| Re: Alternate data Streams
Fun indeed. Thanks. Your suggestion re copying to CD and back to the HD
worked, and the folder I tested now has no ADS data (visibly) attached to the
file name. It also took a fraction of the time to scan the folder. However on
doing so, it claimed to have scanned 450 files, when in fact there are only
150 files in the folder, is this something else I should be worried about?. I
am currently looking many thousands of afected files.
Many Thanks again.
--
Mike H
"Wesley Vogel" wrote:
> Keep having fun, Mike. :-)
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:31D37451-0D8C-4A53-8A60-73AF2555D657@microsoft.com,
> Mike Hoban <MikeHoban@discussions.microsoft.com> hunted and pecked:
> > Extraordinarily helpfull and usefull response, thank you very much. I will
> > read everything and take it all on board.
> > Best Wishes
> > Mike
> > --
> > Mike H
> >
> >
> > "Wesley Vogel" wrote:
> >
> >> Hi Mike,
> >>
> >>> Thank You. Very Helpfull, I will try that. All of my external HDs are
> >>> NTFS formatted, and all retain the ADS when files are copied between
> >>> them.
> >>
> >> To get rid of Alternate Data Streams on any file, move to a non NTFS
> >> media, like a floppy, a CD or a memory stick and then move the file back
> >> to the hard drive.
> >>
> >>> If I
> >>> were to create new external HD's formatted to FAT32, then copy the files
> >>> from the NTFS drives, would that remove the ADS?.
> >>
> >> Seems awful drastic.
> >>
> >> Keep in mind that adding Comments to any file adds ADS.
> >>
> >> <quote>
> >> To add a comment to a file
> >>
> >> 1. Right click a file.
> >> 2. Click Properties.
> >> 3. On the Summary tab, type your comment in the Comments area.
> >> -or-
> >>
> >> On the Summary tab, click Simple, and then type your comment in the
> >> Comments area.
> >>
> >> Notes
> >> To display the comments you add to files, double-click the folder that
> >> contains the files you want to view. On the View menu, click Choose
> >> Details, and select the Comment check box, and then click OK. On the
> >> View menu, click Details to see comments for several files at once, or
> >> select a file and click Details in the left pane to view the comment for
> >> the selected file. <quote>
> >> from...
> >> Add a comment to a file
> >> http://www.microsoft.com/resources/d...d_comment.mspx
> >>
> >> Not all Alternate Data Strems are evil. Although with SP2 Microsoft adds
> >> zone info as ADS with the Attachment Manager.
> >>
> >> You can use the HijackThis ADS Spy to remove ADS.
> >>
> >> Both of these are copied and pasted from HijackThis.
> >>
> >> HijackThis ADS Spy
> >> ---------------------------
> >> Alternate Data Streams (ADSs) are pieces of info hidden as metadata on
> >> files. They are not visible in Explorer and the size they take up is not
> >> reported by Windows. Recent browser hijackers started hiding their files
> >> inside ADSs, and very few anti-malware scanners detect this (yet).Use ADS
> >> Spy to find and remove these streams.Note: this app also displays
> >> legitimate ADS streams. Do not delete streams if you are not completely
> >> sure they are malicious!
> >> ---------------------------
> >> OK
> >> ---------------------------
> >> HijackThis
> >> ---------------------------
> >> Using ADS Spy is very easy: just click 'Scan', wait until the scan
> >> completes, then select the ADS streams you want to remove and click
> >> 'Remove selected'. If you are unsure which streams to remove, ask
> >> someone for help. Don't delete streams if you don't know what they
> >> are!The three checkboxes are:Quick Scan: only scans the Windows folder.
> >> So far all known malware that uses ADS to hide itself, hides in the
> >> Windows folder. Unchecking this will make ADS Spy scan the entire system
> >> (i.e. all drives).Ignore safe system info streams: Windows, Internet
> >> Explorer and a few antivirus programs use ADS to store metadata for
> >> certain folders and files. These streams can safely be ignored, they are
> >> harmless.Calculate MD5 checksums of streams: For antispyware program
> >> development or antivirus analysis only.Note: the default settings of
> >> above three checkboxes should be fine for most people. There's no need
> >> to change any of them unless you are a developer or anti-malware expert.
> >> ---------------------------
> >> OK
> >> ---------------------------
> >>
> >> HijackThis (More for the advanced user)
> >> http://www.spywareinfo.com/~merijn/downloads.html
> >>
> >> HijackThis log tutorial
> >> http://www.spywareinfo.com/~merijn/htlogtutorial.html
> >>
> >> HijackThis Log Tutorial
> >> http://www.aumha.org/a/hjttutor.htm
> >>
> >> See 9. How to use ADS Spy
> >> How to use HijackThis to remove Browser Hijackers & Spyware
> >> http://www.bleepingcomputer.com/tuto...utorial42.html
> >> --------
> >>
> >> NTFS Alternate (Multiple) Data Streams articles
> >>
> >> The first four are short and to the point.
