View Full Version : NTFS stream question.
spy1
June 30th, 2003, 03:42 PM
Is there any way to access and kill streams found in a previous scan without going through a full scan to find them all again?
I've tried clicking on indidvidual items in the "tests section, but I can't seem to get it to scan specifically for streams.
Am I missing something? Or is it just not there? Pete
Dan Perez
June 30th, 2003, 04:18 PM
Hey Pete,
Not quite sure what you're asking ???
If you mean is there a way to scan exclusively for ADS streams within TDS I believe not.
If this is what you are looking for there are a few alternatives;
For command-line/scripting use I use LADS which can be obtained from
http://www.heysoft.net/nt/lads.zip
but this will not allow you to delete specific streams.
I thought I remembered seeing a GUI utility from Sysinternals that listed ADStreams but I didn't see it on a quick check of their site.
If I am completely off-base with your question please let me know ;D
Dan
Dan Perez
June 30th, 2003, 05:03 PM
... found the Sysinternals utility
http://www.sysinternals.com/files/streams.zip
spy1
June 30th, 2003, 06:09 PM
That's correct, Dan, I'd like to be able to scan simply for (and be able to delete) streams by themselves.
Right now, I can't do that unless I run a full system scan (I think).
IOW, on the TDS "System Testing" context menu, I can do a quick check of any of the items listed in the screenshot - but NTFS streams isn't there.
What I'd really like to see would be a context-menu item for that in TDS or - failing that - perhaps a separate app that would do that only (scan for streams and allow you to do everything that TDS allows you to do with them after a full scan).
And, of course, I have no idea whether that's feasible or not. :) Pete
Dan Perez
June 30th, 2003, 07:32 PM
I don't remember seeing the option to delete the streams after a full scan but no doubt you are right.
A possibility would be to modify the existing script example
ntfs streams.ss3
As is, it will search for streams as well as show their contents. Unfortunately, I am completely worthless with vbs/ss3 :-[
I would be very hesitant to delete streams in a wholesale manner, though, as many apps rely on them for proper operation
Sorry I could'nt help you more, hopefully one of the gurus will have better input ;D
vBulletin® Copyright ©2000-2012, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2012, Wilders Security Forums