Extraordinarily helpfull and usefull response, thank you very much. I will
read everything and take it all on board.
Best Wishes
Mike
--
Mike H


"Wesley Vogel" wrote:

> Hi Mike,
>
> > Thank You. Very Helpfull, I will try that. All of my external HDs are NTFS
> > formatted, and all retain the ADS when files are copied between them.
>
> To get rid of Alternate Data Streams on any file, move to a non NTFS media,
> like a floppy, a CD or a memory stick and then move the file back to the
> hard drive.
>
> > If I
> > were to create new external HD's formatted to FAT32, then copy the files
> > from the NTFS drives, would that remove the ADS?.
>
> Seems awful drastic.
>
> Keep in mind that adding Comments to any file adds ADS.
>
> <quote>
> To add a comment to a file
>
> 1. Right click a file.
> 2. Click Properties.
> 3. On the Summary tab, type your comment in the Comments area.
> -or-
>
> On the Summary tab, click Simple, and then type your comment in the
> Comments area.
>
> Notes
> To display the comments you add to files, double-click the folder that
> contains the files you want to view. On the View menu, click Choose Details,
> and select the Comment check box, and then click OK. On the View menu, click
> Details to see comments for several files at once, or select a file and
> click Details in the left pane to view the comment for the selected file.
> <quote>
> from...
> Add a comment to a file
> http://www.microsoft.com/resources/d...d_comment.mspx
>
> Not all Alternate Data Strems are evil. Although with SP2 Microsoft adds
> zone info as ADS with the Attachment Manager.
>
> You can use the HijackThis ADS Spy to remove ADS.
>
> Both of these are copied and pasted from HijackThis.
>
> HijackThis ADS Spy
> ---------------------------
> Alternate Data Streams (ADSs) are pieces of info hidden as metadata on
> files. They are not visible in Explorer and the size they take up is not
> reported by Windows. Recent browser hijackers started hiding their files
> inside ADSs, and very few anti-malware scanners detect this (yet).Use ADS
> Spy to find and remove these streams.Note: this app also displays legitimate
> ADS streams. Do not delete streams if you are not completely sure they are
> malicious!
> ---------------------------
> OK
> ---------------------------
> HijackThis
> ---------------------------
> Using ADS Spy is very easy: just click 'Scan', wait until the scan
> completes, then select the ADS streams you want to remove and click 'Remove
> selected'. If you are unsure which streams to remove, ask someone for help.
> Don't delete streams if you don't know what they are!The three checkboxes
> are:Quick Scan: only scans the Windows folder. So far all known malware that
> uses ADS to hide itself, hides in the Windows folder. Unchecking this will
> make ADS Spy scan the entire system (i.e. all drives).Ignore safe system
> info streams: Windows, Internet Explorer and a few antivirus programs use
> ADS to store metadata for certain folders and files. These streams can
> safely be ignored, they are harmless.Calculate MD5 checksums of streams: For
> antispyware program development or antivirus analysis only.Note: the default
> settings of above three checkboxes should be fine for most people. There's
> no need to change any of them unless you are a developer or anti-malware
> expert.
> ---------------------------
> OK
> ---------------------------
>
> HijackThis (More for the advanced user)
> http://www.spywareinfo.com/~merijn/downloads.html
>
> HijackThis log tutorial
> http://www.spywareinfo.com/~merijn/htlogtutorial.html
>
> HijackThis Log Tutorial
> http://www.aumha.org/a/hjttutor.htm
>
> See 9. How to use ADS Spy
> How to use HijackThis to remove Browser Hijackers & Spyware
> http://www.bleepingcomputer.com/tuto...utorial42.html
> --------
>
> NTFS Alternate (Multiple) Data Streams articles
>
> The first four are short and to the point.
