Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


I have an ADS file called '5C321E34'

  • Please log in to reply
No replies to this topic

#1 paliden


  • Members
  • 12 posts
  • Gender:Male
  • Location:Carlisle, Pa
  • Local time:07:00 AM

Posted 30 May 2010 - 11:29 PM


I was recently infected with a FakeAV virus that was successfully removed with the kind assistance of Fireman4it. The following link describes what we did, if anyone is interested: See Forum Topic 316516 Here (Be aware that it's a rather lengthy topic).

Since then, I've learned more about malware -- in particular, NTFS Alternate Data Streams, which provides a rather nasty place to hide certain files. I ran ADS Spy which reported 57 ADS files on my system.

All but one are harmless "favicon" ADS files attached to various .url files located in c:\documents and settings\...\favorites.

However, I'm concerned about one ADS file called "5C321E34" that is attached to an otherwise empty TEMP directory:
c:\documents and settings\all users\application data\TEMP : 5C321E34 (size 118 bytes).

I don't know if this file is malware or not. I can't display its file contents. Since it's only 118 bytes it may be harmless. I'm tempted to just delete the TEMP directory. Do you have any suggestions?

I should also add that I'm running Win XP SP3.

Thanks, Paliden.

Edited by paliden, 30 May 2010 - 11:34 PM.

Dell Dimension DM061 | Dual Pentium 4 (3Ghz) | 1G Ram | 80GB HD | DLink DI-624 router |
Win XP Media Center SP3 | IE7 | SAV10 corp ed | MBAM | SpywareBlaster | SuperAntiSpyware | MVPS Hosts |

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users