> >>
> >> NTFS Data Streams - Windows Alternate Data Stream, NP.EXE
> >> http://www.auditmypc.com/freescan/re...tfsstreams.asp
> >>
> >> Windows Alternate Data Streams
> >> http://www.bleepingcomputer.com/forums/tutorial25.html
> >>
> >> Windows NTFS Alternate Data Streams
> >> http://www.securityfocus.com/infocus/1822
> >>
> >> NTFS Streams
> >> http://www.alcpress.com/articles/ads.html
> >>
> >> -----
> >>
> >> Alternate Data Streams Threat or Menace Why Alternate Data Streams
> >> http://www.informit.com/articles/art...?p=413685&rl=1
> >>
> >> FAQ Alternate Data Streams in NTFS
> >> http://www.heysoft.de/nt/ntfs-ads.htm
> >>
> >> Fork (filesystem)
> >> http://en.wikipedia.org/wiki/Alternate_data_stream
> >>
> >> Hidden NTFS Alternate Data Streams (ADS) Explained - Are You At Risk?
> >> http://www.diamondcs.com.au/web/streams/streams.htm
> >>
> >> Hidden Threat Alternate Data Streams
> >> http://www.windowsecurity.com/articl...a_Streams.html
> >>
> >> NTFS Alternate Data Streams » Girl Geekette dotNet
> >> http://www.girlgeekette.net/2005/09/...-data-streams/
> >>
> >> NTFS Data Streams
> >> http://www.relsoft.net/datastreams.html
> >>
> >> NTFS Streams - Everything you need to know (demos and tests included)
> >> http://www.diamondcs.com.au/index.ph...d=ntfs-streams
> >>
> >> Practical Guide to Alternative Data Streams in NTFS
> >> http://www.irongeek.com/i.php?page=security/altds
> >>
> >>> Is there any advantage to the NTFS format over FAT32?, . Finally, can I
> >>> reformat the existing NTFS drives to FAT32 (obviously losing the data
> >>> in the process?.
> >>
> >> You cannot reformat an NTFS drive to FAT32 without some 3rd party
> >> utility.
> >>
> >> You can do whatever you like, but NTFS is the way to go, not FAT32.
> >>
> >> What Is NTFS?
> >> http://technet2.microsoft.com/Window...ae4781033.mspx
> >>
> >> FAT & NTFS File Systems in Windows XP
> >> http://www.aumha.org/win5/a/ntfs.htm
> >>
> >> Limitations of the FAT32 File System in Windows XP
> >> http://support.microsoft.com/kb/314463
> >>
> >> NTFS vs. FAT: Which Is Right for You?
> >> http://www.microsoft.com/windowsxp/e.../october01.asp
> >>
> >> Overview of FAT, HPFS, and NTFS File Systems
> >> http://support.microsoft.com/kb/100108
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:F869C836-D6CC-4D0B-83D6-15589BB5F4DF@microsoft.com,
> >> Mike Hoban <MikeHoban@discussions.microsoft.com> hunted and pecked:
> >>> Thank You. Very Helpfull, I will try that. All of my external HDs are
> >>> NTFS formatted, and all retain the ADS when files are copied between
> >>> them. If I were to create new external HD's formatted to FAT32, then
> >>> copy the files from the NTFS drives, would that remove the ADS?.
> >>>
> >>> Is there any advantage to the NTFS format over FAT32?, . Finally, can I
> >>> reformat the existing NTFS drives to FAT32 (obviously losing the data
> >>> in the process?.
> >>>
> >>> Many Many Thanks
> >>> Mike
> >>>
> >>>
> >>> --
> >>> Mike H
> >>>
> >>>
> >>> "Wesley Vogel" wrote:
> >>>
> >>>> ADS probably does not slow down your system.
> >>>>
> >>>> To get rid of Alternate Data Streams on any file, move to a non NTFS
> >>>> media, like a floppy, a CD or a memory stick and then move the file
> >>>> back to the hard drive. ADS can only exist on NTFS formatted drives,
> >>>> moving or copying files strips the files of the ADS crap.
> >>>>
> >>>> You get Confirm Stream Loss messages when copying files with ADS to
> >>>> non-NTFS formatted media...
> >>>>
> >>>> Confirm Stream Loss
> >>>> -----------------------
> >>>> The file 'xxxxxxxxxxxxx.zzz' has extra information
> >>>> attached to it that might be lost if you continue copying. The
> >>>> contents of the file will not be affected. Information that might be
> >>>> lost includes:
> >>>> Summary Info
> >>>> Document Summary Info
> >>>>
> >>>> Do you want to proceed anyway?
> >>>> -----------------------
> >>>>
> >>>> Click YES because there is nothing you can do about it.
> >>>>
> >>>> --
> >>>> Hope this helps. Let us know.
> >>>>
> >>>> Wes
> >>>> MS-MVP Windows Shell/User
> >>>>
> >>>> In news:790E5795-6EFE-40EE-93C2-150D3DD87F10@microsoft.com,
> >>>> Mike Hoban <MikeHoban@discussions.microsoft.com> hunted and pecked:
> >>>>> Hello, I am looking for advice on how to locate and remove Alternate
> >>>>> data Streams from jpeg files. They during in my virus scan, but no
> >>>>> where else. I fear they are causing my system to slow down
> >>>>> considerably. thanks
> >>>>>
> >>>>> --
> >>>>> Mike H
>
>  |