - like H2G. Then I ran SAS and there were only 4 tracking cookings found - two to "MUD" - Metropolitan Utilities District - my water/sewer/trash utility company, and two to my credit union. None were sqlite.

I really like SAS and have had it since Castlecops days. But it can be a bit aggressive in terminology, and scanning results, I think. Most tracking cookies are harmless and regardless your browser of choice, if you keep your browser, your security and Windows updated, it is pretty hard to get infected - especially with Windows7 and even more so if 64-bit Windows 7.

All other scans were clean

Yeah. More the reason to not be concerned it is something malicious. Annoying, irritating, and insultingly rude, yes. But not malicious.

Again, not a FF user but I did find Cookies - MozillaZine Knowledge Base where it says,

Sometimes removing the cookies in the Cookie Manager is not sufficient and you need to delete the file that stores cookies in your Firefox profile folder ("cookies.sqlite" in Firefox 3 and above, "cookies.txt" in Firefox 2 or below)