>
> NTFS Data Streams - Windows Alternate Data Stream, NP.EXE
> http://www.auditmypc.com/freescan/re...tfsstreams.asp
>
> Windows Alternate Data Streams
> http://www.bleepingcomputer.com/forums/tutorial25.html
>
> Windows NTFS Alternate Data Streams
> http://www.securityfocus.com/infocus/1822
>
> NTFS Streams
> http://www.alcpress.com/articles/ads.html
>
> -----
>
> Alternate Data Streams Threat or Menace Why Alternate Data Streams
> http://www.informit.com/articles/art...?p=413685&rl=1
>
> FAQ Alternate Data Streams in NTFS
> http://www.heysoft.de/nt/ntfs-ads.htm
>
> Fork (filesystem)
> http://en.wikipedia.org/wiki/Alternate_data_stream
>
> Hidden NTFS Alternate Data Streams (ADS) Explained - Are You At Risk?
> http://www.diamondcs.com.au/web/streams/streams.htm
>
> Hidden Threat Alternate Data Streams
> http://www.windowsecurity.com/articl...a_Streams.html
>
> NTFS Alternate Data Streams » Girl Geekette dotNet
> http://www.girlgeekette.net/2005/09/...-data-streams/
>
> NTFS Data Streams
> http://www.relsoft.net/datastreams.html
>
> NTFS Streams - Everything you need to know (demos and tests included)
> http://www.diamondcs.com.au/index.ph...d=ntfs-streams
>
> Practical Guide to Alternative Data Streams in NTFS
> http://www.irongeek.com/i.php?page=security/altds
>
> > Is there any advantage to the NTFS format over FAT32?, . Finally, can I
> > reformat the existing NTFS drives to FAT32 (obviously losing the data in
> > the process?.
>
> You cannot reformat an NTFS drive to FAT32 without some 3rd party utility.
>
> You can do whatever you like, but NTFS is the way to go, not FAT32.
>
> What Is NTFS?
> http://technet2.microsoft.com/Window...ae4781033.mspx
>
> FAT & NTFS File Systems in Windows XP
> http://www.aumha.org/win5/a/ntfs.htm
>
> Limitations of the FAT32 File System in Windows XP
> http://support.microsoft.com/kb/314463
>
> NTFS vs. FAT: Which Is Right for You?
> http://www.microsoft.com/windowsxp/e.../october01.asp
>
> Overview of FAT, HPFS, and NTFS File Systems
> http://support.microsoft.com/kb/100108
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:F869C836-D6CC-4D0B-83D6-15589BB5F4DF@microsoft.com,
> Mike Hoban <MikeHoban@discussions.microsoft.com> hunted and pecked:
> > Thank You. Very Helpfull, I will try that. All of my external HDs are NTFS
> > formatted, and all retain the ADS when files are copied between them. If I
> > were to create new external HD's formatted to FAT32, then copy the files
> > from the NTFS drives, would that remove the ADS?.
> >
> > Is there any advantage to the NTFS format over FAT32?, . Finally, can I
> > reformat the existing NTFS drives to FAT32 (obviously losing the data in
> > the process?.
> >
> > Many Many Thanks
> > Mike
> >
> >
> > --
> > Mike H
> >
> >
> > "Wesley Vogel" wrote:
> >
> >> ADS probably does not slow down your system.
> >>
> >> To get rid of Alternate Data Streams on any file, move to a non NTFS
> >> media, like a floppy, a CD or a memory stick and then move the file back
> >> to the hard drive. ADS can only exist on NTFS formatted drives, moving
> >> or copying files strips the files of the ADS crap.
> >>
> >> You get Confirm Stream Loss messages when copying files with ADS to
> >> non-NTFS formatted media...
> >>
> >> Confirm Stream Loss
> >> -----------------------
> >> The file 'xxxxxxxxxxxxx.zzz' has extra information
> >> attached to it that might be lost if you continue copying. The
> >> contents of the file will not be affected. Information that might be
> >> lost includes:
> >> Summary Info
> >> Document Summary Info
> >>
> >> Do you want to proceed anyway?
> >> -----------------------
> >>
> >> Click YES because there is nothing you can do about it.
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:790E5795-6EFE-40EE-93C2-150D3DD87F10@microsoft.com,
> >> Mike Hoban <MikeHoban@discussions.microsoft.com> hunted and pecked:
> >>> Hello, I am looking for advice on how to locate and remove Alternate
> >>> data Streams from jpeg files. They during in my virus scan, but no
> >>> where else. I fear they are causing my system to slow down considerably.
> >>> thanks
> >>>
> >>> --
> >>> Mike H
>
>