Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deleting Alternate Data Streams


  • Please log in to reply
3 replies to this topic

#1 weicheck

weicheck

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 12 February 2007 - 05:56 PM

Hi, using Ad-aware SE Personal the ADS scan found 306 "critical" files - Ad-aware can remove but am reluctant to take action without confirmation that primary files will not be affected - Lavasoft forums provided no answers.

BC AdBot (Login to Remove)

 


#2 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:42 AM

Posted 12 February 2007 - 07:27 PM

Here's an informative article about ADS:
http://www.windowsecurity.com/articles/Alt...ta_Streams.html

Generally I delete them when I find them (which isn't too often). Do so at your own risk tho'.

Here's some more links about them:
http://www.wikistc.org/wiki/Alternate_data_streams
http://www.irongeek.com/i.php?page=security/altds

An interesting tool for this is available for free here: http://www.microsoft.com/technet/sysintern...es/Streams.mspx

It's run from the command line and will identify ADS files on your system. My relatively new XP Virtual Machine ran it and didn't find any ADS streams - so if you run it on your system I'd be interested in seeing the results (you can copy/paste them to your next post if you'd like).

EDIT: Oops! Almost forgot a rootkit detector. Here's a free one that I've used a few times: http://www.gmer.net/files.php

Edited by usasma, 12 February 2007 - 07:43 PM.

My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#3 weicheck

weicheck
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:42 AM

Posted 13 February 2007 - 04:21 AM

Hi John - thanks for info - weicheck ret 04 USAF

#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:11:42 AM

Posted 13 February 2007 - 07:59 AM

No problem! I spent quite a few years jumping out of "perfectly good airplanes"! :thumbsup:
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users