Alternate Data Streams (ADS) Scanners

Status
Not open for further replies.

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
.
Alternate Data Streams (ADS) Scanners topic for you ..


Softwares I use:


* First: I have StreamArmor by SecurityXploded : http://securityxploded.com/streamarmor.php

StreamArmor scan and clean malicious streams our topic here: http://malwaretips.com/Thread-StreamArmor-scan-and-clean-malicious-streams


* Then in UVK new version 4.0.0.0 - Big changes, you have now Alternate Data Streams manager, NEW section!

Ultra Virus Killer - virus removal and system repair tool topic here: http://malwaretips.com/Thread-Ultra-Virus-Killer-virus-removal-and-system-repair-tool


* In PowerTool/File - go on C:\Documents and Settings\All Users\Application Data\TEMP: - you maybe have these three or more TEMP: files (ADS streams) - eg TEMP:E965A533, File size 116 Bytes, etc. Unknown stream file format with the file date of my last Windows reinstall - there are already 4 years .. in red, .. and array entry $DATA ('NTFS supports multiple data streams per file, with one $DATA attribute per stream') .. If you wish, delete such files, like me (I deleted two ones..).
On misec.net forum - boo00oob wrote:
'This NTFS ADS - C:\Documents and Settings\All Users\Application Data\TEMP: - was/is created by Microsoft Office!
If you delete it, it will always create it back when you run say Microsoft Word after a short delay!'
It's benevolent.


Our topic PowerTool 4.2 (2011.12.24 , english support) : http://malwaretips.com/Thread-PowerTool-4-2-2011-12-24-english-support


* AlternateStreamView by NirSoft: http://www.nirsoft.net/utils/alternate_d...reams.html


* ADS Scanner 2.0 by Pointstone Software, LLC : http://www.pointstone.com/products/ADS-Scanner/


'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Attention: If you use search for ADS scanners - with Google, watch out for FAKE AV malwares, which are distributed by ssdnet.biz of Softtouch with many URL links ..
.
 
Last edited:

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
.. and USEC Radix/Filesystem button/Check for Alternate Data Streams button.

USEC Radix anti-rootkit download link: on usec.at : http://www.usec.at/rootkit.html

Thank you!:D
 

Prorootect

Level 69
Thread author
Verified
Nov 5, 2011
5,855
.
In the first post - I added the explanations about TEMP: ADS files ..
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top